Whether messages sent from a smart phone are secure and HIPAA compliant?
This issue is well addressed by MDofficeMail with their smart phone app for iPhone/iPad and Android which works with their HIPAA compliant Email Encryption Service, Crypt-n-Send.
By installing this app iPhone/iPad and Android phone users can send encrypted email messages from their smart phones.About Crypt-n-Send Email Encryption Service from MDofficeMailTo send any confidential information like PHI by email, it is necessary that a)Both the sender and the recipient should have a secure email account.b)The content of the message should not be in human readable format if it is accessed by someone else. In general, many responsible senders like medical facilities will have secure email service at their end. However, they ignore the importance of security at recipient's end. It is a known fact that majority of people use free accounts with no security at all.To handle this critical issue that is most often ignored, to maintain the end-to-end security of emails, MDofficeMail is presenting to you Crypt-n-Send.Crypt-n-Send is an innovative service for encrypting and delivering email with end-to-end security. You can use any email account to SEND secure email. The recipient's email account need not be secure.In addition, this process doesn't involve the hassle of installing additional software, security certificates, or keys. However if you choose MS Outlook to send secure and plain messages, you can install Crypt-n-Send Add-in for MS Outlook as an option.How Crypt-n-Send worksContinue to use your existing email account as before and subscribe to Crypt-n-send service for your existing email id.Send secure messages in four different ways:A. Compose Webpage: Browse https://cryptnsend.c, compose a secure message, and send. B. Webmail: Browse https://secure.cryptnsend, login, compose a secure message, and send.C. iPhone/iPad and Android App: Download and install the app, login with your email id and password, compose and send message.D. Email client Application like MS Outlook, Apple Mail etc: Configure CryptnSend account with email client application and start sending encrypted messages that are HIPAA compliant.Most important feature of CryptnSend is "Centralized Sent Mail" folder. Messages sent using any of the above methods are saved into the Sent Mail folder of Webmail.Other important features of Crypt-n-Send include:New recipient validation: By selecting this option while composing a message, the sender can restrict a new recipient from viewing the message without a security token. This token can be given to the recipient over phone.Password reset authorization: Unless the sender authorizes, recipient cannot reset a forgotten password to view a secure message.Validation of recipient to reset password: Optionally, the sender can validate the recipient requesting for a reset of a forgotten password.Sender has the option to send encrypted message or plain message to any email recipient Access logs: Access logs can be viewed for each user, as required by HIPAAForce expiration of sent messages: In case incorrect information is emailed by error, sender can force expire the message. Force expired message will no longer be available to the recipient.Fixed life of sent message: Messages are automatically deleted from MDVault after 30 days irrespective of whether it is already viewed by the recipient or not.Downloading and storing: If the recipient wants to save important messages for future reference, they can download and save the message on their computer.Secure reply: Recipient of a secure message can send a secure, encrypted reply.Automatic session time-out.Change-Password Reminder: Users are reminded to change their password every 90 days to maintain the HIPAA compliance. Attachments: Attachments can be sent using Compose Webpage, Webmail and MS Outlook. Attachments are encrypted and can be downloaded from MDVault secure site. Recipients can include attachments in their replies as well. Limitations with Crypt-n-Send Service from MDofficeMail:Message headers, including the subject are not encrypted and will get delivered to the recipient in the notification. Be careful not to include sensitive information in the subject line.Messages held by MDVault will be removed after 30 days for better security. So, it can't be used as a long-term secure message storage. For more information on Crypt-n-Send and MDofficeMail Email Hosting Service, please visit MDofficeMail website.Encryption technology used in Crypt-n-Send and MDofficeMail Email Hosting Service:MDVault uses industry-standard AES-256 encryption in CBC mode with MD5 hash. Many federal agencies and financial institutions around the globe use the same class of encryption to protect very sensitive data. AES-256 encryption is so secure that there are no publicly-known attacks that will recover anything useful from an AES-256 encrypted file in any remotely reasonable amount of time.
Anil Moses is a post graduate in business administration and is associated with Healthcare ITES for more than 10 years. Please visit www.MDofficeMail.com. He is involved in designing CryptnSend service.