Hello,
If we send an outlook message with a password protected attachment, is this considered a secure message? Although we have an EMR with secure messaging functionality, we are trying to figure out how we can send a secure message to providers that are not on an EMR. Any information you can give me will be deeply appreciated.
Thanks,
Kimberly
It would depend on several factors. What encryption algorithm is used?
Most of the time it is best to assume it is not secure. If you're talking about a MS Word document for example, historically those have been easily decrypted without authorization. I can't speak for the current versions, but I would assume the same until it is demonstrated otherwise.
Web servers that use standards-based protocols and encryption, and authenticate users are pretty much the standard way to do secure messaging. If you host the web server, you generally know that the message was encrypted end-to-end, from sender to recipient.
I'm over-simplifying this a bit, but that's the general idea.
What Patient Portal are you using? We are using Kryptic and we are synced with the SureScripts Provider Directory. Even if the provider does not have an EMR, as long as they have a registered Direct Address with SureScripts, you would be able to send a secure message from your EMR to their Direct Address.
Using Kryptiq, if the provider is not "trusted" to SureScripts, all they'll receive is a link back to your portal. There they will create an account with favorite restaurant, car, school, etc. and be able to access the document securely. All they get is the attachment and nothing else. You can send to anyone this way. If they are trusted to SureScripts and you send it as Direct (even if they are not in the SureScripts Address Book, such as a random Epic site), the message will automatically import securely into their EMR. If you stick solely with Outlook, from an MU perspective, you'd want to use a 'certified' add-on Direct product.