Comment on Just had a hospital group employee tell me to simply email medical information
Brkdncr@lemmy.world 2 months agoIt is as simple as checking a box and requiring TLS encryption at the recipient’s email gateway/server.
Comment on Just had a hospital group employee tell me to simply email medical information
Brkdncr@lemmy.world 2 months agoIt is as simple as checking a box and requiring TLS encryption at the recipient’s email gateway/server.
9tr6gyp3@lemmy.world 2 months ago
Unfortunately TLS encryption is only from client to server.
Server to server encryption is optional. Thats where the issue lies.
frongt@lemmy.zip 2 months ago
And it does not mean the data is encrypted at rest.
tomalley8342@lemmy.world 2 months ago
TLS handles security for the email sent from your device until it reaches the server, and various HIPAA compliance rules mandates security for that data once it reaches that server. It’s not alarmingly less secure than other HIPAA compliant methods of communication, unless the email provider on your end has poor support for TLS emails.
nyan@lemmy.cafe 2 months ago
Um, the transmission path for email isn’t sender client -> destination server -> destination client. Mail doesn’t go over HTTP, it has its own protocols, and takes the route sender client -> sender server -> some number of intermediate servers -> destination server -> destination client. You don’t know for certain what intermediate servers will be involved, who they belong to (often they go up through parent companies or backbone providers, then come back down again), or how they’re secured (if they’re secured). All the servers along the chain, some of which may be in a different country, have to be secure in order for the transmission method to be compliant, and that ain’t usually gonna happen.