Email has been around since the beginning of the Internet. Since everyone has an email account who would want to receive documents via regular post? What could go wrong?
Well, for starters, the Departement of Health and Human Services identifies more than 100 organizations who have had Personal Health Information (PHI) stolen via email.
Situations like this prove that email is a very insecure way of sending anything. This is not new, it goes back to its origins.
The Problem With Email
When email was invented, the Internet was a different place. It was made up of mostly academic and research institutions with people that were likely to know each other in person. Access to this network was highly controlled, esoteric, and expensive.
Users were willing to extend a lot of trust into messages and originators of emails. When someone said they were Peter Smith from harvard.edu you tended to believe them.
Thus, the communication system of the time, email, did not need to worry about people capturing their messages in transport, reading them for advertising or nefarious gains, and/or pretending to be other people to extract information from you, etc.
Fast forward to today and all of these things are common. Email is the primary attack vector into people’s lives.
Problematic Building Blocks
The way email is transmitted between organizations is also a large contributor to this problem.
- Email is created by sender and sent to their local server.
- The local server has to look up where the destination is.
- It will pass the email via multiple stops to the authoritative server.
- The recipient server will distribute to the storage server.
- The recipients workstation will pull the message from their local server.
There are many parts in this transmission pipeline. Every time email is sent to the next hop, it may cross the Internet where an attacker can intercept it. A copy of the message is normally stored on each machine that is a stop on the journey. Thus, many copies exist. And given the complexities of servers, many log entries are created referencing your email and its data.
This cannot be easily retroactively fixed.
HHS does not say that you cannot send PHI via email, it only cautions you to “implement a mechanism to encrypt electronic PHI whenever deemed appropriate”. Thus theoretically, you are able to send email internally and externally as long as it is secure and encrypted.
You do have to guarantee that emails are secure both at rest and in transit. What does this mean:
When email is sitting on servers and workstations it must be protected by encryption.
When email is moved between servers via the networks it must be protected by encryption as well.
There are a few immediate issues.
- You have no control over encryption on the destination servers outside your organization at rest.
- Even though you may send the information to the the destination via an encrypted network connection such as TLS, you will have little control on how it is sent on from there to its destination.
- When you encrypt content, the recipient has to be able to decrypt the message. Most patients and consumers are not sophisticated enough to do so.
However, to add insult to injury, even if you encrypt the emails correctly, ensure that it is secured in transport, and that the recipient can open and read it, you now have a critical email encryption flaw to tackle. According to Washington Post, your email app could expose your encrypted messages.
As a general rule, free services and internet based email services (Gmail, Yahoo, Outlook) are not deemed secure for the transmission of PHI. Sending to and from them should be avoided. However, it is also no cake-walk to enable HIPAA PHI compliant emails with corporate partners.
You can put Business Associate Agreements in place, but you are ultimately responsible for the security of the data. In 2012, Phoenix Cardiac Surgery paid $100,000 for not taking appropriate steps and using internet-based email. HIPAA states that the entity/person conducting the transmission is the liable party.
Should I Ever Email Then?
It would seem that you should never use email at all, since you cannot control what email system your patients use. Furthermore, having BAA contracts with every providers is unfeasible and may not be effective in the first place.
To make this a little easier and allow patients to have reasonable access, HHS still allows you to email, even when messages are unencrypted. You have to advise patients of individual risk and they have to accept this method of communication.
Would that mean all the previous caution can the thrown outside the window?
Not so fast. There are some other things to consider:
- You should document these conversations.
- You must tell them that email is not secure and that it is risky.
- You must have another fully secure option for the patient to receive the information.
What Are My Alternatives
There are a number of alternatives that have sprung up over the years that supply secure transmission of messages. From Patient Portals to specialized email services, all have their share of advantages and disadvantages.
We, at XcooBee, believe that email is a fundamentally flawed technology that no-matter how much retrofitting is done, it cannot be adopted for secure communication all the time.
Patient portals, on the other hand, are hard to manage for patients. After the 10th signup, the attractiveness declines. Which portal do I access to connect with Provider X vs Provider Y? Especially in health care markets with constant changes. This leaves unmentioned the continuous attack via portal emails that bombard patients’ email boxes.
XcooBee is a privacy network. It was invented from ground up to tackle privacy and security issues like the fully end-to-end encrypted sending of documents. Everyone has an address, their XcooBee Id or XId. As long as you know the XId, you can communicate with anyone, safely, securely, and transparently.
Recipients do not need to have a XcooBee account to access the documents when they are sent by paid XcooBee subscribers. In all cases there is delivery and pickup receipts to close the sending loop.
There are many more advantages to using XcooBee, from specific consent management, to tracing receipts, log erasures and the right to be forgotten. It is time to look beyond email and take flight with XcooBee.