We have all come to rely on sending and receiving
information via email. However, working with protected health information it is
important to realize that it is neither appropriate, nor HIPPA compliant, to
send that data without protecting it so that only the intended recipient can access its content.
The State of Missouri - Department of Mental Health has
implemented a new secure email messaging system to comply with their operation
regulations (DOR 8.340). Since the various state departments share a
consolidated email system through the Office of Administration I assume that
other departments also use this approach. Today I got my first secure message and
thought it would be worth describing the experience.
Initial registration
The first thing that happens is that you get an official
looking email message with a note directing you to click the attachment (an
html link) to view your message. This gave me pause. For security reasons you
should never click on an attachment that
you were not expecting. Rather than calling the sender I opened the header
information (in Outlook’s Option section) to assure myself that it was from the
department. (It would have been better to call the sender but I did not expect
him to be in the office at 5am). This link lead me to a secure web page where my
browser warned me that it could not verify the security certificate that was
being used. I checked out the certificate and could not tell why it would not
verify but it looked OK and, liking to live dangerously, I decided to accept it
for a single use. This opened the web page in my browser and informed me that I
would now be able to receive secure messages.
The technology for this solution is provided by Proofpoint and uses a
PKI (Public Key Infrastructure) identity-based encryption. The major advantage
of this is that a user does not need to download/install any software nor do
they need to have any skills other than clicking on various links and buttons.
Receiving secure messages
Once you have been verified it is easy to read and respond
to any secure messages that you receive. A message will arrive telling you to
open the attachment. In Outlook you will be warned that it is a potentially
unsafe attachment and told to open it only if it is from a trustworthy source.
Saying OK at that point will start your browser and open a secure web page
(this time the browser was able to verify the certificate) with a button to
click to read the message.
The email message interface is simple and quite easy to use
giving you options to reply and forward the message in a secure manner. Files
can also be attached and they will also be secured for transmission.
Usability
Positives: From an end user perspective this is the easiest PKI
implementation I have ever seen. There is no software to load, no user registration,
no passwords to remember, really nothing required from the user other than a
few links to click. Given the usual complexities of PKI this is a great leap
forward. Secure email can be sent to people on different email systems who can
reply and forward securely as well.
Negatives: 1) Users’ email systems must accept attachments to
get to the secure site. There are some corporate environments that strip out
attachments to increase their level of security. 2) Because it takes at least
three clicks to read an email there is an added level of frustration/irritation.
3) The user has to use a different interface to enter email and does not have
the features that they take for granted (e.g., checking email addresses, spell
checking). 4) Unless they go through the multi-step process of copying and
saving the content in some other form, email messages are not searchable or
quickly available. Say I get a series of secure messages with the same title (e.g.,
“RE: [encrypt] This is how to encrypt email”). To find a particular message in
that set I need to click on each message three times to read it. That would get
old fast. 5) While it is easy to reply and forward a secure message it is difficult
for a user from outside of the system to initially create a secure message to
send to the Department. As far as I can tell to do this you would open a
previously received secure message, click reply, delete the current information
(e.g., to, subject, message) then send.
Final thoughts
There are a lot of usability issues with this system. However,
its ability to use PKI to send secure emails without the traditional difficulties
associated with that infrastructure make it a useful approach to solving the
problem of securing protected health data as it is sent over the internet.