Tag Archives: secure email

Healthcare Breach Prevention & Email Encryption – Apparently Not a High Priority

The Second Annual Benchmark Study on Patient Privacy & Data Security was just released by Ponemon Institute, a privacy and security research firm based in Traverse City, Mich. Some of the findings are surprising, if not shocking given the attention and legislation put in place to deal with this topic. Lip service? One is really left to wonder.

The Data

When looking at the data, let’s also keep in mind that the survey targeted data protection professionals, with 43% of respondents holding the title of chief security officer, chief information security officer, chief information officer, chief privacy officer or chief compliance officer. Additionally, the sample was skewed toward larger healthcare organizations, “excluding the plethora of very small provider organizations, including local clinics and medical practitioners,” the report said. There’s a lot of interesting (and highly disturbing) data in the report, but I’ll focus on only a few highlights according to healthcare organizations responding to the survey: 1.  96% have had at least one data breach in the past 24 months. On average organizations have had 4 data breach incidents during the past two years. Breaches increased 32% from the previous year. (96%?  Does that not sound a lot like 100%?) 2.  The top 3 causes for a data breach are:
  1. lost or stolen computing devices
  2. third-party snafu
  3. unintentional employee action.
Even more troubling is the data in regards to what appears to be the prevailing and unsettling mind-set surrounding security as a priority. 3.  Staff do not understand the importance of patient data protection
  1. 66% agree medical billing personnel do not understand the importance of patient data protection
  2. 58% say IT personnel do not understand its importance
  3. In contrast, 58% say administrative personnel do understand the importance of protecting patient data.
4.  Protecting patient data and privacy is not a priority for healthcare organizations
  1. Only  29% of respondents agree that the prevention of unauthorized access to patient  data and loss or theft of such data is a priority in their organizations
  2. Less than one-fourth (23%) said their organization has “encryption solutions  installed.”

Email Encryption – a minimum in healthcare prevention for breach of patient data and privacy

Let’s focus for a moment on the last piece of data shown in 4(2) above. Less than one-fourth (23%) said their organization has “encryption solutions  installed.”  This also means that healthcare organizations are not using email encryption (secure email) to communicate patient information securely. Which also ties into 3rd party snafus as one of the top reasons for patient breaches. It seems that email encryption and secure communication should be at the top of the priority list as one of the first steps in securing patient information. The report cites the following types of compromised patient data:
  • Medical file
  • Billing and insurance record
  • Scheduling details
  • Prescription details
  • Payment details
  • Monthly statements
While the report does not provide details about how this information was intercepted, I think it’s a pretty good guess that the breaches were not related to the use of encryption technology. Using phone, unsecured email, fax, couriers, mail, or in-person visits to transfer or share private patient information is not secure and can easily be intercepted. At the very least, healthcare organizations must adopt email encryption to communicate medical, insurance, scheduling and billing statements information with patients and other healthcare organizations.  Email encryption is well positioned to become the way of the future in healthcare communication, and it has the teeth to back up that privilege since it also addresses regulatory compliance with HIPPA and other technical security safeguard standards.  Its adoption must become as routine and pervasive as any other fundamental business practice in the healthcare industry. 51% named inadequate budgets for privacy and security as the top weakness in their healthcare organization’s security program.  Encrypted email is also a highly efficient and cost effective way to prevent patient privacy and data leaks – as well as providing enhanced patient services.  For example, sending monthly e-statements by secure email to patients and other healthcare providers is associated with significant cost savings, efficiencies, as well as the added bonus of a reduced environmental footprint. If email encryption were adopted by the surveyed organizations today, the survey results would show significant improvements next year.  Guaranteed. Ariane Laird works with Email2.  

Cyber-attacked prestigious Bay Street law firms claim securing client confidentiality is a priority. What about email?

Last night, the CBC reported on foreign hackers who launched a massive attack on Canadian government computers last fall, also broke into the data systems of prominent Bay Street law firms to get insider information on an attempted $38-billion corporate takeover of Potash Corporation of Saskatchewan. No surprise, statements issued by the legal firms were predictable and generic.  But what struck me was that the issued statements included something that goes like this:  “We take our obligations of confidentiality to our clients very seriously”. Following on to my blog entry in November, it sure doesn’t feel that way. The medium most used by law firms to communicate with their clients is email.  I have and continue to use lawyers extensively for personal and corporate representation, including employment lawyers for the HR side of my life.  Not once has a law firm ever used email encryption or secure email to communicate with me.  Not only does the body of the email contain sensitive strategy conversations, but there are also numerous draft documents that are transferred back and forth as unsecured email file attachments. Now I will concede that the information I am dealing with, such as personal family law matters or employee terminations are likely not as sexy or hack-worthy as the Potash deal.  But how do I know that this information is not being intercepted and reviewed?  Who is going to fess up if this happens?  It may be happening all the time and I just don’t know about it – and never will. Email is a much easier target for attacks then any client file saved behind a legal firm’s firewall. Email leaves the relative safety of the legal firm and travels into the world ‘wild’ web through various passages and nodes before it gets to its final destination.  It can be intercepted at any time through its zig zagged and stopped-over journeys through cyberspace. What we do trust is the technology used for internet banking to communicate and process the ultimate in high-risk and sensitive transactions because the protocol used to transfer information is as safe as we can get it. The transmission is protected by an end-to-end SSL pipe that cannot be intercepted.  When we see that additional ‘s’ in https:// in our browser, we are assured that it’s SSL protected – such as when we access internet banking or process a credit card transaction on line. Without that ‘s’, the information submitted is simply not secure. It seems to make sense that we (clients) should be expecting law firms (and government) to begin taking client confidentiality as seriously as banks do, by adopting the same type of security technology used by banking to secure email communication with clients.  After all, whose responsibility is it to safeguard my (the client) confidential and ultra-sensitive information – the law firm or the client?  Addressing compliance and the law is also clear in echoing my feelings about this important topic.  It’s unequivocally the legal firm’s responsibility. It really feels like it’s time for legal firms to put the ‘confidential’ back into ’priviledged and confidential’ for their clients.  Technology exists to help them do just that. Join the discussion. Agree or disagree? Ariane Laird works with Email2. Email2 provides straightforward secure email encryption solutions and data leak prevention for government and law firms that uses the same security technology as internet banking. Email2 enables professional services organizations to securely send, receive, track and automate delivery of confidential email and large attachments outside the organization – without requiring staff or recipients to change their existing email.

5 ways Government can use encrypted secure email to address compliance and efficiencies

Government emailing confidential citizen information

The public sector is made up of thousands of different organizations with large numbers of staff, external partners and an even larger number of clients – namely the public and the environment. The biggest challenge facing public sector organisations (PSOs) today is the ability to securely exchange confidential information with citizens and other agencies outside of government secure networks, as well as complying with privacy and other regulations.  The answer continues to be to simply restrict access or prevent the electronic flow of highly sensitive information. The result is that current rudimentary methods for exchanging sensitive information with the public and a wide range of other government agencies continue to include in-person visits, telephone conversations (and phone tag), faxes, regular mail and couriers.  Not only are these methods not secure, but they only serve to aggravate the new reality for PSO’s to reduce costs, increase efficiencies, offer 24/7 online convenience, and improve green initiatives. And in the end, do nothing to delight the customer! Email2 helps public sector organizations delight their customers by providing encryption solutions to securely send, receive, track and automate delivery of confidential email and large attachments outside the organization – without requiring staff or recipients to change their existing email.

Secure email encryption solutions for government agencies

Email2 provides 5 email encryption solutions for public sector organizations to address specific needs relating to securing, tracking and automating the delivery of sensitive emails outside the organization.
  1. Secure email and tracking
  2. Enhanced email security including privacy compliance, data leak prevention, additional password protection, recipient permissions & authentication, message recall
  3. Secure e-Forms. Accept citizen data input & attachments directly from an online form on a government agency website
  4. E-Statements.  Automation and secure delivery of citizen invoices or notices
  5. Email any-size attachments or ‘print screens’

1.  Secure email & tracking for government

  • Email Encryption Plus provides encrypted email without the complications. It wraps around any existing staff and recipient email application so there’s no new software to learn and email encryption will actually be adopted.  Ìt’s as easy to use for staff, citizens and external agencies as remaining with their existing email application and mobile devices – including MS Outlook and Exchange, Blackberry, iPhone, as well as individual email programs used by citizens such as yahoo or gmail.
  • Now email and attachments can be used by provincial Social Services case workers, school administrators, or justice ministries to instantly and securely communicate with citizens and other government agencies: Email sensitive citizen files or information including social insurance numbers, financial information, welfare documentation, taxation questions and answers, judgement orders.
  • Eliminates telephone tag and allows for 24/7 asynchronous private conversations with citizens and other government agencies (ie: does not require that all parties involved in the communication be present and available at the same time).
  • Email is guaranteed-delivered – and can be proven.  Tracks and proves when an email is received, read, replied to, forwarded, deleted or printed.
  • Increases the public’s confidence by adopting a straightforward email encryption solution that ensures citizen’s private information will only be seen by intended recipients.
  • Provides faster more efficient public services with anytime communication access and reduced in-person appointments, phone calls (and phone tag), and use of mail and couriers.
  • Provides disabled or ill citizens who may be unable to use the the phone or attend in-person meetings, with a secure communication alternative.
  • Can be deployed by a single department or throughout the entire organization.
  • Learn more about Email Encryption Plus.
email2 offers the following add-ons for government, agencies or ministries that are all powered by Email Encryption Plus to ensure that emails are tracked, and sent and received securely without interception.

2.  Adresssing compliance & email data leak prevention for provincial ministries

  • Data Leak Prevention provides enhanced email security for extra protection that sensitive citizen information won’t fall into the wrong hands.
  • Instantly retracts email messages – even after the message has been read.
  • Includes permission settings to prevent a recipient from replying, forwarding, saving or printing an email.
  • Provides the option to include an additional layer of password protection for selected ultra-sensitive emails. Prevents even email delegates from reading the email.
  • Prevents emails from being sent unsecured if certain words or patterns are included in the message.
  • Authenticates recipients.  For example, a citizen may have to enter their SNN and birth date to authenticate their identity before they can access the secure email.
  • Prevents data leaks and mitigates the risk of a breach of privacy of citizen information.
  • Addresses compliance with privacy legislation.
  • Provides additional email security tools for system administrators.
  • Learn more about Data Leak Prevention.

3.  Secure e-Forms for government and citizens

Today, a citizen may visit a public sector organization’s office or website, obtain or print a form, fill it out in pen, and use time-consuming and unsecured methods for delivering the completed form such as in person office visits, mail, or fax.
  • With Secure e-Form, any form completed by citizens or other government agencies can now be securely completed online.
  • e-Form customizable fields are placed on any web page and are filled out by the relevant ‘customer’. e-Form does not require the existing web page to use SLL to safeguard the information submitted.
  • e-Form also securely accepts uploaded addendum files of any size that may be relevant to the particular form’s subject matter, for example a copy of a birth certificate, passport, school transcript, driver’s license.
  • Each completed form submission can trigger an encrypted email message that is sent directly to the designated government worker(s)’ existing inbox.
  • The public sector worker can securely reply to the form submission and engage in a private conversation with the citizen or external partner -  without divulging the email address or the name of the worker.
  • The submitted data is automatically entered into any third party application or government database, and eliminates time-consuming interpretation of handwriting, data entry, and data entry errors.  Reduces manual collection, filing, archiving and eventual destruction of physical forms.
  • e-Form examples include: secured ‘Contact Us’ form, ‘Welfare Application’ form, ‘Employment Insurance Application’ form, ‘Passport Application’, ‘Student Enrolment” form.
  • Learn more about Secure e-Forms.
  • See an illustration example for securely completing annual public school student forms online, using e-forms.

4. Government automation & secure delivery of citizen invoices, statements, or notices

Most public sector offices today, manually create and print statements, invoices or notices, place them in envelopes, and mail them to citizens.
  • Realize guaranteed efficiencies and cost savings using Email2′s automated e-Statements that securely emails hundreds or thousands of citizen notices overnight.
  • e-Statements automatically extracts sensitive details from any third party database used by the public sector offices.  Content is generated in a format that is ready to be sent directly to citizens’ existing inboxes via encrypted email.
  • Eliminates the need for building a secure portal where citizens are required to link through to a website and have to remember logins and passwords to access their information. Now, all relevant information is securely delivered via email or attachments to recipients without the need for additional steps and linking outside their email inboxes.
  • Email Encryption Plus features are used to guarantee email delivery and track and prove when a notice has been received, read, printed, saved or deleted. Prevents statements such as “Sorry, I never received it” or “It got stuck in spam” and significantly shortens notification and payment cycles.
  • Data Leak Prevention features are used to authenticate citizens, and set recipient permissions including limitations for replying to, forwarding, saving or printing emails and attachments.
  • e-Statements improves Canadian government green initiatives and provides an immediate savings of 80% or more by eliminating waste and costs associated with creating, printing, mailing or faxing notices.
  • Other applications for e-Statements could include Healthcare invoices, government employee pay stubs, citizen account statements, tax return confirmations.
  • Learn More about e-Statements.

5.  Emailing large file attachments and ‘print screens’ by government agencies 

  • Now encrypted email can be used to send and receive any-size file attachments by government, so there’s no worry about sending that 20 MB, or even that 100 MB file.
  • Bypasses file size & security limitation & quarantined policies set by external government agencies or citizens’ existing email applications – such as Gmail or Yahoo Mail.
  • Eliminates the need for the use by government or citizens of complicated FTP or external services such as DropBox.
  • Eliminates saturation of email inbox storage limit. No taxing of the network – reduces IT costs and overhead.
  • Provides storage, permissions, search and download functionality for file attachments.
  • All file attachments are saved in a permission-based Library making it easy to download, store, search and set permissions.  Eliminates government staff searching through email inbox for a specific file.
  • ‘Print to Secure Message’ feature provides public sector professionals with the unique ability to instantly ‘print screen’ what is viewed on screen – regardless of the length of the page or what application was used to view the information – and send the file via encrypted email.  Any scanned document or any content that is typically sent to a printer and distributed via fax, mail or courier will benefit from this feature.  For example, instantly and securely email student records or tax information even if they are rendered by specialized applications.
  • Learn more about Large File Attachments.
Learn more about email2 products.email2 is made in Canada

Canadian Government emailing confidential citizen information

The Canadian public sector is made up of thousands of different organizations with large numbers of staff, external partners and an even larger number of clients – namely the public and the environment. The biggest challenge facing Canadian public sector organisations (PSOs) today is the ability to securely exchange confidential information with citizens and other agencies outside of government secure networks, as well as complying with Canadian privacy and other regulations.  The answer continues to be to simply restrict access or prevent the electronic flow of highly sensitive information. The result is that current rudimentary methods for exchanging sensitive information with the Canadian public and a wide range of other government agencies continue to include in-person visits, telephone conversations (and phone tag), faxes, regular mail and couriers.  Not only are these methods not secure, but they only serve to aggravate the new reality for PSO’s to reduce costs, increase efficiencies, offer 24/7 online convenience, and improve green initiatives. And in the end, do nothing to delight the customer! email2 is made in Canada and has you covered.  We help public sector organizations delight their customers by providing encryption solutions to securely send, receive, track and automate delivery of confidential email and large attachments outside the organization – without requiring staff or recipients to change their existing email.

Made-in-Canada – secure email encryption solutions for Canadian government agencies

email2 is made in Canada and provides 5 email encryption solutions for public sector organizations to address specific needs relating to securing, tracking and automating the delivery of sensitive emails outside the organization.
  1. Secure email and tracking
  2. Enhanced email security including privacy compliance, data leak prevention, additional password protection, recipient permissions & authentication, message recall
  3. Secure e-Forms. Accept citizen data input & attachments directly from an online form on a government agency website
  4. E-Statements.  Automation and secure delivery of citizen invoices or notices
  5. Email any-size attachments or ‘print screens’

1.  Secure email & tracking for Canadian government

  • Email Encryption Plus provides encrypted email without the complications.  Offered as a cloud on-demand service that is deployed in minutes and uses the same security technology as internet banking.  It wraps around any existing staff and recipient email application so there’s no new software to learn and email encryption will actually be adopted.  Ìt’s as easy to use for staff, citizens and external agencies as remaining with their existing email application and mobile devices – including MS Outlook and Exchange, Blackberry, iPhone, as well as individual email programs used by citizens such as yahoo or gmail.
  • Now email and attachments can be used by provincial Social Services case workers, CRA, school administrators, or justice ministries to instantly and securely communicate with citizens and other Canadian or provincial government agencies: Email sensitive citizen files or information including social insurance numbers, financial information, welfare documentation, taxation questions and answers, judgement orders.
  • Eliminates telephone tag and allows for 24/7 asynchronous private conversations with citizens and other government agencies (ie: does not require that all parties involved in the communication be present and available at the same time).
  • Email is guaranteed-delivered – and can be proven.  Tracks and proves when an email is received, read, replied to, forwarded, deleted or printed.
  • Increases the Canadian public’s confidence by adopting a straightforward email encryption solution that ensures citizen’s private information will only be seen by intended recipients.
  • Provides faster more efficient Canadian public services with anytime communication access and reduced in-person appointments, phone calls (and phone tag), and use of mail and couriers.
  • Provides disabled or ill citizens who may be unable to use the the phone or attend in-person meetings, with a secure communication alternative.
  • Can be deployed by a single department or throughout the entire organization.
  • Learn more about Email Encryption Plus.
email2 offers the following add-ons for Canadian or provincial government, agencies or ministries that are all powered by Email Encryption Plus to ensure that emails are tracked, and sent and received securely without interception.

2.  Adresssing compliance & email data leak prevention for provincial ministries

  • Data Leak Prevention provides enhanced email security for extra protection that sensitive citizen information won’t fall into the wrong hands.
  • Instantly retracts email messages – even after the message has been read.
  • Includes permission settings to prevent a recipient from replying, forwarding, saving or printing an email.
  • Provides the option to include an additional layer of password protection for selected ultra-sensitive emails. Prevents even email delegates from reading the email.
  • Prevents emails from being sent unsecured if certain words or patterns are included in the message.
  • Authenticates recipients.  For example, a citizen may have to enter their SIN and birth date to authenticate their identity before they can access the secure email.
  • Prevents data leaks and mitigates the risk of a breach of privacy of citizen information.
  • Addresses compliance with privacy legislation.
  • Provides additional email security tools for system administrators.
  • Learn more about Data Leak Prevention.

3.  Secure e-Forms for Canadian Federal or Provincial government and citizens

Today, a Canadian citizen may visit a public sector organization’s office or website, obtain or print a form, fill it out in pen, and use time-consuming and unsecured methods for delivering the completed form such as in person office visits, mail, or fax.
  • With Secure e-Form, any form completed by citizens or other Canadian or provincial government agencies can now be securely completed online.
  • e-Form customizable fields are placed on any web page and are filled out by the relevant ‘customer’. e-Form does not require the existing web page to use SLL to safeguard the information submitted.
  • e-Form also securely accepts uploaded addendum files of any size that may be relevant to the particular form’s subject matter, for example a copy of a birth certificate, passport, school transcript, driver’s license.
  • Each completed form submission can trigger an encrypted email message that is sent directly to the designated government worker(s)’ existing inbox.
  • The public sector worker can securely reply to the form submission and engage in a private conversation with the citizen or external partner -  without divulging the email address or the name of the worker.
  • The submitted data is automatically entered into any third party application or government database, and eliminates time-consuming interpretation of handwriting, data entry, and data entry errors.  Reduces manual collection, filing, archiving and eventual destruction of physical forms.
  • e-Form examples include: secured ‘Contact Us’ form, ‘Canadian Welfare Application’ form, ‘Canadian Employment Insurance Application’ form, ‘Canadian Passport Application’, ‘Provincial Student Enrolment” form.
  • Learn more about Secure e-Forms.
  • See an illustration example for securely completing annual public school student forms online, using e-forms.

4.  Canadian Government automation & secure delivery of citizen invoices, statements, or notices

Most Canadian public sector offices today, manually create and print statements, invoices or notices, place them in envelopes, and mail them to citizens.
  • Realize guaranteed efficiencies and cost savings using email2′s automated e-Statements that securely emails hundreds or thousands of citizen notices overnight.
  • e-Statements automatically extracts sensitive details from any third party database used by the public sector offices.  Content is generated in a format that is ready to be sent directly to citizens’ existing inboxes via encrypted email.
  • Eliminates the need for building a secure portal where citizens are required to link through to a website and have to remember logins and passwords to access their information. Now, all relevant information is securely delivered via email or attachments to recipients without the need for additional steps and linking outside their email inboxes.
  • Email Encryption Plus features are used to guarantee email delivery and track and prove when a notice has been received, read, printed, saved or deleted. Prevents statements such as “Sorry, I never received it” or “It got stuck in spam” and significantly shortens notification and payment cycles.
  • Data Leak Prevention features are used to authenticate citizens, and set recipient permissions including limitations for replying to, forwarding, saving or printing emails and attachments.
  • e-Statements improves Canadian government green initiatives and provides an immediate savings of 80% or more by eliminating waste and costs associated with creating, printing, mailing or faxing notices.
  • Other applications for e-Statements could include Provincial Healthcare invoices, Canadian government employee pay stubs, citizen account statements, CRA tax return confirmations.
  • Learn More about e-Statements.

5.  Emailing large file attachments and ‘print screens’ by Canadian Provincial or Federal government agencies 

  • Now encrypted email can be used to send and receive any-size file attachments by Canadian government, so there’s no worry about sending that 10 MB, or even that 50 MB file.
  • Bypasses file size & security limitation & quarantined policies set by external government agencies or citizens’ existing email applications – such as gmail or yahoo.
  • Eliminates the need for the use by Canadian government or citizens of complicated FTP or external services such as DropBox.
  • Eliminates saturation of email inbox storage limit. No taxing of the network – reduces IT costs and overhead.
  • Provides storage, permissions, search and download functionality for file attachments.
  • All file attachments are saved in a Permission-based Library making it easy to download, store, search and set permissions.  Eliminates Canadian government staff searching through email inbox for a specific file.
  • ‘Print to Secure Message’ feature provides Canadian public sector professionals with the unique ability to instantly ‘print screen’ what is viewed on screen – regardless of the length of the page or what application was used to view the information – and send the file via encrypted email.  Any scanned document or any content that is typically sent to a printer and distributed via fax, mail or courier will benefit from the PSM feature.  For example, instantly and securely email Canadian student records or Canadian tax information even if they are rendered by specialized applications.
  • Learn more about Large File Attachments & PMS.
Learn more about email2 products. Ariane Laird works with email2, provider of encrypted email and patented compliance and secure content delivery features used by thousands of professionals. Definitions:  Canadian or provincial public sector organizations can include Federal or Provincial government agencies, Federal or Provincial government ministries, social services, CRA, Provincial employment standard branches.