Hello:

We have a client that is requesting an email encryption software that is HIPAA compliant and I don't know about it to decide which ones are good.

Does anyone have a recommendation or is using one now?

Thanks

Keith

well, he has to use the same software (encryption) as whoever he is emailing. Is he looking for one to just use within his office?

I have an insurance company for a client and they use PGP on both ends, and they claim it works very well for their needs....

I have an insurance company for a client and they use PGP on both ends, and they claim it works very well for their needs....

Yes, pgp works very well as long as both ends have it. Obviously thats how encryption works. I havent used PGP since 2002, so i cant say much about it though.

Great,

This is an insurance company with 500 emails; we are researching PGP and it seems to be the best option.

Thank you.

Last I looked, PGP was paid. For a free alternative, you could try GPG:
http://www.gnupg.org/

There are plugins available for many email clients to interface with GPG. As was already stated, both parties need to be using the same sort of encryption (though PGP and GPG both are compatible, last time I used it), so that offers some options.

If you can find any version earlier than version pgp 8.1 personal, these were all FREE versions....

Last I looked, PGP was paid. For a free alternative, you could try GPG:
http://www.gnupg.org/

There are plugins available for many email clients to interface with GPG. As was already stated, both parties need to be using the same sort of encryption (though PGP and GPG both are compatible, last time I used it), so that offers some options.

i used openpgp back in the day.

i used openpgp back in the day.
I remember when ROT13 was enough to baffle most "ordinary" users. ;)

I have never used any of this PGP/GPG encryption. I was using digital certificates (Email SSL)...

Tom

that only has to do with your connection to the mail server, has nothing to do with how email is sent to the other user.

It does hide any connection/IP information from the source of the email sender. And it does include a SSL certificate within the email.

It does hide any connection/IP information from the source of the email sender. And it does include a SSL certificate within the email.

Right, but hipaa is about content, not ip information and as soon as it leaves the mail server, its most likely sent as plain text.

Rodeo,

Here is a good article about email security and hipaa

http://luxsci.com/info/web_pgp_ssl.html

Thanks MACscr,

That was very helpful.

Thanks again

Keith

that only has to do with your connection to the mail server, has nothing to do with how email is sent to the other user.With a digital ID for your email you can encrypt the contents and/or verify your identity in the email.

that only has to do with your connection to the mail server, has nothing to do with how email is sent to the other user.With a digital ID for your email you can encrypt the contents and/or verify your identity in the email.

thats basically what PGP is and even though SSL is involved, its not the same as basic Email SSL in the norm like were talking about IMHO. I could have assumed wrong though.

I may have miss read. Just pointing out that a digital email ID (cert) is not the same as SSL.

According to a number of websites and providers, email SSL Is available :/... Its ambiguous...

Can be, yes. Just keep in mind that the digital email ID identifies you and gives the opportunity to encrypt the contents. The contents stay encrypted unless you have the senders public key.

SSL would encrypt everything enroute between your client and the mail server.

According to a number of websites and providers, email SSL Is available
Email "SSL" refers to connecting to the mail server, not encrypting your emails contents. On the server: plain text. Transferring/downloading to your computer via SSL: encrypted.

To comply with best practices in information security, you also need to encrypt the message for storage on line.

I heard SurfSolo is pretty good, it basically creates an encrypted virtual tunnel between your computer and one of the high bandwidth security proxy servers of theirs. It ensuries you of completely anonymous web surfing.

You can check it out on www.securstar.com

Cheers!

Not sure if this is helpful or not:

http://enigmail.mozdev.org/home/index.php

Enigmail is a security extension to Mozilla Thunderbird and Seamonkey. It integrates the renowned OpenPGP standard provided by GnuPG.