Richard, Here is my somewhat simplistic (though long-winded) answer to your questions.
On 7/23/03 7:38 PM, "Richard Shane" <[EMAIL PROTECTED]> wrote: > I have been told that governmental healthcare regulations will soon be > requiring that my emails to my patients be encrypted for privacy. > > 1. How do I do that? Cant Ent X do that or do I need special software. Yes, you'll need special software. The problem you face is that if the government mandates that you use encryption, they may also mandate that you use a certain method or type of encryption. That aside, for my encryption needs, I use a program call MacGPG. http://macgpg.sourceforge.net/ It is basically a port of a program called GnuPG (Gnu Privacy Guard). I use it because it is free. You can also get some Applescripts to integrate it with Entourage, called EntourageGPG. The sourceforge link has other links that can take you to more general encryption links. I also know that there is a yahoo group set up specifically to assist new encryption users. http://groups.yahoo.com/group/PGP-Basics/ Another excellent source of information is Crypto-Gram, put out by Bruce Schneier of Counterpane Internet Security. <http://www.counterpane.com/crypto-gram.html> This is a monthly newsletter relating to computer security and encryption I enjoy very much. You can read them online or subscribe. It's only once a month, so not a major time investment. > 2. I don't quite understand encryption in that if I encrypt it, how will my > patient read it? > The email encryption that I'm familiar with uses a public-private key system. In this system, you and the recipient use encryption keys to communicate. You publish your public key for others to download, while keeping your private key secret. Also, you need to download the public key of anyone to whom you wish to send encrypted messages, in this case your patients. In addition to downloading their public key, you need to verify that the key is really theirs and tell your encryption software that you have verified this person. For example, if I want to send an encrypted message to you, I need to get your public key. In order for you to decrypt a message I send to you, you need to get my public key. The function of the private key is to ensure that only you can actually read the message I send to you and that you are the person I intend to communicate with. The main weakness of this system is also one of it's strengths, called the Web of Trust. You need to ensure that the person you are communicating with is actually the person you intend to communicate with, and not a third party masquerading as that person. There are well documented methods to make sure you are communicating with the person you want to, usually involving face to face meetings or telephone communications. You then tell the encryption software that the key does belong to the person with whom you communicated. You also tell the encryption software whether you trust that person to verify other people you don't know. The strength is that you decide who you trust. The weakness is that others may not be as stringent as you about verifying others. Sorry for the long winded post, but I like using encryption. I hope this was helpful. I didn't even get into digital signatures! Regards, -- Michael Shaffer http://www.theshaffers.org/michael iBook 700MHz PowerPC G3 - MacOS 10.2.6 - Entourage X 10.1.2 -- To unsubscribe: <mailto:[EMAIL PROTECTED]> archives: <http://www.mail-archive.com/entourage-talk%40lists.letterrip.com/> old-archive: <http://www.mail-archive.com/entourage-talk%40lists.boingo.com/>
