There are some basic steps to securing personal information when it comes to email. These include
- Message encryption
- email transmission encryption
- email digital signatures
- Password protected attachments
Normal NON-encrypted email
Let’s say I go to Paris for a holiday and send back a postcard to work, with a photo of the Eiffel tower on one side and a hand written note on the reverse that says ‘wishing you were here.’ To post this normally, I’d add a recipient address, a sender name and address, and a stamp.
This would be like normal email.
Anywhere along the way anyone can read the postcard, take a photocopy, share it with their friends, analyse my handwriting, essentially do whatever they like. Neither myself nor the team at work would know that it has been handled and who by. This is clearly not suitable for patient identifiable Health information. To send a patient’s personal health information this way would be outside of the guidelines set by the Australian Digital Health Agency. Additionally the Office of the Australian Information Commissioner (OAIC) has a printed guide to securing personal information that includes the statement ‘Email is not a secure form of communication and you should develop procedures to manage the transmission of personal information via email.’
For some semblance of security, I’ll put the postcard from Paris in an envelope before I post it. Anywhere along the way, anyone can read who the letter is to, who it is from, the date it was posted, and where it was posted from.
A reasonably crafty person could steam open the envelope, read the contents and seal the envelope again if they so desired. They could even change the contents of the enclosed postcard. A valid digital signature shows that a document or email hasn’t been changed since it was signed.
Locking the postcard in a small safe with a unique key/PIN to open at the other end stops crafty people from looking at the message. They need to be seriously committed to read the message to bother and have some serious skills to make it look like it wasn’t tampered with. Anyone can still see who it is to, who it is from and the date that it was transmitted (Message level encryption with good encryption protocols eg TLSv1.2)
eMail Transmission encryption
Using a delivery service to hand deliver just this single postcard, where the postcard is in a safe, in a courier bag, with tracking stickers posted on it, etc limits those than can even see who to, who from or date processed to perhaps a handful of people. In this case we would see the courier’s name badge when they pick up, and their uniform, and if concerned we could actually check those credentials before handing our package over. The courier gets the recipient to sign for the package. This is mail-server to mail-server transmission encryption. This is what we do in hMailserver (except that checking the credentials is actually quite tricky and not normally done).
By using a real SSL certificate, not one we made ourselves, is like the courier company purchasing name badges and ID cards, as opposed to making their own with a label maker.
Using a reputable company with good resources, even say an armoured car for delivery / pick-up, is akin to using strong level encryption protocols (TLSv1.2)
SSL is like me phoning the courier company who I’ve dealt with previously, and set up my special requirements and the recipient in advance, and using a code word or purchase order to ensure that my special requirements are met.
StartTLS is me phoning the courier, and when they come to pick-up, then I say ‘OK I need this tracked, and I need recipient signature at other end, and I want notification that it has been delivered, OK?’
Secure Message Delivery (SMD) in Australia is like using SSL. Very secure, but you have to trust the SMD provider not to look at your messages.