|
From: Eugene R. <rob...@ro...> - 2024-03-11 23:40:57
|
Gyula, very nice points. We resorted to PGP encryption, which is very-well integrated in Canary email client for mobili devices, and on Desktop Thunderbird client. This allows you to ensure 100% end-to-end encryption. It can even work in Gmail web interface (a plugin required). Having said that, this way of emailing requires some configuration and I only set it to those who are really concerned about security and are willing to accept limitations. Today, with wide use of cloud-based email services, like Google, use of encrypted email breaks convenience - encrypted emails cannot be read by Google, so it cannot index them, and you cannot search the content. Some find it a massive roadblock to encryption adoption, choosing either accept the risks or avoid email for sensitive data altogether. Sorry, my 2 cents... Eugene On 3/11/2024 7:13 PM, Gyula Voros wrote: > Adrian, correct me if I'm wrong, but that's basically only for > internal e-mails (i.e. between other people on your server). The > minute you send e-mail to another domain it crosses the internet > without encryption, therefore you cannot safely include PHI in the > e-mail (except maybe as an encrypted attachment with the key/password > shared via other channels). > > I know gmail has an encryption option where you need to for example > text a code to a second device to decrypt the e-mail, but not sure how > widely implemented such protocols are nor how robust the security. > > I use our hospital-based e-mail to send secure e-mail messages to > specialists. SigMail is also an option with some uptake. Unfortunately > nobody uses PGP which has been around for decades (admittedly, none of > the major providers implemented it seamlessly so it's hard for the > end-user). The problem with all of these is that they are siloed - you > can only safely message people within the silo (and you don't always > get a warning when sending mail outside). > > E-mail was just not designed as a secure technology from the beginning > and I'm not aware of any widely adopted grafted-on hack that would > allow what is required by PHIPA (i.e. sending a message that can ONLY > be read by the intended recipient(s) and nobody else). > > The fact that fax (especially as usually implemented over the > Internet) - which we all use dozens if not hundreds of times daily - > has all the same problems is beyond the scope of my rant, lol. > > > -- > Gyula Voros, MD, CCFP, FCFP (he/him) > Assistant Clinical Professor, Department of Family Medicine, McMaster > University > > > On Mon, 11 Mar 2024 at 18:56, Adrian Starzynski <ad...@ad...> wrote: > > PIPEDA/PHIPA etc. compliant email = email server in the office. > I install them. For example, Synology NAS comes with 5 included > MailPlus licenses (perpetual) but you can buy more for one-time > cost (about $50-60 each, sold in packages of 5 I believe). It has > 90% of the Office365 features, no monthly costs for email, and you > get data control. You can also transfer the licenses from one > Synology to another in case you upgrade/switch. > > -- > Adrian Starzynski > ------------------------------------------------------------------------ > *From:* Ahmed Omar via OSCARmcmaster-advanced-users > <osc...@li...> > *Sent:* March 11, 2024 5:53 PM > *To:* osc...@li... > <osc...@li...> > *Cc:* Ahmed Omar <ah...@ya...> > *Subject:* [OSCAR-advanced-users] Secure HIPPA/PHIPA Compliant > email suggestions > Hello Everyone, > > I trust this email finds you well. I'm reaching out with a query > that might not directly relate to OSCAR but is crucial nonetheless. > > Could anyone recommend a standard email service that complies with > HIPAA/PHIPA regulations, particularly one recognized in Canada > and/or Ontario? I'm not referring to patient messaging but rather > regular email, akin to the now-defunct Ontario One-Mail service. > > While researching, I came across ProtonMail, which appears > promising and HIPAA compliant. However, I'm unsure about its > applicability in Canada given that it's a non-Canadian service. > > Your insights and recommendations would be greatly appreciated. > > Thank you kindly for your assistance. > > Warm regards, > > Ahmed Omar > > _______________________________________________ > OSCARmcmaster-advanced-users mailing list > OSC...@li... > https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-advanced-users > > > > _______________________________________________ > OSCARmcmaster-advanced-users mailing list > OSC...@li... > https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-advanced-users |
