Friday, November 16, 2007

Our Secure email strategy

Here's the third in my series on providing secure, spam free, virus free email to 25,000 users.

Regular email that travels over the internet is completely insecure. It's about the same as sending a postcard, since any server administrator or network expert could intercept and read mail as it goes from sender to receiver.

For healthcare email, especially messages containing protected health information (PHI), secure email between organizations is a best practice consistent with the spirit of HIPAA. Over the past 5 years, many organizations in the Massachusetts healthcare community have implemented secure email for all traffic between organizations.

We started the process the in 2002 by working with leading vendors of messaging systems to harmonize the standards used to send email. We used the Internet Engineering Task Force's (IETF) Request for Comment (RFC) process to complete the specifications for S/MIME Gateways. Since that time, another approach called Open Pretty Good Privacy (OpenPGP) has also become popular in the messaging market. A comparison of these two standards is here

Today, Beth Israel Deaconess Medical Center, Children's Hospital, Tufts Health Plan, Harvard Pilgrim Health Plan, and the Division of Medical Assistance (Medicaid) are using gateways that support S/MIME and OpenPGP. Here's how it works. Someone at BIDMC sends an email from a web browser or their email program and it passes into our Microsoft Exchange email server. Between Exchange and the internet, we've inserted the Tumbleweed Secure Messenger. It has a list of all our business partners with secure email systems. If an email is sent to one of these partners, the email is encrypted and sent to the receipient's secure email gateway. Other emails are sent insecurely via the regular internet methods. We are also piloting content filtering systems that identify insecure emails containing credit card data or patient identifiers so we can quarantine those before they are sent over the public internet.

The best feature about this secure email approach is that users do not even know we have it in place. Security is organization to organization, not person to person, so no special email clients or digital certificates are needed. It's seamless, effective and low cost.

As you can tell from my last three posts, supporting spam-free, virus free email is a major undertaking.

3 comments:

tdbaker1 said...

Sounds like a good stratagy for dealing with other large healthcare organizations, but what about working with smaller physician offices?

Contact with them generates a huge amount of fax traffic. This type of traffic tends to require a lot of paper, equipment and people power.

Have used any type of portal type system. Seems like I saw a product that sent an email to the recipient and then linked them into a secure portal for obtaining the actual email and attachements.

平平 said...

^^Thanks!!

婚前徵信婚姻感情大陸抓姦外遇抓姦法律諮詢家暴婚前徵信尋人感情挽回大陸抓姦離婚工商徵信婚前徵信外遇抓姦感情挽回尋人大陸抓姦離婚家暴工商徵信法律諮詢跟蹤工商徵信婚前徵信感情挽回外遇抓姦法律諮詢家暴尋人大陸抓姦離婚大陸抓姦外遇尋人家暴工商徵信法律諮詢家暴感情挽回大陸抓姦外遇婚前徵信離婚尋人工商徵信外遇抓姦法律諮詢家暴婚前徵信大陸抓姦尋人感情挽回外遇抓姦婚前徵信感情挽回尋人大陸抓姦工商徵信法律諮詢離婚家暴工商徵信外遇抓姦法律諮詢家暴婚前徵信尋人感情挽回大陸抓姦離婚婚前徵信工商徵信外遇抓姦尋人離婚家暴大陸抓姦感情挽回法律諮詢離婚感情挽回婚前徵信外遇抓姦家暴尋人工商徵信外遇抓姦法律諮詢家暴婚前徵信尋人感情挽回">徵大陸抓姦離婚婚前徵信工商徵信外遇抓姦尋人離婚家暴大陸抓姦感情挽回法律諮詢

Affordable Luxurious Wedding Dress Blog said...

cheap wedding gowns,
discount bridal gowns,
China wedding dresses,
discount designer wedding dresses,
China wedding online store,
plus size wedding dresses,
cheap informal wedding dresses,
junior bridesmaid dresses,
cheap bridesmaid dresses,
maternity bridesmaid dresses,
discount flower girl gowns,
cheap prom dresses,
party dresses,
evening dresses,
mother of the bride dresses,
special occasion dresses,
cheap quinceanera dresses,
hot red wedding dresses