Security issues surrounding E-mail Referrals
© J Can Dent Assoc 2000; 66:418
Referrals by e-mail of dental patients from dentists to specialists will become a standard operation for many dental offices using the Internet. The benefits of e-mail referrals include:
speed e-mail can be sent from the operatory in seconds;
ease of use;
convenience of attaching digital pictures, x-rays and documents to the e-mail and keeping originals;
automatic creation of a log of messages sent and received;
relatively low cost most connections available today are inexpensive.
While e-mail is quick and easy, security is an important issue that should not be overlooked when sending private information. Patient confidentiality is paramount for the dental community both on and off the Internet. It remains the dentists responsibility to maintain patient confidentiality with regards to Internet record transfer. Many people do not realize that sending e-mail is like sending a postcard in the mail. It is not likely that it will be read en route, but it is possible. The e-mail can even get intercepted and altered. As more confidential e-mail is sent, it becomes increasingly important to ensure that the mail is not forged and that it remains confidential.
The safe transfer of information between dentists and specialists with present e-mail technology is possible, provided there is cooperation between the two parties. To send secure e-mail it is necessary to digitally sign the mail with a digital ID, also referred to as a digital certificate. The mail should also be encrypted.
In order to use a digital ID and encryption, you must be using an e-mail program, such as Netscape or Microsoft, which supports this technology. Old versions of the software will not work. The latest version of the software can be downloaded to your computer. To get a digital ID you must apply through an independent certification authority. Digitally signing the e-mail is a process that uses a third-party group on the Internet to verify your identity each time you send an e-mail. There are some minor costs involved, but this is one of the best methods at present for sending private and secure e-mail. VeriSign, for instance, costs $14 US per year and offers a 60-day free trial of their digital ID.
By using VeriSign Digital ID with Outlook Express, for example, dentists can provide an identity verification process for referral e-mail in a way similar to showing your drivers license when you cash a cheque. The recipient will receive a public key along with the message that allows him or her to verify your identity. The VeriSign service can also prevent other persons from forging a message from your office. To quote the company, a VeriSign Digital ID serves as an electronic substitute for a sealed envelope or your signature when you send messages across the Internet. Your digital ID resides securely in your browser or e-mail software and allows you to digitally sign your e-mail and encrypt it using your recipients digital ID.
There are many methods to send e-mail privately between the dentist and the specialist so that it cannot be read along the way. Encryption is one way. It involves scrambling a message at your dental office computer prior to sending it over the Internet and then descrambling the message at the specialists end. The VeriSign Digital ID can be used to encrypt messages. With Microsoft Outlook both the sender (dentist) and the recipient (specialist) are required to have an ID to use the encryption function. To send an encrypted message the dentist must have the digital ID of the specialist in his or her address book. This allows the dentist to use the specialists public key to encrypt the message. The digital ID of the specialist receiving the e-mail allows him or her to use a private key to read the scrambled message. The e-mail cannot be read by any other prying eyes without this private key.
Many e-mail programs offer a similar encryption capability for the public to use. If you are using Microsoft Outlook 5, which comes with Windows 98, click on the new mail button and then look in the top right-hand corner for the sign and encrypt buttons to get started.
For more information visit the following Web sites:
Dr. Scott MacLean maintains a private practice in Halifax, Nova Scotia. His e-mail
address is firstname.lastname@example.org.
The views expressed are those of the author and do not necessarily reflect the opinion or official policies of the Canadian Dental Association.