How to setup secure e-mail server? [Archive] - Glock Talk

PDA

View Full Version : How to setup secure e-mail server?


ToyotaMan
07-27-2005, 11:49
Our pharmacy is being told that our e-mail needs to be sent through an encrypted system to keep in compliance with the new HIPAA Security Rule.

Right now, the only e-mail address I use at work is my gmail account.

So, how can I go about doing this? If I have a workstation that isn't being used to its fullest, could I use that for this purpose? Would I have to register my own domain name as well?

I really know nothing about this so I need some help.

prism
07-27-2005, 12:57
gmail will not be sufficient for sensitive patient comunications.

here's an interesting link:

http://www.apta.org/AM/Template.cfm?Section=Home&TEMPLATE=/CM/ContentDisplay.cfm&CONTENTID=18307


I recommend you contact a pharmacy association or medical association, to see what they recommend.

in general, the "problem" with using encrypted email, is that both sender and recipient need to use the same security software.

HerrGlock
07-28-2005, 04:48
Questions that will help a lot:

Who needs to send encrypted email? Everyone encrypted to you? You encrypted to everyone? Only you to you (inside to inside)?

Do you plan on having outside pharmacies send you stuff?

Simple solution if you need all email from everyone to come in encrypted:

Go download PGP http://www.pgpi.org/
Set up a public/private key pair with the max bit available.
Post your public key on your website and/or add it to the signature of your email you send from the pharmacy's address.
Require all email that comes in be encrypted with your public key. Refuse all email that comes in plain text (unencrypted) with a notice about the use of your public key.

This is a bit of a pain in the neck because those who have no idea what encryption is may or may not be able or want to figure it out.

Still, please explain what you are actually looking to do. Do you receive email from anyone and then have to encrypt it to get it into your system inside your network?

The best way to explain is to describe the way it's supposed to run, like, "The person sitting at home must encrypt it and send it in to us" or "The person at home sends us an email. We take that, encrypt it and put it into our system" or "only other pharmacies must encrypt email sent to us, people at home can send plain text."

DanH

ronin_asano
07-28-2005, 18:57
if you need it web based, hushmail might be an option for you. gmail is not secure.

grantglock
07-28-2005, 19:08
they probably mean to set up TLS so your mail server can communicate with other mail systems that also use TLS

search for SSL/TLS

ronin_asano
07-30-2005, 17:31
but that's just secure login, as i understand it. if he's transmitting patient information, i'd fully expect any text sent to be encrypted. if not, if i were a customer there, i'd promptly go somewhere else.

tduffy
07-31-2005, 00:08
You need something along the lines of this:

http://www.zixcorp.com/esecure/zixmail.php

Here is another flavor:

http://www.perimeterusa.com/index.php?option=com_content&task=view&id=33&Itemid=36


I am a network administrator for a bank, our guidelines require secure mail also, these are just 2 of the many solutions that I looked at but am unable to say which one we chose as I could lose my job for doing so.

HerrGlock
07-31-2005, 09:47
Originally posted by ronin_asano
but that's just secure login,

No, TLS can be used for MTA to MTA transport. You give me your email server's public key, any mail I have for you gets sent after it is encrypted with that public key. Set up keys for both sides and you have basic secure email.

DanH

ronin_asano
07-31-2005, 13:06
cool. didn't know that.