suggestions for encryption software

i am looking for a way to provide encryption for email that is fairly straight forward and easy to use.

i work at a medical practice and we need a way to communicate in a secure fashion with patients via email.

i have a very basic knowledge of encryption.

any input would be greatly appreciated.

thanks!

is that it requires both people to use it, you need to share keys like bemildred mentions below. While you could use a service like cryptoheaven.com, the question comes down to how much do you trust your clients not to be idiots?

Perhaps the best way, if you could really do this and not violate HIPAA, is to have a secure website using two-factor identification where each person has their own inbox for messages. When the person receives a message at the website they get an e-mail telling them to check their messages. This is the way most banks are going about it now since phishing has become so popular.

On edit: Example of clients being idiots and you getting in trouble for it. Say client has e-mail program set up to auto-login (like most of us do). Let's say client has herpes, except she/he didn't get it from their spouse. Let's say spouse reads your client's e-mail, divorces your client and takes them for a large chunk of alimony. Then client sues you for similarly large chunk of change for HIPAA violations and monetary damages resulting therefrom. The usual IANAL disclaimer, but this strikes me as a very real possibility.

the secure website with inbox's seems like easiest way to handle it on the patient side. i can only imagine what kind or problems we would get into trying to share keys with people and making sure they have the appropriate software loaded.

thanks for you help!
:hi:

As much as I try to encourage people to use encryption ("would you send a letter through the postal service without an envelope?"), when it comes right down to it most people just do not have it in them to be disciplined about things like key security. That doesn't make them idiots, just humans. Do check on two factor authentication though if this if this is something your office is intent on setting up (or having set up for them). Wikipedia has a good introductory article: http://en.wikipedia.org/wiki/Two-factor_authentication

TFA is not without its problems, and it is not a panacea, but it is much better than just a password. Of course, a secure website requiring a password is better than plain old e-mail.

Good luck. I'd be interested in hearing how you make out with this project and what solution your office eventually goes with.

Google "email encryption" for lots of info.
Or "GPG email encryption" to learn about the FREE GPG ecryption tools.

Here is one site:

http://www.thefreecountry.com/security/encryptedemail.shtml

You will also need to figure out how you & your patients are going
to share keys.

i really appreciate it.
the key sharing is the problem, it would have to be as straight forward as possible.

thanks for the info!

which it would then be the patients responsibility to keep control of to protect their own data.