Ultra Secure E-Mail solution for Medical Examiner to send and recieve mail.

Posted on 2012-08-16
Last Modified: 2012-08-16
Are there any 3rd party, or web based vendors that provide ultra secure, two factor, insane encryption that can be purchased on a monthly or yearly plan. And they (Medical Examiner and Forensic Pathologist) want to pass photos and documents securely also. Due to the nature of the content and the liability involved I cannot find a solution that they might consider.
Question by:MattRichardson
    LVL 10

    Expert Comment

    gmail :D
    LVL 31

    Accepted Solution

    The main issue is that you must ensure that the sensitive documents never leaves your company's hands. The moment it goes out onto the internet, it can be tracked, spyed upon, stored by third parties etc.

    This means you have to adhere to several paranoia rules:

    1) Your server must route the mail. It may NOT use an external SMTP Server like your ISP or Web Hosting provider's SMTP Servers.

    2) The message itself must be stored on your own server. It CANNOT be stored on a third party email provider's server like Gmail or Hotmail

    3) You must enforce that all access to the mail is done in a secure manner, this means enforcing HTTPS encryption when access the mail via webmail, and NOT allowing users to download a cached copy of mail onto their computers since it becomes a liability as soon as it leaves your server. This means IMAP and POP3 are out.

    4) Smartphone access mail must be protected with a PIN code so that if they get lost or stolen the data is safe.

    If the ONLY two parties involved are the Medical Examiner and the Forensic Pathologist (e.g. they both work for the same company), then an on-premises Microsoft Exchange Server is an ideal solution:

    - Mail that goes from one internal mailbox to another never leaves the server. Exchange routes it internally

    - Exchange stores the data on your on premises server, which you control

    - Exchange by default enforces HTTPS encryption for webmail, activesync and outlook access

    - Exchange can be configured so that PIN codes on smartphones are enforced

    The catch is BOTH parties must have mailboxes internally on your exchange server and they may not send emails to outside parties, they must understand that the email is only secure when it is sent to internal mailboxes.
    LVL 31

    Expert Comment

    The alternative solution is to have an encryption/decryption system that operates on both sides for both parties - e.g. an outlook plugin that both parties run. The body of the message is encrypted before sending, and decrypted when it is received.

    Anybody inbetween sees the body of the email as a bunch of jibberish. This allows you to use whatever mail servers, SMTP servers etc. you like.

    I don't have a specific company or product I can recommend, but I definitely know that it exists.

    A local company in my area that I went to a networking event with had a product that does pretty much what I described above, but they're a small startup and I'm not sure if that's their flagship product anymore. It might be worth giving them a call, though:
    LVL 5

    Author Closing Comment

    I know the Medical Examiner will attach remotely (at the hospital or public wifi) to our secure in-house web-mail and we should (according to your post) create an Account for the Forensic Pathologist, who will also likely not be on our local network. But HTTPS is forced and running via web-mail which should be good enough. We do not allow POP or IMAP currently, so I guess we should be covered. I may layer on a third party app later or some form of two factor to help.


    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Join & Write a Comment

    By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
    Healthcare providers, insurance companies and other covered entities trust eFax Corporate to transmit their most sensitive documents. eFax Corporate can help your organization implement a HIPAA compliant cloud faxing solution.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now