Comment on Just had a hospital group employee tell me to simply email medical information
tomalley8342@lemmy.world 5 days agoTLS handles security for the email sent from your device until it reaches the server, and various HIPAA compliance rules mandates security for that data once it reaches that server. It’s not alarmingly less secure than other HIPAA compliant methods of communication, unless the email provider on your end has poor support for TLS emails.
nyan@lemmy.cafe 5 days ago
Um, the transmission path for email isn’t sender client -> destination server -> destination client. Mail doesn’t go over HTTP, it has its own protocols, and takes the route sender client -> sender server -> some number of intermediate servers -> destination server -> destination client. You don’t know for certain what intermediate servers will be involved, who they belong to (often they go up through parent companies or backbone providers, then come back down again), or how they’re secured (if they’re secured). All the servers along the chain, some of which may be in a different country, have to be secure in order for the transmission method to be compliant, and that ain’t usually gonna happen.