Re: encryping/protecting emails for HIPAA compliance.
From: Jim Schwartz (shamusnc_at_not.spam.earthlink.net)
Date: 03/09/05
- Next message: Arman: "OWA not loading"
- Previous message: Brij: "RE: Undeliverable mail"
- In reply to: donotspam: "RE: encryping/protecting emails for HIPAA compliance."
- Next in thread: Mel Ruttan: "Re: encryping/protecting emails for HIPAA compliance."
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 09 Mar 2005 01:07:54 GMT
You first need to decide if your encryption is Business to Business (B2B)
Business to consumer (B2C) or a mix of the two. B2B isn't too bad as you can
use TLS to encrypt traffic between your host and the other business.
Exchange 2000 and 2003 supports TLS, but the front end server must be
connected directly to the internet (or NAT'd) so your server talks directly
to their host.
If you need to go to B2C or have a mix then you'll have to figure out what
types of consumers you have. If your client base is all over the map as far
as systems and technical skills go then a third party application is the
best solution. PostX, Sagiba, Tumbleweed, Ciphertrust and others provide
email encryption applications that essentially sit in your inbound and
outbound SMTP stream. They (via rules that you set up) determine if the
message needs to be encrypted and then redirect the message to a secure web
site. The link to the web secured email is then passed to the user so they
can retrieve their message. Exchange 2000 can use Keys to encrypt messages,
but IMHO the pain of managing keys as well as dealing with the multitude of
different ISP's, mail hosts and clients makes troubleshooting a real pain.
There are other options in these third party applications as they are pretty
flexible (and can get kind of expensive).
"DrNASA" <nathankc@gmail.com(donotspam).> wrote in message
news:E3BDCD73-5FCF-485A-9301-DD1E6FBFEA36@microsoft.com...
> Thanks for asking this question. I am wondering the same thing. I am the
> SysAdmin of a high-profile arts organization and was asked today by a
> department head if they can encrypt emails so they can send *sigh* credit
> card and tax information through email since it is easier than stuffing
> envelopes. *sigh again*
>
> My initial reaction:
>
> NO NO NO NO NO NO NO NO NO NO
> EMAIL IS NOT SECURE AND IT NEVER WILL BE
> BITE THE BULLET AND START LICKING THOSE STAMPS
>
> I curled up in the corner and cried for a little bit but then bite my own
> bullet and decided to look into it.
>
> I will be waiting with baited breath for the responses here. If I find
> anything out somewhere else, I'll post.
>
>
>
> "Randall" wrote:
>
>> Hello;
>>
>>
>>
>> We are an insurance company that is required to comply with the HIPAA
>> standards. One of the areas we need to comply in is email. We have a
>> single Exchange 2000 server and use Outlook 2000 as our client.
>>
>>
>>
>> We need to secure or encrypt our emails going to our clients that contain
>> private medical information. Is there a setting in Exchange that we can
>> utilize some form of encryption or certificates to protect emails going
>> outside the organization? If so, is there a good technical document on
>> Microsoft's site that addresses this?
>>
>>
>>
>> Thanks
>>
>>
>>
>> R
>>
>>
>>
- Next message: Arman: "OWA not loading"
- Previous message: Brij: "RE: Undeliverable mail"
- In reply to: donotspam: "RE: encryping/protecting emails for HIPAA compliance."
- Next in thread: Mel Ruttan: "Re: encryping/protecting emails for HIPAA compliance."
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
