As a mental health professional, it is very important to keep and secure client notes. You never want to be in a situation where you have lost your client notes, or worse, someone else has obtained your client notes, shattering client confidentially. The question is, how do you secure your client notes without spending a ton of money and without hiring someone to do so, further inviting a security risk? The simple answer is TrueCrypt.
There are two methods most professionals use to secure client notes. One, is to use an online software package that stores your client notes. If this is the case, there is nothing for you to do, as your notes are housed on the server. It is the job of the software, and the IT staff to make sure your notes are secure. This is both good and bad, as it takes the concern out of your hands, but may expose your notes to IT staff who have no business reading them.
The second method, is to store the notes yourself. Some professionals like to print out the notes and store them in a safe place, such as a file cabinet. Of course, the down side is if the file cabinet is lost or stolen your notes are gone. You also cannot easily make copies unless you use a copy machine or a scanner. This method is obsolete, as with computers, storing notes is easier and less time consuming. Storing client notes as a digital copy makes more sense today.
Passwords and Encryption
But how do you store your notes so no one but you has access? Placing your notes within your computer is a good method, however anyone using the computer can stumble on your notes. Worse, a hacker can access your notes through the internet, or even through your business network. Placing them in a hidden folder is not enough, a skilled hacker will find it. You might ask, what would a hacker do with the information? Maybe blackmail you, or your clients, for starters. What you need is a directory that is both password protected and encrypted.
What is encryption? Encryption is a code system that takes your notes, and changes them into a secret format unlockable by a password. If someone tries to access the notes without a password, the contents of the notes will be jumbled up, and will make no sense.
The best method to both password protect and encrypt is to use TrueCrypt. Truecrypt creates a special drive on your computer that houses your notes. This drive is only accessible if you supply the correct password. What is also nice, is you can store this program on a portable flash drive, allowing you to take your notes with you and not worrying about others seeing the notes if you loose the drive. Truecrypt is available for Windows, Mac and Linux.
Setup Truecrypt
First, go to TrueCrypt’s Website and download the version for your operating system. For this tutorial, I will assume you are using Microsoft Windows. Run the installer. Check the license terms checkbox and click accept. Make sure Install is selected and click the Next Button. Keep the default values for the installation path, and the checkboxes and press the Install Button. Give it a minute or two and Truecrypt will be installed. It will ask you if you want to read the tutorial to learn how to use TrueCrypt. I suggest you do so, to get a better idea of how it works. Click the finish button and the program will be installed.
Create a Secure Volume
Now, it is time to create the volume that will house all your notes. This is like a harddrive that will only exist if you supply the correct password. Open TrueCrypt and click the create volume button. Make sure Create an encrypted file container is selected and click the next button. Make sure Standard TrueCrypt volume is selected and click next. It will now ask you where you want to store this volume. Click the Select File button and chose someplace on your hard drive that you will remember, like your documents folder. Name the file something relevant, like Client Notes. Make sure never save history is checked and click the next button. Leave everything on default settings and click Next. Now you can choose how large you want to make this volume. 500 MB is good unless you have thousands of notes. If so, use 2 GB, or as large as you wish. Now it will ask for the password you wish to use. Make sure this is a complex, impossible to guess password. I suggest you make one up like this: j90nZj#j8q7Xj8(j. Yes, you will need to memorize it, but the harder it is to remember, the harder it will be for anyone to crack. One you have selected a password, click the next button. Now, it will enter the final screen where it will format the volume. Do NOT click format yet! This may sound odd, but move your mouse around the screen at random for 1-2 minutes. This is how your encryption scheme will be created. The more random the better, the longer the better. Once you feel you are secure, press the Format button. Your volume will now be created. Press the Exit button to end.
Mounting the Volume
Now that your volume has been created, you need to be able to access it. You will mount it, so you can add files to it. To do so, go back into TrueCrypt. Select an empty drive you wish to mount to, then press the Select File Button. Navigate to the directory you saved the volume and double click it. Now press the Mount Button. It will ask for the password, put in the one you made above. Do NOT cache passwords and keyfiles in memory, and do NOT use keyfiles! If it is saved in memory, someone can find it and have access to your notes. Force yourself to input the password each time you wish to edit your notes. Press the Ok button. Now, the drive will be mounted, with the letter of the drive you choose earlier. In TrueCrypt, right click on the letter and choose Open. Your Directory will open, allowing you free access. Now you can add, edit, or delete notes just as any other directory. Once you are done, click the Dismount button in TrueCrypt.
Final Thoughts
While this method may seen annoying at first, after you do it for awhile it will become normal. This is the easiest method to know that your notes are secure. If an ethics complaint ever comes to you for a hacker stealing your notes, you can show you have done what was reasonable in protecting your notes. If you have any questions, visit TrueCrypt’s Website, you will find more information.
No related posts.
Tags: Client Notes, Security
Thanks for the article! I am adding this as another layer of protection. Its great that its open source.