Encrypted Communications: Why Signal and ProtonMail, and Not Ordinary Email
Patients sometimes treat our preference for encrypted communication as theatre. It is not. It is the difference between a message that is read only by its intended recipient and one that may be read by intermediaries with no business doing so.
What ordinary email is, and is not
Ordinary email is encrypted in transit between major providers. It is also stored, indefinitely, on multiple servers that the sender and recipient do not control. Subpoena, breach, internal access, and government request can all expose its contents.
For most correspondence this is acceptable. For medical correspondence relating to identified patients, it is not.
What Signal does differently
Signal encrypts messages end-to-end. The contents of the message are unreadable to anyone except the sender and the recipient — including Signal itself. Messages can be configured to delete after a chosen interval. Phone numbers are required to register but are not visible to other users beyond your contact list.
It is free, open-source, and operationally simple. The first message you send us through Signal is no more difficult than the first message you send a friend.
What ProtonMail does differently
ProtonMail provides end-to-end encrypted email between ProtonMail accounts, and password-protected encrypted messages to non-ProtonMail accounts. It is based in Switzerland under Swiss data-protection law and stores no decryption keys.
For document exchange — imaging, pathology, financial documentation — ProtonMail is the channel we use.
What we do not do
We do not send identifying medical information by ordinary email. We do not use WhatsApp for anything sensitive — its end-to-end encryption is real but its metadata, ownership, and integration model are not what we want for confidential medical correspondence.
We do not use chat widgets, in-page messengers, or third-party CRM channels. None of them meet the standard.
Journal
No. You can reach us first through our confidential form, which routes to encrypted storage. Once we are in conversation, we typically move to Signal for live chat and ProtonMail for documents — both are quick to install if you do not already have them.
A court can compel any party to a conversation to produce its contents from their own device. End-to-end encryption protects against interception in transit and against passive harvesting; it does not make conversations beyond legal process. We do not pretend otherwise.