Right. It goes back to Ed's quote about there seldom being technical solutions to behavioral problems.
Part of these regulations requires strongly retraining all employees that they need to keep patient information out of emails. Things that require patient information, like billing information, shouldn't traverse email in the first place, rather it should be handled at the billing system level. At that point, all an email has to contain is an invoice number or a payment number and you're not passing any confidential information. HIPAA isn't something for which completely technical solutions exist. This is one of those places. -------------------------------------------------------------- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Hutchins, Mike [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 26, 2003 11:06 AM > To: Exchange Discussions > Subject: RE: Exchange server level encryption > > > Well, that isn't exactly like that. But it seems as though > there also isn't an easy wau to determine what to encrypt on the fly.. > > > -----Original Message----- > > From: Roger Seielstad [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, February 26, 2003 7:33 AM > > To: Exchange Discussions > > Subject: RE: Exchange server level encryption > > > > > > What data are you actually trying to encrypt, and where is it > > coming from? > > > > For instance, some of our products offer HIPAA compliance for > > electronic transactions, using a variety of transports, > > including SMTP, IIRC. > > > > I'd push back at the auditors to make sure that they're > > clearly defining what needs to be encrypted and what can be > > sent clear text. It sounds like they're pushing for 100% > > encryption of all email, which is well beyond my > > understanding of the expectation under the law. > > > > -------------------------------------------------------------- > > Roger D. Seielstad - MCSE > > Sr. Systems Administrator > > Inovis Inc. > > > > > > > -----Original Message----- > > > From: Hutchins, Mike [mailto:[EMAIL PROTECTED] > > > Sent: Tuesday, February 25, 2003 3:44 PM > > > To: Exchange Discussions > > > Subject: RE: Exchange server level encryption > > > > > > > > > Argh... > > > > > > Which is pretty much what Eric was saying I think also. I kinda > > > figured this was going to be a tremendous pain in the ass. > > > > > > So let me throw a side idea at ya. How about creating a different > > > virtual server to handle certain domains and have that > relay through > > > a gateway to encrypt that traffic. Then we would know who was > > > getting the mail and the would be able to decrypt it. > > > > > > > > > > > > > -----Original Message----- > > > > From: Ken Cornetet [mailto:[EMAIL PROTECTED] > > > > Sent: Tuesday, February 25, 2003 1:39 PM > > > > To: Exchange Discussions > > > > Subject: RE: Exchange server level encryption > > > > > > > > > > > > I'll assume you are talking about SMIME encryption > here. What you > > > > want to do is not possible in the general sense. You need the > > > > recipient's public key in order to encrypt their mail. > You would > > > > have to have a predefined list of all possible recipients > > and their > > > > public keys. Even if you had this list, I know of no > > products that > > > > implement this (but then again, I've never looked) > > > > > > > > You could probably rig something up using PGP on a unix > box as an > > > > outbound gateway. But then all your recipients would > need PGP to > > > > read the mail. > > > > > > > > -----Original Message----- > > > > From: Hutchins, Mike [mailto:[EMAIL PROTECTED] > > > > Sent: Tuesday, February 25, 2003 3:25 PM > > > > To: Exchange Discussions > > > > Subject: Exchange server level encryption > > > > > > > > > > > > Ok, my eyes are going crossed. > > > > I have been trying to figure out a decent way to encrypt all > > > > outbound email from our company. This is for compliance with > > > > HIPAA. Does anyone happen to have any ideas? > > > > > > > > I have googled and haven't found a product that looks > > right. I have > > > > searched for "exchange 2000 encryption", "email > encryption", etc. > > > > Help? > > > > > > > > TIA > > > > > > > > Mike > > > > > > > > > _________________________________________________________________ > > > > List posting FAQ: > http://www.swinc.com/resource/exch_faq.htm > > > > Archives: > http://www.swynk.com/sitesearch/search.asp > > > > To unsubscribe: mailto:[EMAIL PROTECTED] > > > > Exchange List admin: [EMAIL PROTECTED] > > > > > > > > > _________________________________________________________________ > > > > List posting FAQ: > http://www.swinc.com/resource/exch_faq.htm > > > > Archives: > http://www.swynk.com/sitesearch/search.asp > > > > To unsubscribe: mailto:[EMAIL PROTECTED] > > > > Exchange List admin: [EMAIL PROTECTED] > > > > > > > > > > _________________________________________________________________ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > To unsubscribe: mailto:[EMAIL PROTECTED] > > > Exchange List admin: [EMAIL PROTECTED] > > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
