Mr.
...heavily on electronic mail, they do
so without a significant email security infrastructure. New Federal law and regulation
place new obligations on the organizations to either secure their email systems or
drastically restrict their use. This paper discusses email security in a healthcare
context. The paper considers and recommends solutions to the healthcare
organization's problem in securing its mail. Because email encryption will soon be a
categorical requirement for healthcare organizations, email encryption is discussed in
some detail. The paper describes details and benefits of domain level encryption model
and considers how PKI is best deployed to support secure electronic mail.
Motivation
It is a simple fact that the US healthcare industry has come to depend heavily on
electronic mail to support treatment, payment and general healthcare operations. Such
use, though, is something of a badly kept secret as most healthcare organizations have
explicit policy which either prohibits or seriously restricts the use of electronic mail for
the transmission of any ‘patient identifiable' health information. Historically, the industry
has deemed patient identifiable health information as deserving of special protection,
since, by its very nature, such information is highly confidential. Accepting the ‘inherent
insecurity' of electronic mail, healthcare organizations have done little to develop
security infrastructure supporting use of electronic mail for confidential communication
and instead adopted policies forbidding such use. It speaks to the utility of electronic
mail, that even in spite of such policy, as much as 40% of all electronic mail emanating
from healthcare organizations contains health information. A very small percentage of
this email is encrypted or otherwise protected to ensure its confidentiality and
authenticity.
Federal...
View Full Essay
