Aetna "encrypts" email so it is HIPPA compliant (using https://www.voltage.com/
Basically: they send you an email with an encrypted .HTML attachment.
You double-click the attachment and view the message as webmail on the aetna.com site.
I forwarded such a message to my hotmail account and could just double-click the attachment and view it fine.
I then forwarded it to my gmail account, and opened the message on my laptop (wifi network), and likewise can just click the attachment to open the message.
So, how is this secure?
It never asks for a password and seemingly doesn't use certificates (I'm in IT and not the destination HR user)
Why couldn't they have just sent a link to the particular message on aetna.com? Why all this hocus pocus encryption stuff to not even bother asking for a login userid/password?