Protecting online mental health information

Leon Tan, PhD, is a BACP (UK) registered psychotherapist and cultural theorist based in Sweden. He was previously a tenured lecturer in psychotherapy and lecturer in media-art history in Auckland New Zealand before relocating to Gothenburg in 2009. He is an expert in online mental health services and digital cultures, having established or consulted in the development of online therapy services for a number of universities and private providers in Australia and New Zealand. You can find him on twitter here. His blog is here.

Protecting online mental health information By Leon Tan

The Wall Street Journal recently conducted an interview with Google CEO Eric Schmidt on the future of the ‘digital age,’ in which Schmidt remarks quite correctly, ‘I don’t believe society understands what happens when everything is available, knowable and recorded by everyone all the time.’ In imagining a thoroughly networked future in which considerable ‘data bodies’ with all sorts of personal and social information shadow users continually, Schmidt suggests that all young people should eventually be given the right to change their names on attaining adulthood in order to clean the historical slate to begin afresh in the reputational stakes of networked life.

Such a suggestion is in fact quite sensible, given that youth and adolescence are times of social experimentation and limit testing, and therefore likely to give rise to all manner of indiscretions. Why shouldn’t young people be given the chance to start their adult lives afresh, without all the ‘baggage’ of past mistakes or embarrassments available to those around them at the click of a mouse?

Schmidt’s remarks however, also raise numerous considerations for adults and their identity management practices online. After all, indiscretions are by no means confined to the period of youth, as the all too frequent exposés of the misdemeanours of politicians attest to. The networking of personal information is especially concerning in the case of health and in particular, mental health records, given the likelihood of highly sensitive information residing within such records.

Imagine for instance, the transactions between an online therapist and client or the psychiatric diagnoses of individuals inadvertently making their way into the public domain. Despite safeguards implemented by health practitioners, such as the use of passwords and encryption, the risk of privacy breaches is nevertheless real. For clients of the UK’s National Health Service (NHS), the risk of privacy breaches is in fact, spectacularly high. As an indication of the security of health data, nine NHS trusts lost patient records in 2007, and according to the Information Commissioner, the NHS is responsible for ‘the highest number of serious data breaches of any UK organisation since the end of 2007’.

In such a situation, should we not be considering the development and implementation of secure systems that anonymise patient data at all access points? Furthermore, in the case of online therapy, should we not in fact encourage practices of anonymity or pseudonymity for those who take their privacy seriously? After all, if anything can safeguard our actual identities in the networked sphere, it is surely anonymity or pseudonymity. Is it not better to be safe than sorry?

Yet, numerous mental health professionals advocate instead the verification of patient/client identities in online counselling or psychotherapy contracts. Indeed the newly founded Online Therapy Institute has developed a (supposedly transnational) ethical framework stipulating that ‘Practitioners incorporate a mechanism for verifying identity of clients by asking for a formal identification number such as Driver’s Licence or other satisfactory method.  The client must not be anonymous, offering at a minimum: first and last name, home address, and phone number for emergency contact.’

The only exceptions made are for ‘crisis hotlines and triage settings’ even though it is unclear to me why anonymity may not be afforded to ‘regular’ online therapy clients. What is troubling with such ‘ethical’ suggestions is that they imply precisely an understanding of ‘what happens when everything is available, knowable and recorded by everyone all the time,’ an understanding that is more naive than anything else given what we already know about the security of health data.

Anonymity or pseudonymity goes one step further than Schmidt’s suggestion of people being able to change their names to sever links to compromising networked information. Anonymity or pseudonymity means that even if compromising information exists in the network, it is unlikely to be attributable to specific identities and persons. Anonymity remains the safest way to protect your online mental health information. And there is really no reason why online therapy should require that you use a ‘real’ name as any name serves as well for the purposes of conversation.

Comments are closed.

Blog at

Up ↑

%d bloggers like this: