|
From: Gyula V. <ma...@dr...> - 2024-03-11 23:14:24
|
Adrian, correct me if I'm wrong, but that's basically only for internal e-mails (i.e. between other people on your server). The minute you send e-mail to another domain it crosses the internet without encryption, therefore you cannot safely include PHI in the e-mail (except maybe as an encrypted attachment with the key/password shared via other channels). I know gmail has an encryption option where you need to for example text a code to a second device to decrypt the e-mail, but not sure how widely implemented such protocols are nor how robust the security. I use our hospital-based e-mail to send secure e-mail messages to specialists. SigMail is also an option with some uptake. Unfortunately nobody uses PGP which has been around for decades (admittedly, none of the major providers implemented it seamlessly so it's hard for the end-user). The problem with all of these is that they are siloed - you can only safely message people within the silo (and you don't always get a warning when sending mail outside). E-mail was just not designed as a secure technology from the beginning and I'm not aware of any widely adopted grafted-on hack that would allow what is required by PHIPA (i.e. sending a message that can ONLY be read by the intended recipient(s) and nobody else). The fact that fax (especially as usually implemented over the Internet) - which we all use dozens if not hundreds of times daily - has all the same problems is beyond the scope of my rant, lol. -- Gyula Voros, MD, CCFP, FCFP (he/him) Assistant Clinical Professor, Department of Family Medicine, McMaster University On Mon, 11 Mar 2024 at 18:56, Adrian Starzynski <ad...@ad...> wrote: > PIPEDA/PHIPA etc. compliant email = email server in the office. > I install them. For example, Synology NAS comes with 5 included MailPlus > licenses (perpetual) but you can buy more for one-time cost (about $50-60 > each, sold in packages of 5 I believe). It has 90% of the Office365 > features, no monthly costs for email, and you get data control. You can > also transfer the licenses from one Synology to another in case you > upgrade/switch. > > -- > Adrian Starzynski > ------------------------------ > *From:* Ahmed Omar via OSCARmcmaster-advanced-users < > osc...@li...> > *Sent:* March 11, 2024 5:53 PM > *To:* osc...@li... < > osc...@li...> > *Cc:* Ahmed Omar <ah...@ya...> > *Subject:* [OSCAR-advanced-users] Secure HIPPA/PHIPA Compliant email > suggestions > > Hello Everyone, > > I trust this email finds you well. I'm reaching out with a query that > might not directly relate to OSCAR but is crucial nonetheless. > > Could anyone recommend a standard email service that complies with HIPAA/ > PHIPA regulations, particularly one recognized in Canada and/or Ontario? > I'm not referring to patient messaging but rather regular email, akin to > the now-defunct Ontario One-Mail service. > > While researching, I came across ProtonMail, which appears promising and > HIPAA compliant. However, I'm unsure about its applicability in Canada > given that it's a non-Canadian service. > > Your insights and recommendations would be greatly appreciated. > > Thank you kindly for your assistance. > > Warm regards, > > Ahmed Omar > > _______________________________________________ > OSCARmcmaster-advanced-users mailing list > OSC...@li... > https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-advanced-users > |
