Privacy guaranteed - Your email is not shared with anyone.

Welcome to Glock Talk

Why should YOU join our Glock forum?

  • Converse with other Glock Enthusiasts
  • Learn about the latest hunting products
  • Becoming a member is FREE and EASY

If you consider yourself a beginner or an avid shooter, the Glock Talk community is your place to discuss self defense, concealed carry, reloading, target shooting, and all things Glock.

How to setup secure e-mail server?

Discussion in 'Tech Talk' started by ToyotaMan, Jul 27, 2005.

  1. ToyotaMan


    Jun 6, 2000
    Our pharmacy is being told that our e-mail needs to be sent through an encrypted system to keep in compliance with the new HIPAA Security Rule.

    Right now, the only e-mail address I use at work is my gmail account.

    So, how can I go about doing this? If I have a workstation that isn't being used to its fullest, could I use that for this purpose? Would I have to register my own domain name as well?

    I really know nothing about this so I need some help.
  2. prism

    prism more ammo

    Sep 26, 2002

  3. HerrGlock

    HerrGlock Scouts Out CLM

    Dec 28, 2000
    Questions that will help a lot:

    Who needs to send encrypted email? Everyone encrypted to you? You encrypted to everyone? Only you to you (inside to inside)?

    Do you plan on having outside pharmacies send you stuff?

    Simple solution if you need all email from everyone to come in encrypted:

    Go download PGP
    Set up a public/private key pair with the max bit available.
    Post your public key on your website and/or add it to the signature of your email you send from the pharmacy's address.
    Require all email that comes in be encrypted with your public key. Refuse all email that comes in plain text (unencrypted) with a notice about the use of your public key.

    This is a bit of a pain in the neck because those who have no idea what encryption is may or may not be able or want to figure it out.

    Still, please explain what you are actually looking to do. Do you receive email from anyone and then have to encrypt it to get it into your system inside your network?

    The best way to explain is to describe the way it's supposed to run, like, "The person sitting at home must encrypt it and send it in to us" or "The person at home sends us an email. We take that, encrypt it and put it into our system" or "only other pharmacies must encrypt email sent to us, people at home can send plain text."

  4. ronin_asano


    Apr 13, 2004
    if you need it web based, hushmail might be an option for you. gmail is not secure.
  5. grantglock

    grantglock /dev/null

    Feb 20, 2004
    they probably mean to set up TLS so your mail server can communicate with other mail systems that also use TLS

    search for SSL/TLS
  6. ronin_asano


    Apr 13, 2004
    but that's just secure login, as i understand it. if he's transmitting patient information, i'd fully expect any text sent to be encrypted. if not, if i were a customer there, i'd promptly go somewhere else.
  7. tduffy


    Oct 14, 2003
    Sioux Falls, SD
  8. HerrGlock

    HerrGlock Scouts Out CLM

    Dec 28, 2000
    No, TLS can be used for MTA to MTA transport. You give me your email server's public key, any mail I have for you gets sent after it is encrypted with that public key. Set up keys for both sides and you have basic secure email.