I only read some of the executive-level information. It is hard to see that encrypted mail to clients/patients is the future. Besides the fact that the following has (hopefully questionable) US IPR attached to it, I propose other measures.
DISTRIBUTING SENSITIVE INFORMATION TO INDIVIDUALS Here are some thoughts regarding how e-governments (and companies) could efficiently distribute confidential information to citizens (or employees). Note: The following discussion only applies to information from an (non-personal) authority to an individual. Claim ------- In spite of being the foundation for many PKI-based ID-programs, I doubt that S/MIME will play any major role in e-government systems as these typically are built as on-line (web-based) services. The problem -------------- Now, in case a government authority is to send you confidential information, I believe they should not use encrypted mail as this will most likely lead to huge support problems with key- distribution, key-expiration, long-term storage etc. A simple remedy --------------------- e-Governments could preferably e-mail the recipient a web-link (or just a notification) that he or she uses to fetch the confidential information with. That is, after the recipient have authenticated to the on-line authority. This scheme is also aligned with an "account-based" authority where you may have tasks in various stages. The "web-way" allowed on-line banks to address the ordinary consumer and is proven to work on a major scale, while signed and encrypted mail is after more than ten years, still very sparsely used. My 2 cents. Anders Rundgren Consultant, PKI and secure e-business +46 70 - 627 74 37 ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Saturday, February 22, 2003 13:53 Subject: CMS sets health care e-payment standards http://www.computerworld.com/governmenttopics/government/policy/story/0,10801,78722,00.html CMS sets health care e- payment standards By Bob Brewin FEBRUARY 21, 2003 Content Type: Story Source: Computerworld The Centers for Medicare & Medicaid Services (CMS) yesterday published its final rules for electronic health care payment transactions (download PDF), adding what vendors and consultants see as yet another burden to an industry scrambling to meet new privacy and electronic security requirements (see story). .. snip .. -- Internet trivia, 20th anv: http://www.garlic.com/~lynn/rfcietff.htm