close

Privacy guaranteed - Your email is not shared with anyone.

How to setup secure e-mail server?

Discussion in 'Tech Talk' started by ToyotaMan, Jul 27, 2005.


  1. ToyotaMan

    ToyotaMan
    Expand Collapse

    Joined:
    Jun 6, 2000
    390
    0
    Location:
    USA
    Our pharmacy is being told that our e-mail needs to be sent through an encrypted system to keep in compliance with the new HIPAA Security Rule.

    Right now, the only e-mail address I use at work is my gmail account.

    So, how can I go about doing this? If I have a workstation that isn't being used to its fullest, could I use that for this purpose? Would I have to register my own domain name as well?

    I really know nothing about this so I need some help.
     

    Wanna kill these ads? We can help!
  2. prism

    prism
    Expand Collapse
    more ammo

    Joined:
    Sep 26, 2002
    1,419
    8
    Location:
    Indiana
  3. HerrGlock

    HerrGlock
    Expand Collapse
    Scouts Out
    CLM

    Joined:
    Dec 28, 2000
    23,791
    182
    Questions that will help a lot:

    Who needs to send encrypted email? Everyone encrypted to you? You encrypted to everyone? Only you to you (inside to inside)?

    Do you plan on having outside pharmacies send you stuff?

    Simple solution if you need all email from everyone to come in encrypted:

    Go download PGP http://www.pgpi.org/
    Set up a public/private key pair with the max bit available.
    Post your public key on your website and/or add it to the signature of your email you send from the pharmacy's address.
    Require all email that comes in be encrypted with your public key. Refuse all email that comes in plain text (unencrypted) with a notice about the use of your public key.

    This is a bit of a pain in the neck because those who have no idea what encryption is may or may not be able or want to figure it out.

    Still, please explain what you are actually looking to do. Do you receive email from anyone and then have to encrypt it to get it into your system inside your network?

    The best way to explain is to describe the way it's supposed to run, like, "The person sitting at home must encrypt it and send it in to us" or "The person at home sends us an email. We take that, encrypt it and put it into our system" or "only other pharmacies must encrypt email sent to us, people at home can send plain text."

    DanH
     
  4. ronin_asano

    ronin_asano
    Expand Collapse

    Joined:
    Apr 13, 2004
    474
    0
    if you need it web based, hushmail might be an option for you. gmail is not secure.
     
  5. grantglock

    grantglock
    Expand Collapse
    /dev/null

    Joined:
    Feb 20, 2004
    219
    0
    Location:
    Iowa
    they probably mean to set up TLS so your mail server can communicate with other mail systems that also use TLS

    search for SSL/TLS
     
  6. ronin_asano

    ronin_asano
    Expand Collapse

    Joined:
    Apr 13, 2004
    474
    0
    but that's just secure login, as i understand it. if he's transmitting patient information, i'd fully expect any text sent to be encrypted. if not, if i were a customer there, i'd promptly go somewhere else.
     
  7. tduffy

    tduffy
    Expand Collapse

    Joined:
    Oct 14, 2003
    34
    0
    Location:
    Sioux Falls, SD
  8. HerrGlock

    HerrGlock
    Expand Collapse
    Scouts Out
    CLM

    Joined:
    Dec 28, 2000
    23,791
    182
    No, TLS can be used for MTA to MTA transport. You give me your email server's public key, any mail I have for you gets sent after it is encrypted with that public key. Set up keys for both sides and you have basic secure email.

    DanH
     
  9. ronin_asano

    ronin_asano
    Expand Collapse

    Joined:
    Apr 13, 2004
    474
    0
    cool. didn't know that.