|
From: Braedon H. <bra...@gm...> - 2024-03-12 00:18:34
|
At least for patients, we use Cortico and they can email us back if any questions, notifying them it's unencrypted. On Mon, Mar 11, 2024, 7:59 PM Gyula Voros <ma...@dr...> wrote: > The biggest limitation is usually that both the sender and recipient must > be using the same system! (e.g. PGP, etc). Unless you're emailing a > journalist used to receiving whistleblower information - your recipient > probably isn't using any significant encryption. > > The practical solution to this is rather straightforward for > patient messaging - host it on your server (on-site or more commonly rented > from a third party like Ocean etc) and send patients a plain e-mail telling > them they have a message, with instructions to log in to the server > (authenticating with something NOT in the e-mail and in theory secure to > the patient) to retrieve it. > > Unfortunately this isn't practical for external consultants - so we're > back to faxing them PHI; or e-mailing them (or switchboard) with our phone > #s and having them call us. > > (Or sticking within our electronic silos - hospital e-mail or eConsult for > example). > > If someone has a more elegant solution - would love to hear it! > > -- > Gyula Voros, MD, CCFP, FCFP (he/him) > Assistant Clinical Professor, Department of Family Medicine, McMaster > University > > > On Mon, 11 Mar 2024 at 19:42, Eugene Robertus <rob...@ro...> wrote: > >> Gyula, very nice points. >> >> We resorted to PGP encryption, which is very-well integrated in Canary >> email client for mobili devices, and on Desktop Thunderbird client. This >> allows you to ensure 100% end-to-end encryption. It can even work in Gmail >> web interface (a plugin required). >> >> Having said that, this way of emailing requires some configuration and I >> only set it to those who are really concerned about security and are >> willing to accept limitations. >> >> Today, with wide use of cloud-based email services, like Google, use of >> encrypted email breaks convenience - encrypted emails cannot be read by >> Google, so it cannot index them, and you cannot search the content. Some >> find it a massive roadblock to encryption adoption, choosing either accept >> the risks or avoid email for sensitive data altogether. >> >> Sorry, my 2 cents... >> Eugene >> >> On 3/11/2024 7:13 PM, Gyula Voros wrote: >> >> Adrian, correct me if I'm wrong, but that's basically only for internal >> e-mails (i.e. between other people on your server). The minute you send >> e-mail to another domain it crosses the internet without encryption, >> therefore you cannot safely include PHI in the e-mail (except maybe as an >> encrypted attachment with the key/password shared via other channels). >> >> I know gmail has an encryption option where you need to for example text >> a code to a second device to decrypt the e-mail, but not sure how widely >> implemented such protocols are nor how robust the security. >> >> I use our hospital-based e-mail to send secure e-mail messages to >> specialists. SigMail is also an option with some uptake. Unfortunately >> nobody uses PGP which has been around for decades (admittedly, none of >> the major providers implemented it seamlessly so it's hard for the >> end-user). The problem with all of these is that they are siloed - you can >> only safely message people within the silo (and you don't always get a >> warning when sending mail outside). >> >> E-mail was just not designed as a secure technology from the beginning >> and I'm not aware of any widely adopted grafted-on hack that would allow >> what is required by PHIPA (i.e. sending a message that can ONLY be read by >> the intended recipient(s) and nobody else). >> >> The fact that fax (especially as usually implemented over the Internet) - >> which we all use dozens if not hundreds of times daily - has all the same >> problems is beyond the scope of my rant, lol. >> >> >> -- >> Gyula Voros, MD, CCFP, FCFP (he/him) >> Assistant Clinical Professor, Department of Family Medicine, McMaster >> University >> >> >> On Mon, 11 Mar 2024 at 18:56, Adrian Starzynski <ad...@ad...> wrote: >> >>> PIPEDA/PHIPA etc. compliant email = email server in the office. >>> I install them. For example, Synology NAS comes with 5 included MailPlus >>> licenses (perpetual) but you can buy more for one-time cost (about $50-60 >>> each, sold in packages of 5 I believe). It has 90% of the Office365 >>> features, no monthly costs for email, and you get data control. You can >>> also transfer the licenses from one Synology to another in case you >>> upgrade/switch. >>> >>> -- >>> Adrian Starzynski >>> ------------------------------ >>> *From:* Ahmed Omar via OSCARmcmaster-advanced-users < >>> osc...@li...> >>> *Sent:* March 11, 2024 5:53 PM >>> *To:* osc...@li... < >>> osc...@li...> >>> *Cc:* Ahmed Omar <ah...@ya...> >>> *Subject:* [OSCAR-advanced-users] Secure HIPPA/PHIPA Compliant email >>> suggestions >>> >>> Hello Everyone, >>> >>> I trust this email finds you well. I'm reaching out with a query that >>> might not directly relate to OSCAR but is crucial nonetheless. >>> >>> Could anyone recommend a standard email service that complies with HIPAA/ >>> PHIPA regulations, particularly one recognized in Canada and/or >>> Ontario? I'm not referring to patient messaging but rather regular email, >>> akin to the now-defunct Ontario One-Mail service. >>> >>> While researching, I came across ProtonMail, which appears promising and >>> HIPAA compliant. However, I'm unsure about its applicability in Canada >>> given that it's a non-Canadian service. >>> >>> Your insights and recommendations would be greatly appreciated. >>> >>> Thank you kindly for your assistance. >>> >>> Warm regards, >>> >>> Ahmed Omar >>> >>> _______________________________________________ >>> OSCARmcmaster-advanced-users mailing list >>> OSC...@li... >>> https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-advanced-users >>> >> >> >> _______________________________________________ >> OSCARmcmaster-advanced-users mailing lis...@li...://lists.sourceforge.net/lists/listinfo/oscarmcmaster-advanced-users >> >> >> _______________________________________________ >> OSCARmcmaster-advanced-users mailing list >> OSC...@li... >> https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-advanced-users >> > _______________________________________________ > OSCARmcmaster-advanced-users mailing list > OSC...@li... > https://lists.sourceforge.net/lists/listinfo/oscarmcmaster-advanced-users > |
