If your computer touches protected health information at all, you want to make sure it is using antimalware software and a firewall.

Also, at this point, let’s recognize that smartphones and tablets (e.g. iPads and Android tablets) are computers. So when we say “computer,” we mean everything that is computer-like.


Antimalware is software that tries to protect your device from malicious software, such as viruses. You may wonder why we say “antimalware” instead of “antivirus.”

The term “antimalware” includes antivirus, but also refers to more proactive means of protection. Antivirus software scans for viruses that have already infected your device, and then tries to remove them if it finds any. This is useful, of course, and you should have it on your devices that touch protected health information. However, we usually want something that can also prevent viruses and their ilk from hitting the device in the first place.

Antimalware may take such actions as warning you when it looks like a website may be trying to send you a virus. Some antimalware software packages include a blacklist of websites that are known to send viruses to their visitors.

Computer operating systems contain some antimalware features, as well. For example, Macintosh computers will warn you when you try to run a program that was downloaded from a site on the Web. Only bypass this warning when you know exactly what you downloaded and know it is safe to run it. When configuring a device, do not turn off security features like that one, even if they are somewhat annoying.

Your behavior is also vitally important. Antimalware software can only protect you so much. If you download and run a virus program, it will infect your computer no matter how much antimalware you have installed. As such, security professionals advise the following behavioral policies:

  • Devices that touch PHI should not be used to visit “shady” websites that increase risk of virus infection, such as illegal file sharing websites and many pornographic websites.
    • Some therapists who work with sexual issues may need to visit pornographic websites that are not previously vetted as safe to visit. In that case, we strongly recommend visiting those sites using an alternate device that doesn’t otherwise handle PHI. This alternate device need not be advanced or expensive. Many such therapists use old computers that would otherwise have been donated or thrown away.
  • Do not click on links in suspicious emails, and simply don’t open such emails if you recognize them as suspicious. “Phishing” email scams are a very common way to distribute viruses. The same rule applies to any other messaging service you may use — e.g. unsolicited text messages.
  • Do not install any software or open any files that don’t come from a trusted source.

There are many security software packages out there that provide antimalware protection. There is no one specific package we can recommend. The default antivirus software that comes with Windows is also a good option to use in addition to other measures.

A note about Macintoshes: Apple representatives have made claims that Mac computers don’t need antivirus or that Macs are somehow immune to viruses. This is simply false. The operating system has some built-in antivirus, but it is not updated frequently. Apple is telling the truth, however, when they say that most antimalware packages will slow down a Mac quite badly. So stick to security software makers that specialize in software for Mac. Good options incude ESET or Sophos.

A note about iPhones and iPads (“iOS devices”): iOS has a unique scheme for running software and handling data. This scheme enhances security out of the box quite a bit. It does not, however, allow you to enhance the security further by installing your own antimalware software. At the time of writing, any iOS apps claiming to provide antivirus protection for iPhones or iPads are misleading you. They cannot provide any significant protection. For iOS, we are left to trust in the built-in malware protection, which is generally sufficient for our needs.


Firewalls are the guards at the gate for your device’s Internet connection. If you’ve ever had a pop-up window ask something like, “SomeProgram is trying to connect to the Internet. Allow?”, then you’ve interacted with your firewall software.

Firewalls look for suspicious activity around your device’s Internet doorway and try to stop it.

This is not just essential for keeping out hackers and worms (a type of virus.) Firewalls can also prevent viruses that have managed to infect your device from being able to connect to the Internet and send information back to their “hacker base.”

Windows and Mac computers come with firewall software. Simply turning it on will suffice to provide a lot of good protection. Many Android devices do, as well. If your Android device does not have a built-in firewall option, you can install one of many good Android security apps in order to get a firewall option.

A note about iPhones and iPads (“iOS devices”): For the same reasons mentioned above under “Antimalware,” you cannot install or activate additional firewall protection for iOS devices. The built-in security is generally sufficient for firewall protection, however.


Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss