Author Archives: admin

Cyber-attacked prestigious Bay Street law firms claim securing client confidentiality is a priority. What about email?

Last night, the CBC reported on foreign hackers who launched a massive attack on Canadian government computers last fall, also broke into the data systems of prominent Bay Street law firms to get insider information on an attempted $38-billion corporate takeover of Potash Corporation of Saskatchewan. No surprise, statements issued by the legal firms were predictable and generic.  But what struck me was that the issued statements included something that goes like this:  “We take our obligations of confidentiality to our clients very seriously”. Following on to my blog entry in November, it sure doesn’t feel that way. The medium most used by law firms to communicate with their clients is email.  I have and continue to use lawyers extensively for personal and corporate representation, including employment lawyers for the HR side of my life.  Not once has a law firm ever used email encryption or secure email to communicate with me.  Not only does the body of the email contain sensitive strategy conversations, but there are also numerous draft documents that are transferred back and forth as unsecured email file attachments. Now I will concede that the information I am dealing with, such as personal family law matters or employee terminations are likely not as sexy or hack-worthy as the Potash deal.  But how do I know that this information is not being intercepted and reviewed?  Who is going to fess up if this happens?  It may be happening all the time and I just don’t know about it – and never will. Email is a much easier target for attacks then any client file saved behind a legal firm’s firewall. Email leaves the relative safety of the legal firm and travels into the world ‘wild’ web through various passages and nodes before it gets to its final destination.  It can be intercepted at any time through its zig zagged and stopped-over journeys through cyberspace. What we do trust is the technology used for internet banking to communicate and process the ultimate in high-risk and sensitive transactions because the protocol used to transfer information is as safe as we can get it. The transmission is protected by an end-to-end SSL pipe that cannot be intercepted.  When we see that additional ‘s’ in https:// in our browser, we are assured that it’s SSL protected – such as when we access internet banking or process a credit card transaction on line. Without that ‘s’, the information submitted is simply not secure. It seems to make sense that we (clients) should be expecting law firms (and government) to begin taking client confidentiality as seriously as banks do, by adopting the same type of security technology used by banking to secure email communication with clients.  After all, whose responsibility is it to safeguard my (the client) confidential and ultra-sensitive information – the law firm or the client?  Addressing compliance and the law is also clear in echoing my feelings about this important topic.  It’s unequivocally the legal firm’s responsibility. It really feels like it’s time for legal firms to put the ‘confidential’ back into ’priviledged and confidential’ for their clients.  Technology exists to help them do just that. Join the discussion. Agree or disagree? Ariane Laird works with Email2. Email2 provides straightforward secure email encryption solutions and data leak prevention for government and law firms that uses the same security technology as internet banking. Email2 enables professional services organizations to securely send, receive, track and automate delivery of confidential email and large attachments outside the organization – without requiring staff or recipients to change their existing email.
11-11-20 - Email tracking blog

Tracking emails & recipients – Applying social media fundamentals

When I ask my teenager to send me an email, she cringes as if I have just asked her to mow the lawn. When I ask her about the repulsion, the jist of her response is that email is ‘so yesterday’. That may be the case in her world, but email continues to be the primary communication tool for organizations and that’s not going to change anytime soon.  Email allows senders and receivers to communicate asynchronously – meaning that each party does not have to be present at the same time to engage in the conversation. It eliminates playing telephone tag, in-person meetings, or the even more delayed methods of mail and couriers. It occurred to me that as instant as email is, it does not provide the instant feedback that some of the other electronic communication methods provide such as Blackberry Messenger, Facebook, or Google Talk. With these tools, one knows instantly that the message has been received and can even see the recipient typing a reply  (and can see when they stop typing and decide to never send the reply they’re typing – there’s a whole social game attached to that one, and another full blog entry for another time). But bottom line is that communication is in real time and instant feedback exists. Which is not the case with email. There are many benefits to email, but one of the challenges is that you never really know what’s happening to your email after it leaves your sent box. What exactly is that email doing?  Did it get stuck in spam?  Was it intercepted?  Did it stop over in one of the many nodes it has to go through before reaching its final destination and decided it was a nice place to stay for a while?  Where exactly is it? And if you don’t hear back from the recipient within 24  hours, do you send another email asking if it was received? A sender is never really sure about the appropriate timing to reach out to the recipient to ask if they simply decided to not respond, or confirm that they received the message. How many times have we heard from a recipient “I never got your email”?  I for one have both said or heard those words on many occasions. The younger generation is impatient and don’t want to wait for a reply, and want to know what is happening to the words that have been sent electronically – and when it is being responded to – in real time. Email would be a much better 2012 communication tool if we had better visibility into its life cycle.  It would be ideal if email was a hybrid of social media’s instant feedback and email’s asynchronous qualities of not having to be be present in real time to communicate.  A ‘Fedex’ version of email would solve this challenge. Send out the email communication with the ability to track its every move.  In other words, evolve email so that we (the sender) know and can get proof when an email is received, read, forwarded, replied to, printed, or deleted. Otherwise, the next generation will continue to view email as the ’pigeon carrier’ of electronic communication.   Ariane Laird works with email2. email2 provides features that guarantees email delivery and tracks and provides proof when an email and attachment is received, read, replied to, forwarded, deleted or printed. email2 enables professional services organizations to securely send, receive, track, control and automate delivery of confidential email and large attachments outside the organization – without requiring staff or recipients to change their existing email.

Email delegates – the challenges and risk of private & confidential email conversations

A good part of my career has been in Human Resources (HR) working with executive teams. Here’s a bit of a rant from my view of the world, about some of the challenges with email delegates. Great concept – but has some holes. I have always felt uncomfortable that email delegates have access to the sensitive information and confidential conversations I have with my colleagues.  I frequently avoided communicating important information on the fly by email or blackberry because I knew that someone other than the intended recipient had access to the email. And picking up the phone and calling 7 members of the executive team is never feasible – particularly on weekends or after business hours.  So I have to admit that communication was impeded and stifled, and sometimes fell through the cracks. My personal view is that an assistant’s seniority or professionalism is not under attack here. An assistant is human and can negatively react to information they are often not equipped to understand.  And the executive has in-the-know team members to discuss the situation with. Assistants don’t, making it naturally challenging for them to refrain from sharing the information with close co-workers or family members.  To expect them to, may not always be realistic. In my HR roles, I inevitably discussed terminations of individuals or organizational lay-offs with the executive team by email.  In order to secure private conversations, we had no choice but to exchange our private email addresses to engage in discussion.  In some cases, the termination was for the head of the IT department who would also have access to all corporate email communication (Yes, it’s true.  Bottom line is that IT folks have access to all emailed communication sitting on the server. Whether they read it or not is not the point. The point is simply that all emails are available to IT staff, unless a corporate security policy and technical features exist that prevent this capability). Executives also have to be ‘talked off a ledge’ regularly by HR (who knew!) and some of these private discussions occur on email. I have very often exchanged private email conversations with executives with email delegates, by using our private email addresses. Doesn’t it seem counter-intuitive that in order to secure a private conversation, an executive team has to go outside corporate email? There are many other examples of super sensitive email conversations and file attachments that HR shares with senior individuals who have email delegates. Topics include salary increases, candidates for senior positions, re-organizations, performance challenges, budget cuts, and discussions about organizational ranking or identification of ‘must keep’ employees or bonus distribution - which may not always include the delegate as a high performer. I am using HR as an example here, but there are infinite examples of situations where it may not be appropriate for delegates to read emails intended for executives. For example, the confidentiality challenges get even more complicated where external exchanges are involved. Mergers and acquisition discussions are particularly sensitive where financial liabilities are at risk when conversations are contractually bound by the confidentiality assurances included in non-disclosure agreements. On a personal note, my husband has no choice but to use an email delegate to manage the hundreds of emails he receives every day.  My intention when sending him emails is not to have the carte blanche ability to send him inappropriate email content, but simply to deal with housekeeping items that could include a doctor’s appointment or input for a vacation budget decision.  But privacy is important to me, and I just would prefer that an email delegate did not have insight into my private life.  So fair enough. I have to respect that work processes and efficiencies are primary considerations, and I have no choice but to avoid sending him email messages.  Alternatively, sending him a message to his Hotmail account is futile since he is exclusively plugged into his corporate email account during business hours. Individuals sending sensitive and private information to an executive may not know or forget that the individual has an email delegate who will have access to the information. What happens if an email includes content or feedback about the delegate?  Awkward! (it does happen - and HR is left to clean up the inevitable drama that ensues). As much as an executive may view their delegate/assistant  in a can-do-no-wrong light and believes an implicit trust and loyalty exists between them, the rest of the team or other email senders may not know the delegate very well or share the executive’s enthusiasm about the individual. The concern about email delegates may never be disclosed by email senders to avoid conflict or discomfort – particularly if the email recipient is the CEO and at the very top of the food chain. The executive should not be in a position to impose a no-way-around-it experience for the sender who often prefers that only the intended recipient can read the email. It may also not be fair to an email delegate to expose them to feeling ‘send resistance’ from senders or be expected to be neutral and unaffected by sensitive information – particularly at the initial raw discussion phase of sensitive topics or when context is missing that was previously provided in in-person meetings. In my career, I have seen many mishaps and uncomfortable situations occur related to email delegates viewing internal and external sensitive information and related to senders not understanding that the email account is viewed by more than one recipient.   Executive teams would be well advised to enter into a discussion about how sensitive and confidential email is handled when a staff member has an email delegate, and about the risks and challenges associated with this type of communication flow . The team may be surprised to learn that some of the members around the table have never heard of the concept of ’email delegate’, let alone that some of the people around the table actually have one that is reading every email sent to that individual.  After all, are email delegates every discussed or disclosed as part of orientation? Is this information published anywhere? Not that I’ve ever seen.   Join the discussion. Share your thoughts regarding email delegates functionality - particularly if you’re an email delegate. We’d love to hear your point of view. Ariane Laird works with email2. email2 prevents email delegates from accessing their managers’ ultra-sensitive emails when marked as ‘For Your Eyes Only’. email2 enables professional services organizations to securely send, receive, track, control and automate delivery of confidential email and large attachments outside the organization – without requiring staff or recipients to change their existing email.  

When your lawyer doesn’t use secure email to exchange confidential information – and sends the wrong file attachment to opposing legal counsel

I have communicated with my lawyer over email for years. Every time I hit ‘send’ or open an email from my lawyer, I have always felt uncomfortable and vulnerable about the lack of security surrounding the exchange. The sensitive information and super-confidential details included in the body of the email often include financial information and legal strategy discussions. Not to mention the email attachments which often include copies of financial statements or draft responses to opposing counsel.  This private information which is intended to be classified as ‘privileged and confidential’ can easily be cyber-attacked and intercepted. My legal counsel exchanges confidential information with both me and opposing counsel.  The communication exchange methods include unsecured fax which can also easily be intercepted. Faxes are paper-based and are often printed in public office spaces. I have never insisted on a secure email solution from my attorney because I naively felt that if there was a straightforward solution available, the law firm would undoubtedly have adopted it by now. After all, the responsibility for ensuring that confidential legal email exchanges remain secure lies with the legal firm, not the client.   But a recent situation with my legal firm has zapped me out of complacency and into insisting that my lawyer adopt an email encryption solution to secure my email transactions and records. In this particular situation, my attorney and I were involved in hot negotiations with another party and working on a 10 page proposal to be presented to opposing counsel. As the client and active participant, I literally spent at least 15 hours working on the proposal to ensure it was positioned perfectly. To accomplish this, my attorney and I emailed 10 versions of the draft proposal back and forth as email attachments. When it was finalized, I gave my lawyer the green light to send the proposal to opposing counsel. Unfortunately, the wrong version of the proposal was faxed to opposing counsel by the legal firm’s receptionist.  It was void of important changes in strategy and points included in the final version of the proposal.  Because it was sent by fax, there was no way to retract the proposal. Re-sending the correct version of the proposal to opposing council would only have served to highlight the changes in the document and divulge the evolving strategy.  There was nothing I could do except deal with my frustration. The following ‘fix’ may appear biased. But this is a true account of my unfortunate experience, and email2’s secure email is truly the ideal solution to address the discomforts outlined in this blog post. Firstly, email2’s secure email would ensure that my private email exchanges (and attachments) with my lawyer are as secure as internet banking. Secondly, email2 would be able to repair the erroneous send of the older version proposal.  Had the legal firm adopted email2’s encrypted email solution, the message and file attachment could have instantly been recalled – even if opposing counsel had opened and read the email and attached proposal.  The email and attached wrong version proposal would have instantly been fully recalled (pulled) from opposing counsel’s inbox, and the correct version would have been re-emailed. Third, I have also been in a position where the legal firm does not hear back from opposing counsel for weeks, and we’re never sure if opposing counsel has received or read the proposal. They simply go dark. Are they away? On vacation? With email2, my lawyer would have access to message tracking capabilities and instant visibility into what happens to an email after it’s sent. Was the message and attachment received? Read? Printed? Deleted? Saved? email2 also provides functionality to prevent opposing counsel from forwarding, saving or printing the email and attachment for full control of confidential exchanges. email2 does not require my legal firm or me (the client) to change their existing email – including my use of Outlook, Blackberry, or Yahoo.  So there should be no reason why clients can’t insist that their legal firm of choice adopt a solution that provides secure email and controls. Join the discussion. Tell us your stories about unsecured communication with your legal firm. Ariane Laird recently joined email2. email2 enables professional services organizations to securely send, receive, track and automate delivery of confidential email and large attachments outside the organization – without requiring staff or recipients to change their existing email.

5 ways Government can use encrypted secure email to address compliance and efficiencies

Government emailing confidential citizen information

The public sector is made up of thousands of different organizations with large numbers of staff, external partners and an even larger number of clients – namely the public and the environment. The biggest challenge facing public sector organisations (PSOs) today is the ability to securely exchange confidential information with citizens and other agencies outside of government secure networks, as well as complying with privacy and other regulations.  The answer continues to be to simply restrict access or prevent the electronic flow of highly sensitive information. The result is that current rudimentary methods for exchanging sensitive information with the public and a wide range of other government agencies continue to include in-person visits, telephone conversations (and phone tag), faxes, regular mail and couriers.  Not only are these methods not secure, but they only serve to aggravate the new reality for PSO’s to reduce costs, increase efficiencies, offer 24/7 online convenience, and improve green initiatives. And in the end, do nothing to delight the customer! Email2 helps public sector organizations delight their customers by providing encryption solutions to securely send, receive, track and automate delivery of confidential email and large attachments outside the organization – without requiring staff or recipients to change their existing email.

Secure email encryption solutions for government agencies

Email2 provides 5 email encryption solutions for public sector organizations to address specific needs relating to securing, tracking and automating the delivery of sensitive emails outside the organization.
  1. Secure email and tracking
  2. Enhanced email security including privacy compliance, data leak prevention, additional password protection, recipient permissions & authentication, message recall
  3. Secure e-Forms. Accept citizen data input & attachments directly from an online form on a government agency website
  4. E-Statements.  Automation and secure delivery of citizen invoices or notices
  5. Email any-size attachments or ‘print screens’

1.  Secure email & tracking for government

  • Email Encryption Plus provides encrypted email without the complications. It wraps around any existing staff and recipient email application so there’s no new software to learn and email encryption will actually be adopted.  Ìt’s as easy to use for staff, citizens and external agencies as remaining with their existing email application and mobile devices – including MS Outlook and Exchange, Blackberry, iPhone, as well as individual email programs used by citizens such as yahoo or gmail.
  • Now email and attachments can be used by provincial Social Services case workers, school administrators, or justice ministries to instantly and securely communicate with citizens and other government agencies: Email sensitive citizen files or information including social insurance numbers, financial information, welfare documentation, taxation questions and answers, judgement orders.
  • Eliminates telephone tag and allows for 24/7 asynchronous private conversations with citizens and other government agencies (ie: does not require that all parties involved in the communication be present and available at the same time).
  • Email is guaranteed-delivered – and can be proven.  Tracks and proves when an email is received, read, replied to, forwarded, deleted or printed.
  • Increases the public’s confidence by adopting a straightforward email encryption solution that ensures citizen’s private information will only be seen by intended recipients.
  • Provides faster more efficient public services with anytime communication access and reduced in-person appointments, phone calls (and phone tag), and use of mail and couriers.
  • Provides disabled or ill citizens who may be unable to use the the phone or attend in-person meetings, with a secure communication alternative.
  • Can be deployed by a single department or throughout the entire organization.
  • Learn more about Email Encryption Plus.
email2 offers the following add-ons for government, agencies or ministries that are all powered by Email Encryption Plus to ensure that emails are tracked, and sent and received securely without interception.

2.  Adresssing compliance & email data leak prevention for provincial ministries

  • Data Leak Prevention provides enhanced email security for extra protection that sensitive citizen information won’t fall into the wrong hands.
  • Instantly retracts email messages – even after the message has been read.
  • Includes permission settings to prevent a recipient from replying, forwarding, saving or printing an email.
  • Provides the option to include an additional layer of password protection for selected ultra-sensitive emails. Prevents even email delegates from reading the email.
  • Prevents emails from being sent unsecured if certain words or patterns are included in the message.
  • Authenticates recipients.  For example, a citizen may have to enter their SNN and birth date to authenticate their identity before they can access the secure email.
  • Prevents data leaks and mitigates the risk of a breach of privacy of citizen information.
  • Addresses compliance with privacy legislation.
  • Provides additional email security tools for system administrators.
  • Learn more about Data Leak Prevention.

3.  Secure e-Forms for government and citizens

Today, a citizen may visit a public sector organization’s office or website, obtain or print a form, fill it out in pen, and use time-consuming and unsecured methods for delivering the completed form such as in person office visits, mail, or fax.
  • With Secure e-Form, any form completed by citizens or other government agencies can now be securely completed online.
  • e-Form customizable fields are placed on any web page and are filled out by the relevant ‘customer’. e-Form does not require the existing web page to use SLL to safeguard the information submitted.
  • e-Form also securely accepts uploaded addendum files of any size that may be relevant to the particular form’s subject matter, for example a copy of a birth certificate, passport, school transcript, driver’s license.
  • Each completed form submission can trigger an encrypted email message that is sent directly to the designated government worker(s)’ existing inbox.
  • The public sector worker can securely reply to the form submission and engage in a private conversation with the citizen or external partner -  without divulging the email address or the name of the worker.
  • The submitted data is automatically entered into any third party application or government database, and eliminates time-consuming interpretation of handwriting, data entry, and data entry errors.  Reduces manual collection, filing, archiving and eventual destruction of physical forms.
  • e-Form examples include: secured ‘Contact Us’ form, ‘Welfare Application’ form, ‘Employment Insurance Application’ form, ‘Passport Application’, ‘Student Enrolment” form.
  • Learn more about Secure e-Forms.
  • See an illustration example for securely completing annual public school student forms online, using e-forms.

4. Government automation & secure delivery of citizen invoices, statements, or notices

Most public sector offices today, manually create and print statements, invoices or notices, place them in envelopes, and mail them to citizens.
  • Realize guaranteed efficiencies and cost savings using Email2′s automated e-Statements that securely emails hundreds or thousands of citizen notices overnight.
  • e-Statements automatically extracts sensitive details from any third party database used by the public sector offices.  Content is generated in a format that is ready to be sent directly to citizens’ existing inboxes via encrypted email.
  • Eliminates the need for building a secure portal where citizens are required to link through to a website and have to remember logins and passwords to access their information. Now, all relevant information is securely delivered via email or attachments to recipients without the need for additional steps and linking outside their email inboxes.
  • Email Encryption Plus features are used to guarantee email delivery and track and prove when a notice has been received, read, printed, saved or deleted. Prevents statements such as “Sorry, I never received it” or “It got stuck in spam” and significantly shortens notification and payment cycles.
  • Data Leak Prevention features are used to authenticate citizens, and set recipient permissions including limitations for replying to, forwarding, saving or printing emails and attachments.
  • e-Statements improves Canadian government green initiatives and provides an immediate savings of 80% or more by eliminating waste and costs associated with creating, printing, mailing or faxing notices.
  • Other applications for e-Statements could include Healthcare invoices, government employee pay stubs, citizen account statements, tax return confirmations.
  • Learn More about e-Statements.

5.  Emailing large file attachments and ‘print screens’ by government agencies 

  • Now encrypted email can be used to send and receive any-size file attachments by government, so there’s no worry about sending that 20 MB, or even that 100 MB file.
  • Bypasses file size & security limitation & quarantined policies set by external government agencies or citizens’ existing email applications – such as Gmail or Yahoo Mail.
  • Eliminates the need for the use by government or citizens of complicated FTP or external services such as DropBox.
  • Eliminates saturation of email inbox storage limit. No taxing of the network – reduces IT costs and overhead.
  • Provides storage, permissions, search and download functionality for file attachments.
  • All file attachments are saved in a permission-based Library making it easy to download, store, search and set permissions.  Eliminates government staff searching through email inbox for a specific file.
  • ‘Print to Secure Message’ feature provides public sector professionals with the unique ability to instantly ‘print screen’ what is viewed on screen – regardless of the length of the page or what application was used to view the information – and send the file via encrypted email.  Any scanned document or any content that is typically sent to a printer and distributed via fax, mail or courier will benefit from this feature.  For example, instantly and securely email student records or tax information even if they are rendered by specialized applications.
  • Learn more about Large File Attachments.
Learn more about email2 products.email2 is made in Canada

Canadian Government emailing confidential citizen information

The Canadian public sector is made up of thousands of different organizations with large numbers of staff, external partners and an even larger number of clients – namely the public and the environment. The biggest challenge facing Canadian public sector organisations (PSOs) today is the ability to securely exchange confidential information with citizens and other agencies outside of government secure networks, as well as complying with Canadian privacy and other regulations.  The answer continues to be to simply restrict access or prevent the electronic flow of highly sensitive information. The result is that current rudimentary methods for exchanging sensitive information with the Canadian public and a wide range of other government agencies continue to include in-person visits, telephone conversations (and phone tag), faxes, regular mail and couriers.  Not only are these methods not secure, but they only serve to aggravate the new reality for PSO’s to reduce costs, increase efficiencies, offer 24/7 online convenience, and improve green initiatives. And in the end, do nothing to delight the customer! email2 is made in Canada and has you covered.  We help public sector organizations delight their customers by providing encryption solutions to securely send, receive, track and automate delivery of confidential email and large attachments outside the organization – without requiring staff or recipients to change their existing email.

Made-in-Canada – secure email encryption solutions for Canadian government agencies

email2 is made in Canada and provides 5 email encryption solutions for public sector organizations to address specific needs relating to securing, tracking and automating the delivery of sensitive emails outside the organization.
  1. Secure email and tracking
  2. Enhanced email security including privacy compliance, data leak prevention, additional password protection, recipient permissions & authentication, message recall
  3. Secure e-Forms. Accept citizen data input & attachments directly from an online form on a government agency website
  4. E-Statements.  Automation and secure delivery of citizen invoices or notices
  5. Email any-size attachments or ‘print screens’

1.  Secure email & tracking for Canadian government

  • Email Encryption Plus provides encrypted email without the complications.  Offered as a cloud on-demand service that is deployed in minutes and uses the same security technology as internet banking.  It wraps around any existing staff and recipient email application so there’s no new software to learn and email encryption will actually be adopted.  Ìt’s as easy to use for staff, citizens and external agencies as remaining with their existing email application and mobile devices – including MS Outlook and Exchange, Blackberry, iPhone, as well as individual email programs used by citizens such as yahoo or gmail.
  • Now email and attachments can be used by provincial Social Services case workers, CRA, school administrators, or justice ministries to instantly and securely communicate with citizens and other Canadian or provincial government agencies: Email sensitive citizen files or information including social insurance numbers, financial information, welfare documentation, taxation questions and answers, judgement orders.
  • Eliminates telephone tag and allows for 24/7 asynchronous private conversations with citizens and other government agencies (ie: does not require that all parties involved in the communication be present and available at the same time).
  • Email is guaranteed-delivered – and can be proven.  Tracks and proves when an email is received, read, replied to, forwarded, deleted or printed.
  • Increases the Canadian public’s confidence by adopting a straightforward email encryption solution that ensures citizen’s private information will only be seen by intended recipients.
  • Provides faster more efficient Canadian public services with anytime communication access and reduced in-person appointments, phone calls (and phone tag), and use of mail and couriers.
  • Provides disabled or ill citizens who may be unable to use the the phone or attend in-person meetings, with a secure communication alternative.
  • Can be deployed by a single department or throughout the entire organization.
  • Learn more about Email Encryption Plus.
email2 offers the following add-ons for Canadian or provincial government, agencies or ministries that are all powered by Email Encryption Plus to ensure that emails are tracked, and sent and received securely without interception.

2.  Adresssing compliance & email data leak prevention for provincial ministries

  • Data Leak Prevention provides enhanced email security for extra protection that sensitive citizen information won’t fall into the wrong hands.
  • Instantly retracts email messages – even after the message has been read.
  • Includes permission settings to prevent a recipient from replying, forwarding, saving or printing an email.
  • Provides the option to include an additional layer of password protection for selected ultra-sensitive emails. Prevents even email delegates from reading the email.
  • Prevents emails from being sent unsecured if certain words or patterns are included in the message.
  • Authenticates recipients.  For example, a citizen may have to enter their SIN and birth date to authenticate their identity before they can access the secure email.
  • Prevents data leaks and mitigates the risk of a breach of privacy of citizen information.
  • Addresses compliance with privacy legislation.
  • Provides additional email security tools for system administrators.
  • Learn more about Data Leak Prevention.

3.  Secure e-Forms for Canadian Federal or Provincial government and citizens

Today, a Canadian citizen may visit a public sector organization’s office or website, obtain or print a form, fill it out in pen, and use time-consuming and unsecured methods for delivering the completed form such as in person office visits, mail, or fax.
  • With Secure e-Form, any form completed by citizens or other Canadian or provincial government agencies can now be securely completed online.
  • e-Form customizable fields are placed on any web page and are filled out by the relevant ‘customer’. e-Form does not require the existing web page to use SLL to safeguard the information submitted.
  • e-Form also securely accepts uploaded addendum files of any size that may be relevant to the particular form’s subject matter, for example a copy of a birth certificate, passport, school transcript, driver’s license.
  • Each completed form submission can trigger an encrypted email message that is sent directly to the designated government worker(s)’ existing inbox.
  • The public sector worker can securely reply to the form submission and engage in a private conversation with the citizen or external partner -  without divulging the email address or the name of the worker.
  • The submitted data is automatically entered into any third party application or government database, and eliminates time-consuming interpretation of handwriting, data entry, and data entry errors.  Reduces manual collection, filing, archiving and eventual destruction of physical forms.
  • e-Form examples include: secured ‘Contact Us’ form, ‘Canadian Welfare Application’ form, ‘Canadian Employment Insurance Application’ form, ‘Canadian Passport Application’, ‘Provincial Student Enrolment” form.
  • Learn more about Secure e-Forms.
  • See an illustration example for securely completing annual public school student forms online, using e-forms.

4.  Canadian Government automation & secure delivery of citizen invoices, statements, or notices

Most Canadian public sector offices today, manually create and print statements, invoices or notices, place them in envelopes, and mail them to citizens.
  • Realize guaranteed efficiencies and cost savings using email2′s automated e-Statements that securely emails hundreds or thousands of citizen notices overnight.
  • e-Statements automatically extracts sensitive details from any third party database used by the public sector offices.  Content is generated in a format that is ready to be sent directly to citizens’ existing inboxes via encrypted email.
  • Eliminates the need for building a secure portal where citizens are required to link through to a website and have to remember logins and passwords to access their information. Now, all relevant information is securely delivered via email or attachments to recipients without the need for additional steps and linking outside their email inboxes.
  • Email Encryption Plus features are used to guarantee email delivery and track and prove when a notice has been received, read, printed, saved or deleted. Prevents statements such as “Sorry, I never received it” or “It got stuck in spam” and significantly shortens notification and payment cycles.
  • Data Leak Prevention features are used to authenticate citizens, and set recipient permissions including limitations for replying to, forwarding, saving or printing emails and attachments.
  • e-Statements improves Canadian government green initiatives and provides an immediate savings of 80% or more by eliminating waste and costs associated with creating, printing, mailing or faxing notices.
  • Other applications for e-Statements could include Provincial Healthcare invoices, Canadian government employee pay stubs, citizen account statements, CRA tax return confirmations.
  • Learn More about e-Statements.

5.  Emailing large file attachments and ‘print screens’ by Canadian Provincial or Federal government agencies 

  • Now encrypted email can be used to send and receive any-size file attachments by Canadian government, so there’s no worry about sending that 10 MB, or even that 50 MB file.
  • Bypasses file size & security limitation & quarantined policies set by external government agencies or citizens’ existing email applications – such as gmail or yahoo.
  • Eliminates the need for the use by Canadian government or citizens of complicated FTP or external services such as DropBox.
  • Eliminates saturation of email inbox storage limit. No taxing of the network – reduces IT costs and overhead.
  • Provides storage, permissions, search and download functionality for file attachments.
  • All file attachments are saved in a Permission-based Library making it easy to download, store, search and set permissions.  Eliminates Canadian government staff searching through email inbox for a specific file.
  • ‘Print to Secure Message’ feature provides Canadian public sector professionals with the unique ability to instantly ‘print screen’ what is viewed on screen – regardless of the length of the page or what application was used to view the information – and send the file via encrypted email.  Any scanned document or any content that is typically sent to a printer and distributed via fax, mail or courier will benefit from the PSM feature.  For example, instantly and securely email Canadian student records or Canadian tax information even if they are rendered by specialized applications.
  • Learn more about Large File Attachments & PMS.
Learn more about email2 products. Ariane Laird works with email2, provider of encrypted email and patented compliance and secure content delivery features used by thousands of professionals. Definitions:  Canadian or provincial public sector organizations can include Federal or Provincial government agencies, Federal or Provincial government ministries, social services, CRA, Provincial employment standard branches.

10 reasons why student forms must be online

This school year, was the same as every other year. I am sure anyone with school aged children will be able to relate to this entry. After the first day of school, my daughter came home with literally 10 student forms that had to be completed by yesterday – ‘or else’. I am all for supporting our children’s schools and their teachers and administrators, but this prehistoric process has to change. I can only image how frustrating the process must be for parents of multiple children because parents have to fill out the same set of forms for each child. Time for a parent protest? Anyone? Here are 10 reasons why filling out printed student forms is incomprehensible in the year that is nearly 2012 and makes for a less than delightful experience for the customer – me!. (I would include some positive stuff here, but I simply could not think of one positive thing about this process).
  1. The biggest challenge with this process is expecting my daughter to get the forms to me! The forms rarely get from the knapsack to the kitchen counter.
  2. They are the exact SAME forms as last year. The only difference is the date on the form. Same signature, same information. Guess what? My daughter’s birth date, doctor, dentist, church, hair color, pet, allergy list, and her parents names have not changed since last year!
  3. All 10 forms are unprofessional and really badly formatted. For example, there isn’t enough room on the form to input my long address. So I had to squish in the information, then cross some of it out. Then I put in the wrong information on the wrong line. Arg. I only received one printed form!
  4. I have to fill these forms out in pen. I can’t find a pen. If I do find a pen – it doesn’t work. When was the last time I actually wrote something by hand? I only know how to type which means that my handwriting is so bad, there is no way that anyone will be able to accurately input this information. And my wrist is cramping up. (Unfortunately, I’m serious.)
  5. I omitted some of the fields in several places since I was in a hurry and was being pressured incessantly by my daughter to complete these forms. “Did you finish them yet?” “When are you going to complete them?” “Mom… they’re due today and can’t be late”… So, some fields were left blank. I guess the form was input without that information because no one called me to clarify.
  6. I had to write a cheque for the school dues. Huh? What is a cheque? You want me to pay for something without getting reward points for the transaction? (Did I also mention that the cheques were literally cashed 8 weeks later?)
  7. My daughter then takes on the role of mule for the transportation phase of the completed form back to the school. Am I really expected to trust that this ultra-sensitive private information package is delivered back to the school by a hormonal pre-teen? Talk about private and secure! I’m not even sure if the forms ever made it back to the school. (well, except that the cheque was cashed 8 weeks later).
  8. My chicken scratch has to be data entered manually into some database. Human error and inaccuracy simply can’t be avoided here.
  9. The form has to be filed, retrievable, archived, then eventually destroyed.
  10. This process is responsible for a huge environmental footprint. 12 years times 10 forms times 1500 students = 180,000 pieces of paper for one school’s educational cycle, not to mention the footprint attached to paper production, logistics, archiving and ultimate destruction. Not stellar leadership in the green arena.
I then wait in anticipation to next year to look forward to when the process starts all over again. I don’t just want to complain here. That would make me a whiner. I’m thinking that complaining can be offset somewhat when solutions are provided. Here are some suggested process alternatives that seem to be way overdue seeing as the last time I checked, we are rapidly approaching 2012:
  1. secure e-Form is placed on the school website that can be completed securely online and accepts large uploaded attachments, such as immunization records or birth certificate or proof of address.
  2. The school sends me a secure email advising me to complete the form.
  3. I access the form online and input some kind of authentication information to confirm that I am who I say I am. (banks, and government taxation sites offer me this capability. We can certainly have this in place for public educational institutions).
  4. I complete the secure form on line and upload any necessary attachments. I also pay for any school dues by credit card, or run a tab that is paid off every semester since it takes that long to cash any of the cheques I write.
  5. The form provides help, clarification and information for each field. It also ensures that I complete all areas of the form as required.
  6. The form submission is securely sent directly to the school administration clerk’s inbox, letting her know that it’s complete.
  7. The clerk can begin a secure email dialogue with me if s(he) requires any additional information or needs clarification. Technology exists where the school staff member can converse with me by email – without divulging his or her email address during the exchange.
  8. The data I input into the e-Form is securely and automatically entered into the school’s database.
  9. If I do not send in the form on time, I am sent an automatic email reminding me to complete it by xx date.
  10. NEXT year, the school sends me an encrypted email with a secure e-statement that summarizes my daughter’s information, and if anything needs to be changed, directs me by link to the secure e-form on line to make changes.
Voila! Efficiencies plus, no dead trees, no huge footprint, accuracy, privacy, and one very happy delighted customer -> mom. Ariane Laird works with email2, provider of encrypted email and patented compliance and secure content delivery features used by thousands of professionals.This school year, was the same as every other year. I am sure anyone with school aged children will be able to relate to this entry. After the first day of school, my daughter came home with literally 10 student forms that had to be completed by yesterday – ‘or else’. I am all for supporting our children’s schools and their teachers and administrators, but this prehistoric process has to change. I can only image how frustrating the process must be for parents of multiple children because parents have to fill out the same set of forms for each child. Time for a parent protest? Anyone? Here are 10 reasons why filling out printed student forms is incomprehensible in the year that is nearly 2012 and makes for a less than delightful experience for the customer – me!. (I would include some positive stuff here, but I simply could not think of one positive thing about this process).
  1. The biggest challenge with this process is expecting my daughter to get the forms to me! The forms rarely get from the knapsack to the kitchen counter.
  2. They are the exact SAME forms as last year. The only difference is the date on the form. Same signature, same information. Guess what? My daughter’s birth date, doctor, dentist, church, hair color, pet, allergy list, and her parents names have not changed since last year!
  3. All 10 forms are unprofessional and really badly formatted. For example, there isn’t enough room on the form to input my long address. So I had to squish in the information, then cross some of it out. Then I put in the wrong information on the wrong line. Arg. I only received one printed form!
  4. I have to fill these forms out in pen. I can’t find a pen. If I do find a pen – it doesn’t work. When was the last time I actually wrote something by hand? I only know how to type which means that my handwriting is so bad, there is no way that anyone will be able to accurately input this information. And my wrist is cramping up. (Unfortunately, I’m serious.)
  5. I omitted some of the fields in several places since I was in a hurry and was being pressured incessantly by my daughter to complete these forms. “Did you finish them yet?” “When are you going to complete them?” “Mom… they’re due today and can’t be late”… So, some fields were left blank. I guess the form was input without that information because no one called me to clarify.
  6. I had to write a cheque for the school dues. Huh? What is a cheque? You want me to pay for something without getting reward points for the transaction? (Did I also mention that the cheques were literally cashed 8 weeks later?)
  7. My daughter then takes on the role of mule for the transportation phase of the completed form back to the school. Am I really expected to trust that this ultra-sensitive private information package is delivered back to the school by a hormonal pre-teen? Talk about private and secure! I’m not even sure if the forms ever made it back to the school. (well, except that the cheque was cashed 8 weeks later).
  8. My chicken scratch has to be data entered manually into some database. Human error and inaccuracy simply can’t be avoided here.
  9. The form has to be filed, retrievable, archived, then eventually destroyed.
  10. This process is responsible for a huge environmental footprint. 12 years times 10 forms times 1500 students = 180,000 pieces of paper for one school’s educational cycle, not to mention the footprint attached to paper production, logistics, archiving and ultimate destruction. Not stellar leadership in the green arena.
I then wait in anticipation to next year to look forward to when the process starts all over again. I don’t just want to complain here. That would make me a whiner. I’m thinking that complaining can be offset somewhat when solutions are provided. Here are some suggested process alternatives that seem to be way overdue seeing as the last time I checked, we are rapidly approaching 2012:
  1. secure e-Form is placed on the school website that can be completed securely online and accepts large uploaded attachments, such as immunization records or birth certificate or proof of address.
  2. The school sends me a secure email advising me to complete the form.
  3. I access the form online and input some kind of authentication information to confirm that I am who I say I am. (banks, and government taxation sites offer me this capability. We can certainly have this in place for public educational institutions).
  4. I complete the secure form on line and upload any necessary attachments. I also pay for any school dues by credit card, or run a tab that is paid off every semester since it takes that long to cash any of the cheques I write.
  5. The form provides help, clarification and information for each field. It also ensures that I complete all areas of the form as required.
  6. The form submission is securely sent directly to the school administration clerk’s inbox, letting her know that it’s complete.
  7. The clerk can begin a secure email dialogue with me if s(he) requires any additional information or needs clarification. Technology exists where the school staff member can converse with me by email – without divulging his or her email address during the exchange.
  8. The data I input into the e-Form is securely and automatically entered into the school’s database.
  9. If I do not send in the form on time, I am sent an automatic email reminding me to complete it by xx date.
  10. NEXT year, the school sends me an encrypted email with a secure e-statement that summarizes my daughter’s information, and if anything needs to be changed, directs me by link to the secure e-form on line to make changes.
Voila! Efficiencies plus, no dead trees, no huge footprint, accuracy, privacy, and one very happy delighted customer -> mom. Ariane Laird works with email2, provider of encrypted email and patented compliance and secure content delivery features used by thousands of professionals.

5 ways medical clinics can use encrypted email to address compliance and productivity

Medical clinics emailing confidential patient health information

Health care professionals – including nurses, physicians, medical assistants, and health insurance providers – know they need to be more efficient, green and provide better service to their patients. But let’s face it. It’s almost 2012 and we’re still using in person visits, phone, faxes, mail and couriers as our primary tools for exchanging sensitive patient information with both patients and other healthcare organizations. Why? Because these methods are seen as more ‘secure’ than sending an instant email. Or are they? The truth is that these antiquated and inefficient methods for exchanging confidential patient health information are not secure and can be just as easily intercepted as unsecured email.  The use of phone and in-person visits may also not be feasible communication methods for disabled or ill patients who may either be bed-ridden or unable to speak. Below are 4 ways to help address compliance technical security safeguard standards (including HIPPA) with the use of encrypted email to securely exchange private patient health information (PII & PHI) between healthcare offices and:
  • patients
  • health insurance providers
  • other health care practitioners

1. encrypted email for medical offices

Unlike faxes or unsecured email, encrypted email is ultra secure because it is sent using an end to end ‘pipe’ that cannot be intercepted during the many stops encountered on its internet journey to get to its final destination. There are many encrypted email solution providers, but most are highly complex and require staff and patients and other external healthcare recipients to change the way existing email is currently used. Unfortunately, the secure email solution will end up being shelved if it requires the sender and recipient to change the way they use email. We recommend adopting a solution that does not use cumbersome encrypted keys and instead uses a ‘cloud’ solution (virtual servers on the internet) that wraps around any existing email and in effect uses the same technology as internet banking. This allows staff and patients to use secure email, but with the ease of continuing to use their regular email. For instance, if MS Outlook or a Blackberry are used for email, the experience with Outlook and any mobile device will remain unchanged for both staff and the external recipient of the email. A basic encrypted email solution will allow for content to be sent in the body of the email, for example:
  • Ask or answer sensitive and confidential patient-related questions
  • Provide 24/7 asynchronous communication with patients and other external medical stakeholders (does not require that all parties involved in the communication be present and available at the same time)
  • Use email for securely scheduling private patient appointments and gathering sensitive information or providing private instructions prior to the patient’s visit.

2. securely email very large confidential file attachments & medical scans

A big part of the appeal of email is the ability to send and receive attachments of any size in addition to content included in the body of the email. Here are 2 encrypted email file transfer features that are helpful for medical offices:
  • The ability to attach jumbo or even unlimited-size files to emails, so there’s no worry about sending that 8 MB file, or even that 100 MB file!
  • ‘Print to Secure Message’ feature (what you see is what you send). Any scanned document or any content that is typically sent to a printer and distributed via fax, mail or courier will benefit from the PSM application. PSM automatically captures all information viewed on screen rendered by any application – including the internet or proprietary, customized or in-house applications (example: EMR or specialized medical or accounting systems), and sends it to external recipients via encrypted email.
To illustrate:
  • A surgeon or another health professional has asked a medical office for a patient record or copy of an x-ray.
  • Simply click into the office’s third party database or application where these records are kept and instantly capture what is seen on the screen into a file that is emailed securely to the surgeon.
  • Eliminates numrous send steps including the requirement for printing and then using usecured methods for sending the document such as fax or courier.

3. Medical offices - email compliance, non-repudiation, permissions, tracking, reporting, audit trails, & HIPPA

Additional encrypted email features help with adhering to HIPPA and other regulatory compliance standards if email is used to send patient health information to a patient or other external stakeholders. A medical office may have a need to monitor and control what happens to a confidential email and attachments once it’s sent. Here are some examples of some compelling compliance features for encrypted email: Prove that an email was sent, and control, track and report on every step of the email’s life cycle:
  • when a message was received, read, replied to, forwarded, printed, or deleted
  • who the message or attachment was forwarded to (available only to sender)
  • Recall messages anytime – even after the message has been read
  • Include an additional layer of password protection in order to read the email for ultra-sensitive information
  • Prevent emails from being sent unsecured if certain words or patterns are included in the message
  • Authenticate users and recipients. (for example, a recipient may have to enter their SSN and birth date to authenticate their identity before they can access the secure email)

4. secure e-Forms and workflow automation for medical clinics

Today, a patient may visit a medical clinic or website, obtain or print a form, fill it out with a pen, and use time-consuming and unsecured methods for delivering the completed form such as in person office visits, mail, or fax.
  • With Secure e-Forms, any form completed by patients or external healthcare practitioners can now be completed securely online.
  • e-Form customizable fields are placed on any webpage and is completed by the patient or other external partner. e-Form does not require the existing web page to use SLL to safeguard the information submitted.
  • e-Form also securely accepts uploaded addendum files of any size that may be relevant to the particular e-form subject matter, for example a copy of a birth certificate or proof of immunization.
  • Each completed form submission can trigger an encrypted email message that is sent directly to the designated healthcare worker(s)’ existing inbox.
  • The healthcare worker can securely reply to the form submission and engage in a private conversation with the patient or external partner – without divulging the email address or the name of the worker.
  • The submitted data is automatically entered into any third party healthcare application or database, and eliminates time-consuming interpretation of handwriting, data entry, and data entry errors.  Reduces manual collection, filing, archiving and eventual destruction of physical forms.
  • e-Form examples include: secured ‘Contact Us’ form, “Medical History” form, “Appointment” form.
Illustration Example 1 – Ask a physician
  • A medical clinic creates a secure online form on their website that allows patients to securely ask medical questions of a specific physician.
  • The question is sent to the particular doctor’s existing email in-box and the doctor can respond to the question in detail after hours and after referring to the patient’s medical history file.
  • The doctor’s email address may be hidden from the patient to disallow numerous email threads.
  • The patient does not have to leave their home and each answered question may be associated with a fee which provides an additional revenue stream for the medical clinic.
Illustration Example 2 – Transferring patient records
  • When a patient transfers to a new physician, the new physician requires the patients medical history file. This is typically accomplished by courier or unsecured fax.
  • A healthcare office creates a secure online e-form on their website that allows other health care professionals to share patient information and upload any-size file.

5.  Medical offices automation & secure delivery of patient invoices

Most medical offices today manually create and print invoices, place them in envelopes, and mail them to patients.
  • Realize guaranteed efficiencies and cost savings using email2′s automated e-Statements that securely emails hundreds or thousands of patient invoices overnight.
  • e-Statements automatically extracts invoice details from any third party database used by the healthcare offices and content is generated in a format that is ready to be sent directly to patients’ existing inboxes via encrypted email.
  • Eliminates the need for building a secure portal where clients link through to a website and have to remember logins and passwords to access their information. Now, all relevant information is securely delivered via email or attachments to patients without the need for additional steps and linking outside their inboxes.
  • Email Encryption Plus features are used to guarantee email delivery and track and prove when an invoice has been received, read, printed, saved or deleted. Prevents statements such as “Sorry, I never received it” or “It got stuck in spam” and significantly shortens payment cycles.
  • Data Leak Prevention features are used to authenticate patients, and set patient permissions including limitations for replying to, forwarding, saving or printing emails and attachments.
  • e-Statements improves green initiatives and provides an immediate savings of 80% or more by eliminating waste and costs associated with creating, printing, mailing or faxing invoices.
  • Other applications for e-Statements could include employee pay stubs, account statements, health insurance claim transfers or confirmations.

Summary of email encryption benefits for medical offices

Here are the overall benefits of a feature-rich encrypted email solution for healthcare practitioners:
  • Use email to instantly and securely communicate with patients and other health practitioners
  • As easy to use for medical office staff and patients as using their existing unsecured email application
  • The email is guaranteed delivered – and can be proven
  • Instantly send jumbo attachments and any captured information viewed on a computer monitor
  • Track, control permissions, and report on an email’s life cycle after it’s sent
  • Set up secure on line forms for capturing and emailing patient or other health practitioner information
  • Mitigate the risk of a breach of privacy of personal health information
  • Comply with government personal health information laws such as HIPPA
  • Work smarter, faster and greener with less waste created by in person appointments, phone, printing and re-printing, faxing, shredding, mailing and couriers.
  • Provides disabled or ill patients who may be unable to use the phone or attend in person meetings, with a secure communication alternative
  • Provide a better customer service experience to patients and other external stakeholders.
Ariane Laird works with email2, provider of encrypted email and patented compliance and productivity features used by thousands of professionals.
  • Doctors, physicians
  • Medical Clinics
  • Medical Assistants
  • Health practitioners
  • Nurses
  • Health Insurance providers
 

Medical clinics emailing confidential patient health information

Health care professionals – including nurses, physicians, medical assistants, and health insurance providers – know they need to be more efficient, green and provide better service to their patients. But let’s face it. It’s almost 2012 and we’re still using in person visits, phone, faxes, mail and couriers as our primary tools for exchanging sensitive patient information with both patients and other healthcare organizations. Why? Because these methods are seen as more ‘secure’ than sending an instant email. Or are they? The truth is that these antiquated and inefficient methods for exchanging confidential patient health information are not secure and can be just as easily intercepted as unsecured email.  The use of phone and in-person visits may also not be feasible communication methods for disabled or ill patients who may either be bed-ridden or unable to speak. Below are 4 ways to help address compliance technical security safeguard standards (including HIPPA) with the use of encrypted email to securely exchange private patient health information (PII & PHI) between healthcare offices and:
  • patients
  • health insurance providers
  • other health care practitioners

1. encrypted email for medical offices

Unlike faxes or unsecured email, encrypted email is ultra secure because it is sent using an end to end ‘pipe’ that cannot be intercepted during the many stops encountered on its internet journey to get to its final destination. There are many encrypted email solution providers, but most are highly complex and require staff and patients and other external healthcare recipients to change the way existing email is currently used. Unfortunately, the secure email solution will end up being shelved if it requires the sender and recipient to change the way they use email. We recommend adopting a solution that does not use cumbersome encrypted keys and instead uses a ‘cloud’ solution (virtual servers on the internet) that wraps around any existing email and in effect uses the same technology as internet banking. This allows staff and patients to use secure email, but with the ease of continuing to use their regular email. For instance, if MS Outlook or a Blackberry are used for email, the experience with Outlook and any mobile device will remain unchanged for both staff and the external recipient of the email. A basic encrypted email solution will allow for content to be sent in the body of the email, for example:
  • Ask or answer sensitive and confidential patient-related questions
  • Provide 24/7 asynchronous communication with patients and other external medical stakeholders (does not require that all parties involved in the communication be present and available at the same time)
  • Use email for securely scheduling private patient appointments and gathering sensitive information or providing private instructions prior to the patient’s visit.

2. securely email very large confidential file attachments & medical scans

A big part of the appeal of email is the ability to send and receive attachments of any size in addition to content included in the body of the email. Here are 2 encrypted email file transfer features that are helpful for medical offices:
  • The ability to attach jumbo or even unlimited-size files to emails, so there’s no worry about sending that 8 MB file, or even that 100 MB file!
  • ‘Print to Secure Message’ feature (what you see is what you send). Any scanned document or any content that is typically sent to a printer and distributed via fax, mail or courier will benefit from the PSM application. PSM automatically captures all information viewed on screen rendered by any application – including the internet or proprietary, customized or in-house applications (example: EMR or specialized medical or accounting systems), and sends it to external recipients via encrypted email.
To illustrate:
  • A surgeon or another health professional has asked a medical office for a patient record or copy of an x-ray.
  • Simply click into the office’s third party database or application where these records are kept and instantly capture what is seen on the screen into a file that is emailed securely to the surgeon.
  • Eliminates numrous send steps including the requirement for printing and then using usecured methods for sending the document such as fax or courier.

3. Medical offices - email compliance, non-repudiation, permissions, tracking, reporting, audit trails, & HIPPA

Additional encrypted email features help with adhering to HIPPA and other regulatory compliance standards if email is used to send patient health information to a patient or other external stakeholders. A medical office may have a need to monitor and control what happens to a confidential email and attachments once it’s sent. Here are some examples of some compelling compliance features for encrypted email: Prove that an email was sent, and control, track and report on every step of the email’s life cycle:
  • when a message was received, read, replied to, forwarded, printed, or deleted
  • who the message or attachment was forwarded to (available only to sender)
  • Recall messages anytime – even after the message has been read
  • Include an additional layer of password protection in order to read the email for ultra-sensitive information
  • Prevent emails from being sent unsecured if certain words or patterns are included in the message
  • Authenticate users and recipients. (for example, a recipient may have to enter their SSN and birth date to authenticate their identity before they can access the secure email)

4. secure e-Forms and workflow automation for medical clinics

Today, a patient may visit a medical clinic or website, obtain or print a form, fill it out with a pen, and use time-consuming and unsecured methods for delivering the completed form such as in person office visits, mail, or fax.
  • With Secure e-Forms, any form completed by patients or external healthcare practitioners can now be completed securely online.
  • e-Form customizable fields are placed on any webpage and is completed by the patient or other external partner. e-Form does not require the existing web page to use SLL to safeguard the information submitted.
  • e-Form also securely accepts uploaded addendum files of any size that may be relevant to the particular e-form subject matter, for example a copy of a birth certificate or proof of immunization.
  • Each completed form submission can trigger an encrypted email message that is sent directly to the designated healthcare worker(s)’ existing inbox.
  • The healthcare worker can securely reply to the form submission and engage in a private conversation with the patient or external partner – without divulging the email address or the name of the worker.
  • The submitted data is automatically entered into any third party healthcare application or database, and eliminates time-consuming interpretation of handwriting, data entry, and data entry errors.  Reduces manual collection, filing, archiving and eventual destruction of physical forms.
  • e-Form examples include: secured ‘Contact Us’ form, “Medical History” form, “Appointment” form.
Illustration Example 1 – Ask a physician
  • A medical clinic creates a secure online form on their website that allows patients to securely ask medical questions of a specific physician.
  • The question is sent to the particular doctor’s existing email in-box and the doctor can respond to the question in detail after hours and after referring to the patient’s medical history file.
  • The doctor’s email address may be hidden from the patient to disallow numerous email threads.
  • The patient does not have to leave their home and each answered question may be associated with a fee which provides an additional revenue stream for the medical clinic.
Illustration Example 2 – Transferring patient records
  • When a patient transfers to a new physician, the new physician requires the patients medical history file. This is typically accomplished by courier or unsecured fax.
  • A healthcare office creates a secure online e-form on their website that allows other health care professionals to share patient information and upload any-size file.

5.  Medical offices automation & secure delivery of patient invoices

Most medical offices today manually create and print invoices, place them in envelopes, and mail them to patients.
  • Realize guaranteed efficiencies and cost savings using email2′s automated e-Statements that securely emails hundreds or thousands of patient invoices overnight.
  • e-Statements automatically extracts invoice details from any third party database used by the healthcare offices and content is generated in a format that is ready to be sent directly to patients’ existing inboxes via encrypted email.
  • Eliminates the need for building a secure portal where clients link through to a website and have to remember logins and passwords to access their information. Now, all relevant information is securely delivered via email or attachments to patients without the need for additional steps and linking outside their inboxes.
  • Email Encryption Plus features are used to guarantee email delivery and track and prove when an invoice has been received, read, printed, saved or deleted. Prevents statements such as “Sorry, I never received it” or “It got stuck in spam” and significantly shortens payment cycles.
  • Data Leak Prevention features are used to authenticate patients, and set patient permissions including limitations for replying to, forwarding, saving or printing emails and attachments.
  • e-Statements improves green initiatives and provides an immediate savings of 80% or more by eliminating waste and costs associated with creating, printing, mailing or faxing invoices.
  • Other applications for e-Statements could include employee pay stubs, account statements, health insurance claim transfers or confirmations.

Summary of email encryption benefits for medical offices

Here are the overall benefits of a feature-rich encrypted email solution for healthcare practitioners:
  • Use email to instantly and securely communicate with patients and other health practitioners
  • As easy to use for medical office staff and patients as using their existing unsecured email application
  • The email is guaranteed delivered – and can be proven
  • Instantly send jumbo attachments and any captured information viewed on a computer monitor
  • Track, control permissions, and report on an email’s life cycle after it’s sent
  • Set up secure on line forms for capturing and emailing patient or other health practitioner information
  • Mitigate the risk of a breach of privacy of personal health information
  • Comply with government personal health information laws such as HIPPA
  • Work smarter, faster and greener with less waste created by in person appointments, phone, printing and re-printing, faxing, shredding, mailing and couriers.
  • Provides disabled or ill patients who may be unable to use the phone or attend in person meetings, with a secure communication alternative
  • Provide a better customer service experience to patients and other external stakeholders.
Ariane Laird works with email2, provider of encrypted email and patented compliance and productivity features used by thousands of professionals.
  • Doctors, physicians
  • Medical Clinics
  • Medical Assistants
  • Health practitioners
  • Nurses
  • Health Insurance providers
 

Physicians implementing electronic health records should consider cloud computing

How SaaS Can Help Minimize Risks March 30, 2011 – Howard Anderson, Executive Editor, HealthcareInfoSecurity.com Physicians implementing electronic health records should consider cloud computing as a way to improve security, says healthcare IT consultant Patricia Dodgen. The software-as-a-service model provides more security for EHRs than most smaller physician practices can afford to implement with a locally hosted system, says Dodgen, CEO at the consulting firm Hielix. In an interview (transcript below) Dodgen:
  • Contends that smaller practices using cloud computing for EHRs can have their patient information stored in secure data centers offering more protection than they can provide on their own servers. She also says the remotely hosted EHRs offer better back-up services.
  • Laments that many practices lack knowledge about privacy and security issues. Points out that emerging statewide health information exchanges must use encryption, authentication and audit trails to adequately address privacy and security issues. “The HIEs we’ve been involved in have led with the question of privacy and security because that’s a deal killer for many of the participants they are soliciting to come on board,” she says.
  • Predicts the Nationwide Health Information Network standards could pave the way for exchange of patient data across state lines, but only if adequate authentication — perhaps including biometrics — is implemented.
Full article: http://www.healthcareinfosecurity.com/articles.php?art_id=3482

Over $5.3 Million Fines Imposed for HIPAA Violations

Full article: http://securitywatch.eweek.com/data_security/over_53_million_fines_imposed_for_hipaa_violations.html Massachusetts General Hospital was fined $1 million for violating the Health Insurance Portability and Accountability Act (HIPAA). It is the second ever fine imposed on a health care organization by the US Department of Health and Human Services ever since HIPAA went into effect in 2003. “We hope the health care industry will take a close look at this agreement and recognize that OCR is serious about HIPAA enforcement,” Georgina Verdugo, the director of the agency’s Office for Civil Rights, said on Feb. 24. The steep fines should make organizations think twice about skimping on HIPPA compliance, wrote Chester Wisniewski, a Sophos senior security advisor, wrote on the NakedSecurity blog. A doctor once told Wisniewski, “When they start putting doctors in jail, I’ll worry about encrypting my records.” Mass General lost the medical records for 192 patients when a hospital employee accidentally left the documents on the subway in March 2009. The patients were part of the hospital’s Infectious Disease Associates outpatient practice and may have included patients with HIV/AIDS. The misplaced documents included a patient schedule containing names and medical records numbers, as well as billing forms containing names, dates of birth, diagnoses, and insurance policy information. The subsequent investigation into the breach revealed the hospital had failed to implement “reasonable, appropriate safeguards” to protect patient privacy when removed from premises. As part of its settlement with HHS, the hospital has to designate a director of internal audit to assess compliance and report to HHS about its results for the next three years. The first fine was imposed on Cignet Health, for not providing records in a timely manner. The $4.3 million penalty was not for a data cooperating with an investigation. Cignet, which operates two clinics in Maryland, refused to provide records to 41 patients when they asked, and also did not comply to OCR’s request. OCR imposed the fine for the company’s “willful neglect” in cooperating with the OCR for nearly 13 months. Cignet also did not help matters when complying with a subpoena, the health center provided 59 boxes of medical records belonging to over 4,500 patients, and not just the 41 patients being requested. “Covered entities and business associates must uphold their responsibility to provide patients with access to their medical records, and adhere closely to all of HIPAA’s requirements,” Verdugo said. While the compromised records in both cases were physical, and not electronic, the law doesn’t differentiate between the two, said Wisniewski.