I agree with Crawford's concerns. Google gets tons of subpoenas and
they usually comply without giving anybody time to contest them. I
think you might want to check Google's terms of service as well,
because they could contain disclaimers or outright prohibitions on
using Gmail for communicating confidential information.
I *strongly* dislike using regular email for anything that I don't
mind being available to everyone.
Here's the chain of communication and some threats to consider:
(1) Patient's computer -(2)-> (3) Google mail servers -(4)-> (5)
Kevin's computer
1) Patient's computer (security concerns on this end ultimately depend
on the patient)
Snooping from other users
Weak email passwords
Malware
Typos in email address / selecting wrong recipient
Forwarding email to other accounts--this will be routed insecurely
Sending emails through another SMTP server
2) Connection to Google servers
Not using SSL for email on every client *This is my greatest concern.
It allows anybody on the same network to snoop.
3) Google mail servers
Admins snooping
Insecure routing of email between servers? SMTP isn't secure on its
own, and I don't know how Google routes its email amongst its servers.
If patients use other email services, insecure routing of email is
guaranteed.
4) Kevin's connection to Google servers
Not using SSL for email on every client
This is under your control, and not difficult.
5) Kevin's computer
If he's already following reasonable security practices and complying
with HIPAA, this shouldn't be an issue.
I really like the idea of having this kind of contact, but I would
propose two alternatives:
A) https / SSL webpage with contact form. The site can email users
"you have a new message in your secure message center." The users then
log in to your secure website and view / send messages. This is what
every bank I do business with does.
Advantages: This forces the patient to use SSL, makes it impossible
for them to forward messages to other email accounts, and reduces
patients' ability to send emails to the wrong person. You can also
expand the features of the secure website to do scheduling, display
lab results, and anything else over time once you've set it up.
Disadvantages: You will want to purchase an SSL certificate. I see a 5
year certificate for $325. You will also have to set up and maintain
the secure webpage. It looks like there are some companies out there
that host SSL web forms if you don't want to do it your self.
B) Public key email encryption
Advantages: When done right, it's highly secure. Just make sure not to
include anything sensitive in subject lines, since they're not
encrypted.
Disadvantages: The majority of end users / patients will screw it up.
Requires separate email client. I can provide details if anyone's
interested. The amount of support / training required is very
burdensome.
I can provide more details if anyone's interested.
Jason Hernandez
On Nov 23, 12:12 pm, Crawford Rainwater <crawford.rainwa...@linux-