Estimated reading time at 200 wpm: 5 minutes

The discourse surrounding internet access in secure hospitals is often framed as a simple balance between rehabilitative opportunity and potential risk. The benefits are self-evident and align with the core principles of recovery. They include maintaining family ties, managing personal affairs, and preparing for a digital society. This article, however, argues that this framing is now dangerously obsolete.

The critical issue is no longer whether patients should have access to the internet. Instead, it is the stark reality that we sanction near-unrestricted access using an analogue legal framework, the Mental Health Act 1983, and a regulatory philosophy of ‘least restriction’.

Neither was designed for the borderless, anonymous, and high-risk nature of the modern virtual world. This paper will demonstrate that our current approach is not ‘balanced’ or ‘least restrictive’. It is a profound imbalance that prioritises elementary conveniences over the unquantifiable risks of criminal activity, public harm, and the corruption of the therapeutic process. This represents a clinical blind spot so significant that it constitutes a systemic failure of safeguarding.

The Jurisdictional Black Hole: An Act Out of Time

The Mental Health Act 1983 is a piece of legislation bound by geography. Its powers of detention and the conditions of Section 17 leave relate to tangible actions and physical locations. Yet, it has no conception of, and therefore no power over, virtual spaces. This creates a fundamental jurisdictional black hole. A patient can be fully compliant with their physical detention while simultaneously entering high-risk virtual environments that are antithetical to their treatment.

The secure perimeter, a cornerstone of forensic practice, has been rendered an illusion. Any patient with a personal smartphone and a mobile data plan possesses a pocket-sized, encrypted portal that bypasses every physical security measure of the hospital. Unless specifically blocked, technologies such as Virtual Private Networks (VPNs) can create an invisible tunnel through any hospital-provided WiFi filters, rendering network-level controls completely ineffective. Hospital WiFI filters would be challenged to ‘know’ all VPN providers’ IP addresses and block them. Secure hospitals are therefore attempting to police a 21st-century problem with 20th-century legislation, and it is failing.

Where is the evidence of failure? It is nowhere to be found in an online publication. Forensic psychiatrists across the UK have their own anecdotes of what has gone wrong. No one has gathered their stories and verified them. The author is aware of circumstances at ‘certain forensic units’ where ‘unevaluated’ pornography has been floating around. On a known unit, one patient viewed another in a city many miles away committing suicide on Facebook. The impact was serious.

The Regulatory Paradox: When ‘Least Restrictive’ Becomes Most Dangerous

The CQC’s “least restrictive” principle is a necessary and righteous safeguard against institutional overreach. However, when applied naively to the digital realm, it creates a dangerous paradox for clinicians. A restriction, such as the removal of a smartphone, is a tangible and highly visible action that demands justification to a regulator. The invisible, covert, and potentially catastrophic risk that this restriction prevents is, by its nature, unseen.

This dynamic places clinical teams in an impossible position. They are forced to justify protective actions based on risks they cannot fully prove, while the immense danger of unmonitored online activity goes unacknowledged. The result is a systemic pressure to adopt the apparently least restrictive option: permitting the device. In reality, this is the option that carries the most unmanageable risk. This is not a rights-based approach; it is a dereliction of the duty of care.

The Clinical Consequence: The Collapse of Evidence-Based Risk Assessment

The ultimate casualty of this systemic failure is the very foundation of forensic psychiatry: evidence-based risk assessment. A clinician cannot manage a risk they cannot see. When a patient’s online life is a complete “black box,” any assessment of their progress or risk is built on dangerously incomplete data.

A patient can present as a model of compliance on the ward while secretly immersing themselves in extremist ideology, engaging in hate crimes, harassing victims, or participating in criminal enterprises online. Clinical decisions of immense consequence, such as those regarding leave, security levels, and discharge, are being made in this informational void. The secure hospital is at constant risk of being transformed into an unwilling “safe house” for the incubation and execution of the very behaviours it exists to treat, all while the official clinical record shows a picture of steady progress. The fact that the new Mental Health Bill is completely silent on this issue guarantees this clinical black hole will persist.

Conclusion: A Call for a New Paradigm

Continuing with the current model means waiting for an inevitable, high-profile tragedy. Such an event will likely trigger a political and media backlash, leading to draconian, ill-conceived legislation that harms all patients. The professional community must proactively address this failure.

We must move beyond the simplistic ‘pros and cons’ debate. The urgent task is to develop a new framework: a ‘Digital Care Pathway’. This would treat a patient’s online life with the same clinical seriousness as their medication, psychological therapy, and physical health. This framework would involve individualised digital risk assessments, tiered access based on progress, and therapeutic programmes focused on pro-social digital citizenship. This is not about restricting access; it is about making that access meaningful, safe, and truly rehabilitative. To do anything less is an abrogation of our professional duty to both our patients and the public we serve.