If you're in the know with HIPAA, or you've at least read this handy post on HIPAA compliance with gmail, you are aware that using an encryption add-on like LuxSci or Paubox is highly encouraged if you want to stay cool with HIPAA.
Upon further pondering the problem, I came up with a way to get rid of the need for these extra tools at a lower expense. (LuxSci at $6/month is really not so bad, although if you have a big practice it adds up. Paubox is pricey any which way.)
The bad news is, it doesn't work nearly as well as I had hoped. But it may yet be a good choice for some of you.
Basically, the reason you need LuxSci/Paubox is to securely encrypt your emails when you send them to clients is because, although the vast majority of email clients (gmail, yahoo, hotmail, etc.) DO securely encrypt messages already, there is a very small number of email clients that do NOT do this. (That number is so small that it's actually hard to find an email system that isn't using TLS, which is what all these other guys, including LuxSci/Paubox are doing.)
But since it's POSSIBLE that without a backup encryption service you MIGHT end up sending an unencrypted message containing protected health information (PHI) - small as that possibility is - it's important to plug that hole and prevent such a thing from happening.
What this new doohickey I came up with does is simply to disable sending an email when the other guy doesn't use TLS. So you are prevented from ever making the mistake of sending unencrypted PHI. Ta-da! (If you ever actually encounter someone using email that doesn't use TLS, you can pick up the phone and find an alternate solution. But I doubt you will ever find yourself in this situation.)
The plan is to make this doohickey (called TLSblock) available for a very reaosnable one-time fee, so that you aren't paying for extra (hardly-needed) encryption forever.
And now for the but:
There are some drawbacks. I will be open about this and enumerate them, thusly:
With LuxSci and Paubox, you can set it up enforce usage for all your staff through your Google Workspace admin panel; with TLSblock you need to direct them to install it on their browser, so theoretically, they could just not do it and tell you they did.
TLSblock is a chrome extensions, so it only works with chromium-based browsers, like Chrome and Firefox. If you only use Edge or Safari or what have you, you can't use this.
You have to run an adjunct application alongside it (meaning, you have to open a separate program to run at the same time as you are emailing). You can just open it once and keep it open all the time. But still.
It does not work on mobile. This is a browser extension, so it's desktop-only. Bummer, I know. This means you would have to refrain from sending emails from your phone, unless you know for certain that the recipient of your email has an email client that uses TLS (and again, most do - so if you're emailing someone @gmail.com, or who you know is using Google Workspace also, that's fine; but you'd have to know).
So, if you can swallow all those drawbacks, this option is great! 😃
I know, it's not as awesome as I'd hoped. But I figured it might be a good choice for some people. For example, if you're a solo practitioner and you really want to save money, this might be right up your alley! Especially if you really do all or most of your business on a desktop.
I'm hoping to improve upon this product in the future, but for the time being, this is what it is. If it's helpful to anyone, feel free to reach out and we can discuss setting it up for you. (I'm not putting it up for sale broadly yet since I don't think most people are going to want it given its drawbacks. I'd love to be proven wrong!)
Comments