Solved

Whats the most secure way to send a confidential file via email?

Posted on 2008-10-14
9
1,072 Views
Last Modified: 2013-11-08
Hi

We want to send patient data to other hospitals / doctors via email on a infrequent basis(or other way if easily implemented).

This data must be sent in the most secure manner possible within reason, we are currently looking into sending it via a encrypted password protected WinZip file, which i believe is more secure than a password protected word file but still easily breakable. With the additional problem of the end user not having WinZip then they cant open it. (if we purchase an additional component for WinZip we can create a self extractable encrypted file but this does not resolve the weakness of the files)

What would be the best way it implement a secure method to email the patient data to other Hospitals or Doctors?

Additional note: UK private hospital NOT on N3 / NHS.

Thanks for your help.

c

PS: Have tried the Uk government (HMRC/DOD) method of leaving disk/laptop on the some random  bus or train hoping it will get there - dosen't seam to work. (just kidding)
0
Comment
Question by:Cromwellhospital
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +3
9 Comments
 
LVL 6

Accepted Solution

by:
xRalf earned 250 total points
ID: 22711630
Hello Cromwellhospital,

the most secure way is to use GPG http://en.wikipedia.org/wiki/GNU_Privacy_Guard and some mix system http://www.mixminion.net/

Regards,

xRalf
0
 
LVL 14

Expert Comment

by:Roachy1979
ID: 22712772
If emailing is a must and not secure file transfer (via say SSH) I would agree with xRalf's suggestion of GnuPG :)

http://www.nullamatix.com/how-to-gnupg-gpg4win-for-ms-office-outlook-exchange-and-others/

0
 
LVL 27

Expert Comment

by:Tolomir
ID: 22713759
Well it all depends on what you've got on the receivers side.

If they are willing to use gnupg you are done. If not winzip is a good approach.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:Cromwellhospital
ID: 22718601
The recievers side will vary immensely (webmail or outlook or o express - xp or full exchage server) and it can range from a doctor sitting in France to a 1000 user PCT hospital.

Our soloution needs to have  a way that relies on us providing a way that caters for all these situations.

Does any one know how hi-security / goverment organisations would achieve this?
0
 
LVL 6

Assisted Solution

by:xRalf
xRalf earned 250 total points
ID: 22718636
The usual way to achieve high security is to use public key cryptography. Maybe it would be useful to employ some security specialist in your organization, make some security policy etc. High security is really very complex topic that needs specialist.

Try to study GPG for the beginning.
0
 
LVL 14

Expert Comment

by:Roachy1979
ID: 22718653
As has been proved recently, high security organisations like the inland revenue and government in the UK just burn unencrypted data to a CD and pop it in an envelope (possibly with big red letters stamped on saying "confidential and valuable data - please do not steal this).  This seems to be adequate encryption for the powers that be....

All joking aside though - I don't think there's anything that is particularly secure AND user friendly.  I have seen this https://lockbin.com/ before though, but can't vouch for it's stability/security - but it might be worth investigating further...

The best way would undoubtedly be using GnuPG though if you can cope with the massive exercise of getting your recipients to install and configure correctly....
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 22718793
Another approach could be to provide files on an ftp server http://www.g6ftpserver.com/ is HIPAA Compliant.

Advantage the enduser doesn't have to install any special software can just use the webbrowser.

Tolomir
0
 
LVL 2

Expert Comment

by:gm1971
ID: 22722382
Chances are there are regulations governing the protection of personal data. In Canada there is anyway.
Before you settle on any solution, consult with these regulations so that you are compliant and thus reduce your liability. At least you would have plausible deniability should there be a leak.
0
 
LVL 8

Expert Comment

by:rpkhare
ID: 22749241
You need to maintain standards among doctors. I mean you must use same program or web mail service throughout your network. For web-mail service, use HushMail. The condition is that the other user must also use HushMail. The advantage is end-to-end encrypted mailing. You don't need to encrypt any mail. You just type plain text and send mail.

Hush has other services too. Please visit: www.hushmail.com
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli‚Ķ
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates‚Ķ
how to add IIS SMTP to handle application/Scanner relays into office 365.

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question