Encrypted Email Solution
Encrypted Email Services
Version 2.1
General Level Instructions
HIPAA Compliant Solution for Secured Communications via Email
2012-2013
Page 1 of 13
Encrypted Email Solution
Table of Contents
1.
Introduction
1.1 Description
1.2 Sample
1.3 Integration
2.
Decrypting Files
2.1 Download App
2.2 Register App
2.3 Open Encrypted File
3.
Encrypting Files
3.1 Registering with Us
3.2 Encrypting Files
3.3 Send Email
4.
GUI (screens) for Sending Emails
4.1 Login
4.2 Address Book
4.3 Sending Emails
4.4 Sent Emails
4.5 User Management
Page 2 of 13
Encrypted Email Solution
1. Introduction
1.1
Description
The use of traditional email is not considered a HIPAA-compliant communication method because the
transmission of a typical email message and any attachments on it is done in an unencrypted form.
Currently there is only one solution to this dilemma: the use of secured email services. Such services
are HIPAA compliant; however, they present an entirely different set of issues for healthcare
organizations:
Secured email services require the email recipient to open a browser window, type a user ID
and password. Only then can the user view the inbox. This is far from an ideal solution,
especially for smart phone users, as the process is inconvenient and cumbersome.
When the user sees the inbox of the secured email service on a smart phone, the email’s
subject and text of its body is significantly smaller in size compared with that of the phone’s
native email application. Since the text is barely readable, the user will usually resize the
browser window but then spend even more time by having to constantly scroll.
Secured email services are a significant burden on a hospital’s IT department:
1) A new set of servers must be established.
2) Greater maintenance and vigilance of user email accounts become necessary.
3) New associated procedures must be created and followed.
Finally, doctors, nurses and other healthcare professionals consensually desire a single point of
entry in mobile phone usage, as opposed to the navigation of a multi-stepped protocol.
1.2
Sample
Our solution resolves above issues. Here is an example of how it does that:
1. Let’s say that a hospital sends an email to a Dr. John Smith ([email protected]) and it contains
the following text: “Dear Dr. Smith, this is a reminder that you have a surgery tomorrow at 9AM. Patient is
Sarah Brown, MRN# 12345. Her recent x-ray and transcribed follow-up visit are attached.” In addition, assume
that the hospital user then attaches the following files:
a. xray_12345.bmp (Bitmap)
b. followup_12345.doc (Microsoft Word document)
2. At this point, the email and attachments are instantly encrypted and automatically converted to
the following formats:
a.
b.
c.
Message.HCEF
Attachment1.HCEF
Attachment2.HCEF
Page 3 of 13
Encrypted Email Solution
3. Users of hospital computers can then send these 3 files to [email protected] through its regular
email communication method. It is now 100% HIPAA compliant because the aforementioned
files are now all encrypted within the email (rather than being re-routed to a different server).
4. Dr. Smith uses his native email application on a mobile device to receive that above email from
the hospital. He taps the first file (Message.HCEF), and our App seamlessly decrypts the text of a
message in the background, and displays the text on the mobile device screen. He taps the
second file, and again, our App quickly decrypts the first attachment, and shows file
“xray_12345.bmp” within his native mobile phone application (capable of opening a BMP file).
The same goes for the second attachment.
1.3
Integration
Our Encrypted Email Solution is also an ideal medium to broadcast automatic messages such as:
1. Patient lists
2. Appointment schedules
3. Emergency notifications
Integration of this technology into a hospital’s computer system will not present any difficulty for the
IT department of that hospital. We provide the department with the SDK (Software Development
Toolkit) which contains samples and instructions for Linux and Windows systems. We also provide any
necessary support on an ongoing basis.
In the event the IT department does not want to incorporate our encryption SDK into their program, or
if it is just simpler and more convenient to bypass the IT department, you can allow your personnel to
use a platform developed by us that is totally secure. If this is the case you can go to section 4 for an
explanation as to how this works.
Depending on the type of computer system of the hospital and the preferences of its IT department,
our Encrypted Email Solution, once fully integrated into the system, will then be displayed as a new
menu item on the featured Internet browser or appear as a new button on the application. It can also
operate fully hidden and not appear at all.
For example, if a hospital administrator using Microsoft Outlook can hide the appearance of the
solution by altering the functionality of the “Send” button. At that point, the hospital clerk works as
usual, as all components and attachments of any emails to be sent are now automatically encrypted
instantly (while running in the background) prior to the sendout of that email.
Page 4 of 13
Encrypted Email Solution
2. Decrypting Files
These instructions assume that the hospital (that sends you emails) is affiliated with our organization
and uses our Encrypted Email solution for file encryption.
2.1.
Download App
We have developed 3 programs for the following devices:
a) App for iPhones (iPods, iPads, etc)
b) App for Android cell phones
c) App for Windows based laptops and computers (yes, Outlook is supported too)
All of the above programs are free and can be found in the respective stores (iTunes or Google), or
they can be downloaded directly from our web site at
www.AdvancedModernSolutions.com/enc_test.php.
It is certainly not a problem if you have more than one device. You can install the App on any number
of devices and on any combination of them.
2.2.
App Registration
You need to register the App only once, though multiple registrations do not result in any damages,
even from the same device.
You will not be able to register the App unless there is at least one email sent to you from a hospital
affiliated with our organization and uses our Encrypted Email solution for file encryption.
Registration is required in order for the App to record your email address and telephone number. The
App will decrypt ONLY files intended to be sent to the registered email address. This means that if you
forward your email (that contains HCEF encrypted files) to another email address, the recipient of that
email will be unable to open HCEF files unless he/she registered the same App with the same email
address.
The reason to enter your telephone number is that we are currently working on adopting this
technology to SMS (in addition to email). Once that takes place, you will not need to re-register your
App or even change anything on your device.
Page 5 of 13
Encrypted Email Solution
The registration process is very simple and consists of a single screen. To register, tap the icon of the
App and the following appears:
a) Enter your phone, then email address, then a 4-digit numeric password.
b) Click the “Register” button
That is all! At this time the App notifies you that you are successfully registered. You can close the App
and you will most likely never see it again. All tasks conducted by the App after this point will run in the
background, invisible to the user.
Note. Please make sure that the password you pick is easy to remember. The password is designed to
protect you. If another person (who accidentally received your email) has obtained our App and is
trying to register it, then he/she will need to enter your phone number/email address and your
password in order to successfully register. This is much harder compared to entering only a phone
number and email address. In addition, our servers count the number of unsuccessful attempts to
register, and block that particular user after a certain number of attempts takes place.
2.3.
Opening an Encrypted File
This is the easiest step. Check your email the way you have always done. Do you see any HCEF file(s)
attached to it?
a) Windows users: double click the file
b) Android users: tap the file
c) i-OS users: tap our icon located to the left of the file name, then select “Open in Decrypto”
Page 6 of 13
Encrypted Email Solution
3. Encrypting Files
These instructions assume that you are an IT person in the hospital that is affiliated with our
organization.
3.1.
Registering with Us
Sign up with our solution and we will set you up with the system within 15 minutes. As part of the
registration process, you will receive the following credentials:
a) URL that contains the API for file encryption
b) User ID and password for your organization
You will also receive a sample PHP script (similar to above) that you can use to encrypt files.
Encryption of the single file takes a single trip to our server via HTTPS POST method. To be HIPAA
compliant, such a trip should be made using security sockets (SSL), so that all uploaded and
downloaded data is encrypted as it travels to/from our servers.
3.2
Encrypting Files
Each email message consists of the email subject, email body and zero or more attachments. If any of
that data contains patient-related healthcare information, then it must be encrypted. Each component
of the email message will be converted into the HCEF file. Bear in mind that the file name cannot
contain PHI as well, and should always end with “.HCEF”. Finally, make sure that the file does not
Page 7 of 13
Encrypted Email Solution
contain more than one dot; otherwise, some devices may not recognize it as an HCEF file. Here are
some examples:
Good File Name
Message.HCEF
Patient_X-Ray.HCEF
Followup_visit.HCEF
Email_Subject.HCEF
3.3
Bad File Name
Message.Body.HCEF
Patient_X-Ray.HCF
Followup_John_Smith.HCEF
Email_Subject-ATTN!!!.HCEF
Reason
Double Dot
Invalid Extension
Do Not Include Patient Name
Invalid Character (!)
Sending Emails
Now you are ready to send emails using any tools you have already been using and those you are most
comfortable with. Remember - encryption keys are based on the email address of the receiver – so if
you need to send the same message to more than one doctor, you need to encrypt that same message
individually for each doctor.
Page 8 of 13
Encrypted Email Solution
4. GUI (screens) for Sending Emails
The IT department of the hospital may decide against the incorporation of our encryption SDK into
their programs. Instead, they could allow their personnel to use a platform developed by us. This
platform automatically encrypts emails before sending them out through regular email channels. The
entire platform is protected by a security certificate (256-bit encryption-key).
4.1
Login
This URL is always used for login:
https://AdvancedModernSolutions.com/hcef_login.php
Enter User ID and Password provided to you by your organization’s administrator
Click button Login
Page 9 of 13
Encrypted Email Solution
4.2
Address Book
Every user of our platform has an address book that is not sharable with other platform users. Click
the red button Address Book to manage this feature.
To add a new contact:
Click button Add New Contact
Enter the name, email and any associated note, then click red button Save Contact
To edit contact:
Click button Edit left of the contact name
Edit name, email and/or note, then click red button Save Contact
Page 10 of 13
Encrypted Email Solution
4.3
Sending Emails
To send an encrypted email, click the red button Compose Mail:
Enter a recipient’s email address or select them from your address book:
o Click button Show Address Book
o Click button Add to Recipients, right of the contact name
o Click button Hide Address Book
Type the email subject and email body
Browse for attachments, then click button Upload. To remove an uploaded attachment:
o Click X left of the attached file
Click button Send Mail
Page 11 of 13
Encrypted Email Solution
4.4
Sent Emails
Please note that we do NOT keep your emails on our servers. This feature makes our platform not only
unique but advantageous in many ways. One advantage is the absence of any worry you might have
that our servers will be “broken into” by hackers and your valuable information will be compromised;
there is simply not any information on the server to compromise. Another advantage is that all of
your outgoing emails are still sent from your regular email address, which negates any need to go to
another source (us) to find information. However, we still write a log of your activities and the
following screen illustrates the extent of the information we actually do keep:
Recipient’s email address
Date the email was sent
Encryption options that were used when the email was sent
Number of attached files
Page 12 of 13
Encrypted Email Solution
4.4
User Management
The user management section is for the administrator(s) of your organization. The administrator(s)
uses the same login screen, and upon login, is presented with the User Management screen that allows
him/her to created accounts for personnel that will be using our solution to send encrypted emails.
Page 13 of 13