using exchange, turn on opportunistic TLS. verify with your hippa partners that they have done the same.
consider the use of an encryption device (we went with Cisco) if TLS fails then we force the encrypt at the device level. ---------------- Some say that he thought Star Wars was a documentary, and that he is scared of trees All we know is, he's called the Stig. On Wed, Apr 23, 2014 at 8:31 AM, Jimmy Tran <[email protected]> wrote: > After doing some more reading, it looks the sender and recipient needs > to exchange keys for this to work. > > > > To the members here who have to be HIPPA compliant for email, do you mind > sharing what you have in place? Do you use a 3rd party to handle this? > How do you communicate with users outside your organization and also be > compliant? > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Jimmy Tran > *Sent:* Wednesday, April 23, 2014 8:19 AM > *To:* [email protected] > *Subject:* [NTSysADM] is email over SSL same as email encryption? > > > > I ask this because I have a client who wants to be HIPPA complaint with > patient communication. I don’t know much about compliance with email > except that the email needs to be encrypted. Currently, they use email > hosted by bluehost via imap and over SSL. This just means the connection > to bluehost is encrypted, but by the time it hits the patient’s inbox, it > is no longer encrypted correct? > > > > TIA, > > > > Jimmy >
