web analytics

Optometrists and Labs Need Encrypted E-mail

on November 21st, 2009 | Filed under Optoblog

E-mail is awesome because you can send notes, pdf’s, and other files quickly and easily- except when you are a doctor. Since any script kiddie can sniff your e-mail inbox, doctors can’t send e-mails of cornea topographies to labs, referrals to colleagues, or special testing results to patients because that would be a breech of patient confidentiality and a violation of that one unnecessary, burdensome law.

I protect patients by encrypting my e-mail!

I protect patients by encrypting my e-mail!

I’m sure George Q. Public doesn’t want his K-readings leaked to the press when he decides to run for President someday.

But seriously, sometimes birth dates and stuff are printed on the reports, so if doctors want to use this cool, new thing called “e-mail,” we’ve got to set-up our e-mails to have the capability to send and receive encrypted messages and attachments. What does it look like?

hQEQA+fCUifC1JYBEAALBTMH/14qvUP037oLntVx4WGUXl7b4+6NLQVDGNTD
i6zZejhe2/AzCrNB1tLhUU9HNh70e4Wi1eIAj/08QFZvlTZY+F641HR4XsZd
C6yAdvtsL8BCqcI0wJZQLXY7viioJiMz1cZW0w5fD81ld4acFgAi6Fbh9hUg
J3w42fcoE9JdRSnVbrsNrMtO0mBlvGl2lYWzEQYvHA5uPmYLLETiRwLWxBgS
L+ALi1MyvAK4VOoGQ44dmCOpbaKQ7IBG3SOfdDOR0f1ISF6HLm7J4TupVqcP
a4Up+7XoCK7nAZiCHFr4J/IhQ09Xe/7AlU5lBo2A7BlE7tsu9Ouke5bMuM2T
w7ZT9rukaNNXCXuWUCx9TwF3SRbuYen5+htDPzfl8a3JlYLG9DGvQFdD4jM5
WM9HQHce7BqpkHmEInfbvnYM5OI31N3QEvFk5E1OVn508MB+OM4KGK3PPqTi

So your email inbox gets a message that looks like this. You have an e-mail client plugin that you have set up. You input your password, and the message magically translates to:

Dude, isn’t this so cool that not even the government can tell what I’m writing you? Unless…you forward this message to them unencrypted, but I trust you.

You can see this in action on my practice website. To get started and do this you need a few things:

Your practice’s domain name (usually your web host will offer e-mail storage)
or
any e-mail address that you can access via the e-mail client Thunderbird. (ie POP3 or gmail)

Download the following:

  • GnuPG– the free, open source engine that runs encryption. The Windows version is found at gpg4win.org.
  • Thunderbird– a free, open source e-mail client.
  • Enigmail– a free plugin for Thunderbird that makes it easy to make your encryption keys, share your public key, store other people’s public keys, and encrypt/decrypt e-mails. You should read the install instructions for Enigmail.

Make sure when you generate your encryption key password that it is extra long and random. You must assume that anyone could capture it and try to brute force it. If it is long and random, it would be nearly impossible to crack. I suggest keeping your random, long password in a password wallet.

Why not do it?

Barriers to entry:

  • It doesn’t do any good for you to have e-mail encryption if the person to whom you want to e-mail the top-secret K-readings doesn’t have e-mail encryption set up. They must have a public key that they share.
  • I’ve just presented a free way (unless you have a paid practice URL/webhost) to do this, but it does require some tech savvy to download, install, and implement the tools. This way requires the Thunderbird e-mail client. If you use Outlook or something, there are paid solutions out there.

Why do it?

If every doctor would just get in gear with e-mail encryption keys, we could send patient referrals with high quality color photos and reports instead of low res, black and white faxes (usually with a few vertical black lines on the page). We could send the lab a topography. We could send a patient a report or copy of their Rx. We could talk about the stupid government and how we all secretly agree with Glenn Beck, Rush Limbaugh, and Ann Coulter.

Tags: , , , , ,

2 Comments

2 Responses to “Optometrists and Labs Need Encrypted E-mail”

  1. By the way, I’d be happy to speak about this at your next CE event. I charge the going rate plus travel, accommodations, etc.

  2. Great post, confidentiality is extremely important. It is unfortunate that we have to go to these extreme lengths of encryption to protect our clients. However, this post is very informative and should help anyone to get started, in the cloak-n-dagger world of optometry lol….