E-mail is awesome because you can send notes, pdf’s, and other files quickly and easily- except when you are a doctor. Since any script kiddie can sniff your e-mail inbox, doctors can’t send e-mails of cornea topographies to labs, referrals to colleagues, or special testing results to patients because that would be a breech of patient confidentiality and a violation of that one unnecessary, burdensome law.I’m sure George Q. Public doesn’t want his K-readings leaked to the press when he decides to run for President someday.
But seriously, sometimes birth dates and stuff are printed on the reports, so if doctors want to use this cool, new thing called “e-mail,” we’ve got to set-up our e-mails to have the capability to send and receive encrypted messages and attachments. What does it look like?
So your email inbox gets a message that looks like this. You have an e-mail client plugin that you have set up. You input your password, and the message magically translates to:
Dude, isn’t this so cool that not even the government can tell what I’m writing you? Unless…you forward this message to them unencrypted, but I trust you.
You can see this in action on my practice website. To get started and do this you need a few things:
Your practice’s domain name (usually your web host will offer e-mail storage)
any e-mail address that you can access via the e-mail client Thunderbird. (ie POP3 or gmail)
Download the following:
- GnuPG– the free, open source engine that runs encryption. The Windows version is found at gpg4win.org.
- Thunderbird– a free, open source e-mail client.
- Enigmail– a free plugin for Thunderbird that makes it easy to make your encryption keys, share your public key, store other people’s public keys, and encrypt/decrypt e-mails. You should read the install instructions for Enigmail.
Make sure when you generate your encryption key password that it is extra long and random. You must assume that anyone could capture it and try to brute force it. If it is long and random, it would be nearly impossible to crack. I suggest keeping your random, long password in a password wallet.
Why not do it?
- You are afraid.
- You don’t get paid to e-mail patients.
- Spam? Some people think that if they share their public key on a key server, spammers will harvest their e-mail address. I’ve had mine there for a couple years and that’s not happening…to me.
Barriers to entry:
- It doesn’t do any good for you to have e-mail encryption if the person to whom you want to e-mail the top-secret K-readings doesn’t have e-mail encryption set up. They must have a public key that they share.
- I’ve just presented a free way (unless you have a paid practice URL/webhost) to do this, but it does require some tech savvy to download, install, and implement the tools. This way requires the Thunderbird e-mail client. If you use Outlook or something, there are paid solutions out there.
Why do it?
If every doctor would just get in gear with e-mail encryption keys, we could send patient referrals with high quality color photos and reports instead of low res, black and white faxes (usually with a few vertical black lines on the page). We could send the lab a topography. We could send a patient a report or copy of their Rx. We could talk about the stupid government and how we all secretly agree with Glenn Beck, Rush Limbaugh, and Ann Coulter.Tags: communication, HIPAA, management, optometrist, patients, politics