I am wondering what others are doing with respect to email encryption. I have always questioned the thought process behind just securing the portal with secure email and leaving a gigantic hole of a problem of someone accidentally emailing PHI over your regular mail server. Even forwarding something which was received unencrypted is something to watch out for and I have seen this happen.
So earlier this year I finally got my wish and have implemented a secure email service. After implementing it I am finding that many of the users are complaining about whom they are sending encrypted email to (why they actually care that something is encrypted is beyond me), I do get complaints from recipients, and the only thing I can do is perform a quick forensic investigation to see which rule triggered the encryption and have a discussion with the sender about how a computer looks at each email and makes a determination about encryption. There are times where a PHI-looking email is encrypted but really doesn't contain PHI about a patient but it does contain a name and medical terms (like a conversation between surgeons about procedures they do, etc). The recommendation from my encryption provider was basically to weaken the filter to allow certain emails through but if I do that I risk other emails which should be encrypted to go through unencrypted.
By the way I am using Symantec.Cloud (purchased through Dell) for encryption and spam prevention. Overall I am pleased with it but just didn't want to overload my help desk with stupid calls from recipients about how "they can't open the email which was sent to them". I would like to tell them to get used to it because it will be the standard before long.
We did implement a bypass by putting [unencrypted] in the subject line which seems to work well and it is locked down to a group of managers who do more than just taking care of patients.
Just wondering what everyone else is doing.
Mike Zavolas
Tallahassee Neurological Clinic