Do you encrypt your email?
-
If so, How do you do it? Do you use a service, or something like PGP?
-
There are two parts to this. The payload encryption, like GPG, and the transmission, TLS. TLS is done automatically between all main email carriers. So in nearly all cases, yes, I do. I do not do payload encryption, though. That's very cumbersome.
-
@scottalanmiller said:
I do not do payload encryption, though. That's very cumbersome.
For both yourself and the person who needs to read the email you sent.
-
@dafyre said:
@scottalanmiller said:
I do not do payload encryption, though. That's very cumbersome.
For both yourself and the person who needs to read the email you sent.
yes exactly, it requires pre-arrangement and always causes problems. This same pain in the butt is also what makes it really secure, of course.
-
Through mandates in Meaningful Use, Something called Direct Access has been created as a back bone for secure payload emailing.
It works by having nodes that store the public keys of it's users and those nodes have trust relationships with other nodes and they all share keys transparently to each other.
Example, our EHR is athenaNet. They have a node and submit the fact that they have that node to some central government authority who then passes that information all the other nodes. athenaNet then registers all of the MDs that use their system in the node creating public/private key pairs.
When an outside EHR wants to send a message to my doc, using the Direct Access email address (not his personal email address) the remote EHR contacts its node, asks for the public key, that node asks the athenaNet node for the public key for my doc, it's all sent back, and a message is sent using the encryption.
Now if we could only get these nodes out there for all email addresses, not just the direct access ones, and get email systems to ask work in the same system.
Since the infrastructure will exist (rather does exist) for healthcare, I'm sure others could start using it quick enough.
-
@Dashrender said:
Now if we could only get these nodes out there for all email addresses, not just the direct access ones, and get email systems to ask work in the same system.
Since the infrastructure will exist (rather does exist) for healthcare, I'm sure others could start using it quick enough.
We could but it would give up the central value of email.... ad hoc, anonymous communications. Email is built around that. What you want is something very fundamentally different than traditional email, not just secure traditional email (which is already pretty secure in cases where people care.)
-
The issue with the OP software model is.... what happens when your phone goes into the lake like mine did this week? Not only do I lose contact with those people, I lose a record of the communications, groups, lists, etc. Everything is stored on the phone. Now it is lost. There is no central server that can restore any of it, including the accepted person to person connections. I need to use another tool to reach each of those people again and set the whole thing up again. And anything sent to me that doesn't make it through reliably is just gone forever.
I might hate text messaging but when I get a replacement phone my contacts will come back, people, people who could reach me before can reach me again and the messages that I missed are pushed back to me again.
