Submitted 4 days ago by rc__buggy@sh.itjust.works to technology@lemmy.world
WTF lady? Is this what they are telling people to do now? I said, “email is insecure by design” and she responded, “Well SIR we use a secure server.”
“OK, thanks for your time, bye”
Most of the dentists offices I contacted when I had to switch told me to have my dental records sent to their fucking gmail.
I hope you reported this obvious HIPAA violation.
Are you in a jurisdiction subject to HIPPA? That would seem like a pretty easy violation to report. Otherwise see what your jurisdiction’s medical privacy laws are and who you can report that to.
As much of a hassle as Epic My Chart and other portals can be, I do appreciate how they make medical things more secure and an annoyed when I see small places with nothing that try to tell us to just use email.
HIPAA prevents providers from handling your information insecurely, but I don’t believe there is any rule that prevents you from handling your own information insecurely. You are allowed to refuse if you do not feel comfortable with a method of communication of course.
No there is no rule in HIPAA rule that prevents you from sharing your own information. HIPAA specifically only applies to healthcare providers and vendors and their handling of your healthcare data.
… and that’s why people like me get scolded by receptionists, I suppose.
I did sign up with epic/mychart today and printed my shit out to hand deliver to the provider on my next appointment in two days.
Hippo has two 'P’s, HIPAA has two 'A’s.
That’s cool - send her a password protected zip file and bring in a copy of the password on paper: “EmailIsInsecureByDesignThisIsNotHIPPACompliant123!”
Sir this is Wendy’s.
yeah, it’s unfortunate the general population has no awareness of how insecure email is
I don't know if it's still a thing as generations move on, but I remember when people objected to putting their credit card info into a web form even if it was HTTPS, yet they'd gladly read their card number over the phone.
A long time ago I helped set it up so an elderly relative’s HOA dues were auto-withdrawn from their checking account. Someone stole one of their checks, washed it, wrote in a different name and amount, and cashed it. Bank anti-fraud caught it, refunded the money, and closed the account. I sent the HOA a message explaining the situation and asking what the procedure was to change account numbers.
They emailed over an attached PDF form. Had space for fullname, phone, address, bank routing and account number, and her real signature. Pretty much a PII nightmare. The instructions were to have it filled out and emailed back to them. 🤦🏻♂️
Told the relative to print it out and send it back by post.
Haha, I just had a supplier for my wife’s business ask for the same info. I can’t find anyone who doesn’t want to “store” my card info and who the hell knows what they are doing. Probably an old Pentium3 back in the warehouse.
Might just go with Uline even though I don’t like them and they are expensive. I bet they don’t have PDF forms sent through email.
Many places refer to secure email when they mean a portal that function is more like a private chat app. A lot of them are even sold as 'secure mail' but don't use anything resembling SMTP.
Instead you log into a page, and send a message to the specified recipient who might have an email style address on it, or maybe on the backend it uses their email system for authentication even.
OK sure but this was just, “use your gmail or whatever”
halcyoncmdr@lemmy.world 4 days ago
Encrypted mail is 100% a thing. And it is definitely used by medical personnel to send information securely.
But email is not encrypted by default, and isn’t as simple as checking a box in Yahoo or Gmail to do so.
rc__buggy@sh.itjust.works 4 days ago
Yeah, PGP? You cool with that? And what happens when the person on the other end uses GPG? Corrupted sig?
Most of us just quit using that shit 10 years ago. email is insecure, everything I send is for everyone to read.
jodanlime@midwest.social 4 days ago
They most likely use a third party like mimecast or the built-in encryption in outlook. I also haven’t had an issue between PGP and GPG but I’m not a heavy user.
Brkdncr@lemmy.world 4 days ago
It is as simple as checking a box and requiring TLS encryption at the recipient’s email gateway/server.
9tr6gyp3@lemmy.world 4 days ago
Unfortunately TLS encryption is only from client to server.
Server to server encryption is optional. Thats where the issue lies.
lena@gregtech.eu 4 days ago
The problem with this is that it’s annoying to set up so most people don’t use it