Solved

Secure e-mail with Exchange 2010

Posted on 2013-05-16
6
312 Views
Last Modified: 2013-08-19
Server 2008 with Exchange 2010.

Most users use OWA. Some on Outlook 2007/2010. About 50 users.

Health care org. They want secure e-mail so we don't have to worry about HIPAA compliance when sending info to patients.

I have no idea what is entailed in making Exchange 2010 compliant. Can anyone offer guidance? Will this cost money? Is it going to be extremely time consuming?
0
Comment
Question by:SECC_IT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39171852
Your question is too open.
Unfortuantely so are the HIPAA regulations.

Someone in the org should be aware of the interpretation of the guidelines for your business. You need to follow those.

It can be as complex as encrypting every email. That isn't cheap and isn't straight forward, particularly for recipients.
You could ban the sending of certain information and then use transport rules to enforce those blocks.

Exchange Hosted Encryoption (which is a paid for cloud service) has HIPPA ruleset that you can use.

Simon.
0
 

Author Comment

by:SECC_IT
ID: 39180863
I was hoping for more answers. Aren't there any IT admins out there in a healthcare environment that have had to deal with this?

I am the "someone" who is aware of the regulations. According to what I have read, anything that has protected health information (PHI) has to be encrypted.

Anyone else have any help for me?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39180881
You cannot bump questions on this site.
Once the question has gone from the first page (anywhere between 1 and 4 hours depending on the time of day) then no one else will look at the question.

As far as I am aware, none of the top 10 contributors to the Exchange zone on this site are in the USA, so HIPPA doesn't affect us. You may have better luck on the Technet forums, where there are more American people, or one of the lists.
The Exchange list at My IT Forum is busy and is mainly USA based people posting.
 http://myitforum.com/myitforumwp/services/email-lists/

Simon.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:SECC_IT
ID: 39219053
Thanks - I tend to stump this forum more often than not. Please close this question as "unsolved."
0
 

Accepted Solution

by:
SECC_IT earned 0 total points
ID: 39407821
You cannot have secure e-mail with Exchange without it being a huge PIA - certificates on each user's computer that uses it, certificates on the server, yada yada.

You are better off looking into a hosted solution, such as TrendMicro. They do not host your e-mail, but create a secure environment for your e-mail. There is a downside of the recipient having to go through some steps to read the e-mail, but I believe that once they have downloaded the key onto their computer, they are fine.

Anyway, feel free to close this, O' Geeks of EE.
0
 

Author Closing Comment

by:SECC_IT
ID: 39419575
Nobody provided me with an acceptable answer. My answer is based upon information I found doing research.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
how to add IIS SMTP to handle application/Scanner relays into office 365.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question