Re: Does My Doctor Comply HIPAA when she Sends me Personal Health Information over Gm
Never heard of SHTTP, perhaps you mean HTTPS? That only applies to web users. IMAP and SMTP users need to be certain they force IMAPS(993) and SMTPS (often 465) ports and protocols. I don't know the gmail specific ports since using gmail and wanting anything to be "personal" is an oxymoron.
I don't know what the strict rules are for HIPPA, but email unless they use x.509 or GPG certs are not encrypted, so they do not meet with any real security at all. Google (and any intermediary system/network) can look inside the message and read everything. email is like a postcard. Anyone that the postcard passes through can look at the contents.
gmail uses SMTP, SMPTS, IMAP, IMAPS, HTTPS and POP3, POP3S. None of these have anything to do with how the files are stored on gmail's servers ... unencrypted. Half of those are for server-to-server communications and half are for client-to-server communications. Most servers do not demand that the other server only use SSL/TLS encrypted sessions, so there is no way to ensure that the Doctor's email system forced gmail to use encryption for the transport of the email.
Of course, you probably signed something that agreed to them using email to notify you of test results.
If you want strong encryption, look at
* gpg (you need an OpenPG cert)
* enigmail (plugin/extension for thunderbird)
Other email programs will do openpg like Claws.
The best how-to guide is at the enigmail site.
When you create a gpg-key for signing and encrypting email, you probably want to make it for 5 or 10 years and 2K in size.
Of course, if you do all this, then the doctor also needs to do it. There is no 1-way encryption method possible for OpenPG email encryption. Both parties need keys and OpenPG software to properly make this work. I've never seen any Doctors, CPAs, or other "professionals" able to deal with GPG encrypted emails. They do not have the time.
Encrypted email has some downsides.
* it is encrypted, so there is no way to search inside the messages.
* it is encrypted, so if you lost your private key, there is no known way to decrypt messages encrypted with your public key.
* The receiver must also have a private and public key setup. You must know their public key to encrypt messages that only they can receive.
Linux User since 1993. Loving Linux since 1996.
When you find the solution, please come back to this thread, explain the solution, and mark it SOLVED to help the next guy.