How to setup secure e-mail server? [Archive] - Glock Talk


View Full Version : How to setup secure e-mail server?

07-27-2005, 11:49
Our pharmacy is being told that our e-mail needs to be sent through an encrypted system to keep in compliance with the new HIPAA Security Rule.

Right now, the only e-mail address I use at work is my gmail account.

So, how can I go about doing this? If I have a workstation that isn't being used to its fullest, could I use that for this purpose? Would I have to register my own domain name as well?

I really know nothing about this so I need some help.

07-27-2005, 12:57
gmail will not be sufficient for sensitive patient comunications.

here's an interesting link:

I recommend you contact a pharmacy association or medical association, to see what they recommend.

in general, the "problem" with using encrypted email, is that both sender and recipient need to use the same security software.

07-28-2005, 04:48
Questions that will help a lot:

Who needs to send encrypted email? Everyone encrypted to you? You encrypted to everyone? Only you to you (inside to inside)?

Do you plan on having outside pharmacies send you stuff?

Simple solution if you need all email from everyone to come in encrypted:

Go download PGP
Set up a public/private key pair with the max bit available.
Post your public key on your website and/or add it to the signature of your email you send from the pharmacy's address.
Require all email that comes in be encrypted with your public key. Refuse all email that comes in plain text (unencrypted) with a notice about the use of your public key.

This is a bit of a pain in the neck because those who have no idea what encryption is may or may not be able or want to figure it out.

Still, please explain what you are actually looking to do. Do you receive email from anyone and then have to encrypt it to get it into your system inside your network?

The best way to explain is to describe the way it's supposed to run, like, "The person sitting at home must encrypt it and send it in to us" or "The person at home sends us an email. We take that, encrypt it and put it into our system" or "only other pharmacies must encrypt email sent to us, people at home can send plain text."


07-28-2005, 18:57
if you need it web based, hushmail might be an option for you. gmail is not secure.

07-28-2005, 19:08
they probably mean to set up TLS so your mail server can communicate with other mail systems that also use TLS

search for SSL/TLS

07-30-2005, 17:31
but that's just secure login, as i understand it. if he's transmitting patient information, i'd fully expect any text sent to be encrypted. if not, if i were a customer there, i'd promptly go somewhere else.

07-31-2005, 00:08
You need something along the lines of this:

Here is another flavor:

I am a network administrator for a bank, our guidelines require secure mail also, these are just 2 of the many solutions that I looked at but am unable to say which one we chose as I could lose my job for doing so.

07-31-2005, 09:47
Originally posted by ronin_asano
but that's just secure login,

No, TLS can be used for MTA to MTA transport. You give me your email server's public key, any mail I have for you gets sent after it is encrypted with that public key. Set up keys for both sides and you have basic secure email.


07-31-2005, 13:06
cool. didn't know that.