Big Brother may be reading your emails

2 min read
First Published: 
Aug 2007

Billions of emails are sent each day round the world. What most people don’t realise, however, is that email is like a postcard; it can be read by anyone who knows how to access email as it travels from computer to computer across the internet, until it reaches its destination. Thus, the sender must assume that his or her emails are being read by others, just like a postcard.

If you need to send sensitive information, such as a social security number (in the USA, or its equivalent in other countries), sensitive company information, or patient records, you should not include it in the body of the email or as an attachment. There are several alternative solutions:

  • Encryption. It is relatively safe to send a password-protected, encrypted file via email. However, the filename should not give any information about the contents (eg, Clinical_Trial_Results.doc). If the file is intercepted, the thief most likely would not be able to unpack it without the password, provided the password is strong (more about that below), but you have just informed or confirmed for the thief that the information of interest is right there in his hands, which would make him work all the harder to crack the password. Emails themselves can also be encrypted.
  • FTP (File Transfer Protocol) sites. In general, one cannot assume that an FTP site is secure. Even if the FTP site is secure, transfer to the site may not be; an unencrypted transfer can be intercepted. However, most FTP programs allow the user to perform encrypted transfer. Also, even if the FTP site is insecure, one can still transfer a password-protected, encrypted file.
  • Protect your liability. You most likely will have seen language in some emails, along the lines of, ‘This email is intended only for the individual to whom it is addressed. It may contain privileged and confidential information…’, asking readers to disregard the message if they are not the intended recipients, and that the sender is not responsible for any damage caused by sending the email. Check with your institution’s legal department on appropriate language for your emails, which may vary by department.

Use a strong password

Passwords are increasingly susceptible to cracking, but if carefully crafted, they can make it much harder to decode. Microsoft recommends using a password that has eight letters minimum (preferably 14), mixing upper and lower case letters, including at least one number and also, preferably, a symbol. People often use variations on their own name, a pet’s name, or their children’s name(s). However, the password should not contain a word that can be found in the dictionary. Examples of weak and strong passwords are:

  • Weak passwords: Fluffy, MyName
  • Strong passwords: FluFfy!115, Hamp1on#723

Passwords are most often stolen through ‘phishing’ (ie, an email containing links to fake websites that appear to be legitimate websites, for the purposes of harvesting passwords) and ‘social engineering’ (a collection of techniques used to manipulate people into performing actions or divulging confidential information). In fact, a password is more likely to be phished than cracked.

Patient confidentiality

It’s important to maintain confidentiality of patient records, even if those records are pseudonymised or anonymised for health economics research. Both the American Medical Association and the UK General Medical Council have stated that patient records transmitted electronically fall under the ‘doctor-patient confidentiality’ agreement, and so need to be protected.

If all else fails, remember to close/lock your computer screen when you leave your office!

We'll deliver straight to your inbox

We take your privacy very seriously and will never share your details with other parties.
You're subscribed! We'll send you a welcome email shortly, keep an eye out and if you don't find it perhaps check the (sometimes over-zealous) spam folder.
Oops! Something went wrong while submitting the form.
Mary Gabb
Share this post

Discover the Power of Communication with Rx

Embark on your medcomms journey with Rx today and experience the difference of working with a world-class medical communications agency.

Child playing in autumn leaves
Copyright Rx Communications Ltd