Huge numbers of clinicians have disclaimers at the end of email messages that say something like this:
“The information contained in this email is CONFIDENTIAL. If you have received this message in error or without the express direction of the original author, please notify the sender and delete this email immediately.”
But what does that mean? Should you have one of these disclaimers? And if you do, does it have any effect?
This raises the following questions:
1. Should confidential information be sent via email?
2. Are these disclaimers enforceable?
3. If they aren’t enforceable, why append them to emails?
With regard to the question of whether confidential information should be sent via regular email, the answer is “probably not.” The answer includes the word “probably” because some clinicians may have secure email.
In California, mental health clinicians owe a duty of confidentiality to their patients. This means, among other things, that clinicians must safeguard the privacy of patient data and not expose those data to unauthorized persons. The use of email to transport patient data is problematic because it is insecure, and the use of insecure methods when it comes to confidential information is likely in violation of that duty of confidentiality.
According to Roger Keesee of Kinetix Technology Services, a technology support provider for medium-sized businesses, regular email travels across the Internet as easily readable text. Anyone, anywhere along the path between sender and receiver can read the email without anyone knowing. Because of this, regular email is definitely not secure. Some people have secure (called “encrypted”) email, and when this is the case it is obvious that the email is secure. Both the sender and receiver need to have their computers configured to send and receive encrypted email. Indeed, it can be somewhat complicated to set up; many email users who are not familiar with security measures choose to have an expert set up their email. The general rule is that unless you are sure your email is secure, it probably isn’t. Individuals who use the more common email providers such as Hotmail, Yahoo!, AOL, GMail, etc., without significant custom modifications are not using a secure email. Thus, email shouldn’t be used to transmit confidential information because it could violate a clinician’s duty of confidentiality.
Considering all of this, the answer to the question of whether confidential information should be sent via email is “no,” unless you are sure you have secure email.
So if most email isn’t secure, and confidential information shouldn’t be sent via email, why bother including a warning that confidential information sent to the wrong address should be destroyed? Isn’t it pointless? Well, sort of. But there are some good reasons why people choose to do so:
One possibility is that people are actually sending confidential information via unsecured email. Bad idea (see above).
Another possibility is that they don’t intend to send confidential information via email, but in the event that they make a mistake and do transmit confidential information they want to make sure that they have some sort of instruction in case the message strays. Again, it’s just not a good idea to send confidential information via email at any time.
Other clinicians do not send confidential patient data, but sometimes engage in confidential communications with parties to whom they do not owe a psychotherapist-patient duty of confidentiality. An example of this is a forensic clinician who is acting as a consultant and communicates with the hiring party. In this case the relationship between the clinician and client is not a treatment relationship per se, and the information (e.g., litigation strategy) may not be subject to the same levels of security that patient data might require, but the information nevertheless remains confidential and the clinician desires to forewarn any unintended recipient.
This inevitably raises the question of what happens when an email goes awry. Does an unintended recipient have to do what the addendum says? In a word, “no.” However, that doesn’t make the text worthless. Such an addendum effectively puts the unintended recipient on notice that such information is sensitive and that others may be harmed by the publication thereof. He or she cannot do whatever they would like with the information (e.g, redistribute it, etc.) and still claim ignorance of the possibly harmful effect of such an action.
Note that this isn’t a recommendation or endorsement of the practice of appending a “don’t-forward-this-mistakenly-sent-confidential-information” statement to the end of every email. If you put such an addendum at the end of every email it makes it look like you don’t really mean it. For example, if you are a member of a listserv and all of your posts to the list include a standard addendum, it makes your claim that the unintended recipient should have known it was a critical confidential communication much less credible.
Here’s an example of the addendum I sometimes use for my listserv posts:
“CONFIDENTIALITY NOTICE: This email and the contents thereof are not confidential because the message was sent to a whole listserv. If you received this message in error, you don’t have to destroy it or return the original to the sender. I mean, you can if you want, but really it’s not necessary to go to so much trouble. This is especially true since this email is just silly pitter-patter and not a clinical or top secret legal communication between you and me. If you want to see confidential stuff, you’ll have to break into my file cabinet after hours or rifle through my trash can. But if you do that watch out, because sometimes I throw away broken pop bottles and you could cut yourself and get a nasty infection from the week-old coffee grounds and moldy leftovers I throw in the trash too.”
Hopefully this post provides some clarification, and also a fair warning to not dig around in my trash. Feel free to post your comments or questions.
IMPORTANT: This website is for basic information only. Nothing in this website should be construed to be formal legal advice, nor does it create an attorney-client relationship. Please see the “Important Information” page at the top of the screen.