It is as simple as checking a box and requiring TLS encryption at the recipient’s email gateway/server.
Comment on Just had a hospital group employee tell me to simply email medical information
halcyoncmdr@lemmy.world 4 days ago
Encrypted mail is 100% a thing. And it is definitely used by medical personnel to send information securely.
But email is not encrypted by default, and isn’t as simple as checking a box in Yahoo or Gmail to do so.
Brkdncr@lemmy.world 4 days ago
9tr6gyp3@lemmy.world 4 days ago
Unfortunately TLS encryption is only from client to server.
Server to server encryption is optional. Thats where the issue lies.
frongt@lemmy.zip 4 days ago
And it does not mean the data is encrypted at rest.
tomalley8342@lemmy.world 4 days ago
TLS handles security for the email sent from your device until it reaches the server, and various HIPAA compliance rules mandates security for that data once it reaches that server. It’s not alarmingly less secure than other HIPAA compliant methods of communication, unless the email provider on your end has poor support for TLS emails.
nyan@lemmy.cafe 4 days ago
Um, the transmission path for email isn’t sender client -> destination server -> destination client. Mail doesn’t go over HTTP, it has its own protocols, and takes the route sender client -> sender server -> some number of intermediate servers -> destination server -> destination client. You don’t know for certain what intermediate servers will be involved, who they belong to (often they go up through parent companies or backbone providers, then come back down again), or how they’re secured (if they’re secured). All the servers along the chain, some of which may be in a different country, have to be secure in order for the transmission method to be compliant, and that ain’t usually gonna happen.
lena@gregtech.eu 4 days ago
The problem with this is that it’s annoying to set up so most people don’t use it
rc__buggy@sh.itjust.works 4 days ago
Yeah, PGP? You cool with that? And what happens when the person on the other end uses GPG? Corrupted sig?
Most of us just quit using that shit 10 years ago. email is insecure, everything I send is for everyone to read.
jodanlime@midwest.social 4 days ago
They most likely use a third party like mimecast or the built-in encryption in outlook. I also haven’t had an issue between PGP and GPG but I’m not a heavy user.
rc__buggy@sh.itjust.works 4 days ago
I don’t use outlook, I use fucking mutt