Be careful when deciding to use Outlook's native encryption for your security solution. Because of the poor security track record of Microsoft, especially in regards to the way Outlook operates, many organizations do not use it for their email client. At our organization only the management staff that needs the PDA integration supplied by Exchange use Outlook, and even that will be discontinued when we find a better integration solution.
The security rule is technology neutral. My personal opinion is that any security solution for email should be as neutral as possible as well. There are cross-platform solutions for secure email, not always as easy to use as integrated stuff I admit, but much more versatile in the long run. > Craig, technology questions regarding security implementations might > better be directed to the WEDI SNIP Security Workgroup List. > > But in any case, you already have practically everything you need to > implement secure messaging among and between your therapists. > Encryption is a standard feature built-in to your e-mail client > software, such as Outlook and Outlook Express, without the need for > new licenses or modifying your Exchange Server configuration. > > Actually, I believe Exchange Server does have the capability for > generating digital IDs for each of your e-mail accounts. This saves > you the hassle of dealing with Third Party Certificate Authorities > (CAs) like Verisign or Thawte for obtaining digital IDs (X.509 > certificates). Encryption is of primary importance, which will be > available with either CA generated or self-signed certificates. You > can easily live without authentication (because each of your employees > recognize legitimate e-mails from their colleagues). But you can > generate your own certificates with the company recognized as the > "certificate authority" by all of the e-mail clients. > > I communicate regularly using encrypted e-mail with colleagues within > and without Novannet - each of us uses standard e-mail clients like > Outlook or Outlook Express and we haven't spent a dime for this > capability. > > William J. Kammerer > Novannet, LLC. > Columbus, US-OH 43221-3859 > +1 (614) 487-0320 > > ----- Original Message ----- > From: "Craig Moen" <[EMAIL PROTECTED]> > To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]> > Sent: Tuesday, 04 March, 2003 02:29 PM Subject: E-mail Microsoft > Exchange Server > > > > We are a home health agency that provides PT, OT and ST. We > communicate regularly with our therapists via e-mail. Patient's > summary of progress etc are exchanged and then we copy and paste to a > document that we send to the physician. Currently for patient > confidentiality we have the therapist de-indentify information in > e-mail by removing patient name and using only initials(no address > other identiying info is on this document.) During our risk analysis > we determined that this is a potential risk in patient privacy because > a therapist could inadvertently include the full patient name. With > the cost of an additional exchange server(as our e-mail is handled > externally at this point) is this "reasonable" to continue as we are > without encyption? Any inexpensive alternatives?? > > If not, does any one have any comments about Microsoft Exchange > Server, where each of our staff would have there own e-mail address > and we would encrypt by default. We are struggling with "reasonable" > because of the cost of the product and the number of licenses we would > need to acquire > > Thanks for your opinion and helpful comments! > > Craig Moen, MPT > Director of Rehabilitation > THERAPY 2000 > 214-467-9787 office > 214-741-3655 fax > [EMAIL PROTECTED] > > > > --- > The WEDI SNIP listserv to which you are subscribed is not moderated. > The discussions on this listserv therefore represent the views of the > individual participants, and do not necessarily represent the views of > the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an > official opinion, post your question to the WEDI SNIP Issues Database > at http://snip.wedi.org/tracking/. These listservs should not be > used for commercial marketing purposes or discussion of specific > vendor products and services. They also are not intended to be used > as a forum for personal disagreements or unprofessional communication > at any time. > > You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To > unsubscribe from this list, go to the Subscribe/Unsubscribe form at > http://subscribe.wedi.org or send a blank email to > [EMAIL PROTECTED] If you need to unsubscribe > but your current email address is not the same as the address > subscribed to the list, please use the Subscribe/Unsubscribe form at > http://subscribe.wedi.org Del Texley LIPA Information Systems (541) 484 6430 --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
