Are emails sent from WriteUpp encrypted/secure?

How can you send email from within WriteUpp?

By default, we provide an integrated, "ready-to-go" mechanism to send emails from within WriteUpp. Messages sent from within WriteUpp via this method are encrypted in flight using TLS.

In addition, we also provide optional integration with Gmail (via OAuth authentication) which requires a small amount of setup and is ideal for practices that have an existing Gmail account and went outbound emails to go from this account. You can read more about this here. Gmail also secures encrypts its messages in flight using TLS.

What is TLS?

TLS is a cryptographic protocol that provides end-to-end security of data sent between applications over the internet. It is mostly familiar to us through its use in secure web browsing, and in particular the padlock icon that appears in browsers when a secure session is established. However, it can and should also be used in applications where email is integrated.

For the avoidance of doubt, messages sent via the integrated email service in WriteUpp are encrypted using TLS.

Essentially what this means is that emails sent from WriteUpp cannot be intercepted when they are transmitted. Without TLS, communications between you and your clients could potentially be compromised by an individual with malicious intent and the technical ability to intercept your WIFI or internet transmissions.

How does TLS work?

TLS uses a combination of symmetric and asymmetric cryptography, as this provides a good compromise between performance and security when transmitting data securely. Data is encrypted and decrypted with a secret key known to both sender and recipient; typically 256 bits in length. This means that the data can only be interpreted using a specific key that resides on our server. You will know this is working because the address in your browser will begin with “https”.

Please note: TLS ensures the secure delivery of data over the internet, avoiding possible eavesdropping and/or alteration of the content. When data is "at rest" in WriteUpp it is also encrypted but this uses a different technology within our database servers.

Do WriteUpp offer any other secure messaging options?

Yes, we do! For an added layer of security, you can send emails via the Direct Message route. This uses an email containing a link to a message and a SMS containing an access code to 'unlock' that message. You should consider using these for particularly sensitive information that you are sending.

There are a few things you will need to have in place in order to send a direct message:

An email address for the recipient
A mobile number for the recipient
SMS credits - How do I purchase SMS Credits?

Just look for the DM icon alongside the print, email and delete icons once you have created a new document or opened an existing one that you’d like to send:

How can I mitigate data protection/privacy risks when communicating with my patients/clients?

Think about limiting the amount of personal information you include in your documents and emails. Is it really necessary to include the postal address, DOB, or even the name of your patient?

You will notice now that all communications from the NHS adopt this approach. They ONLY include the personal information in letters/messages that is absolutely necessary. It may appear more friendly to include personal information but doing so unnecessarily increases your data protection risk.

In WriteUpp, all patients are given a unique alpha-numeric identifier called a WUID. In Notes/Documents/Messages you can refer to a client using their WUID instead of their Name so that these documents don't contain any PII (Patient Identifiable Information). To do this just insert the WUID variable into the document or template - Read How.

In Email/SMS confirmation/reminders you can include the patient's WUID as a reference instead of referring to the patient by name. For example, you might adjust your confirmations so that they read like this: "Your appointment is confirmed for 09:30 on 12/03/2018. If you are unable to attend for whatever reason please contact us on 012345667 and quote WU987913" - where WU987913 is this particular patient's WUID. To do this just insert the WUID variable into the confirmation/reminder template - Read How.

You can find a client's WUID on the Client tab of their Client Summary, see below:



It might also be worth bearing in mind what might happen to any PII if an email or document were printed off and left lying around. By limiting the patient identifiable information you include in your documents, you are helping to keep your patient's data safe.

WriteUpp are ISO27001 certified. ISO27001 is a globally recognised information governance and security standard. WriteUpp's systems and processes comply with this standard and are audited annually to ensure continued compliance.

Updated on: 07/11/2022