Jump to content


Photo

Email Encryption - HIPAA requirements

Encryption HIPAA

This topic has been archived. This means that you cannot reply to this topic.
1 reply to this topic

#1 Greg Shutter

Greg Shutter
  • Members
  • 1 posts

Posted 09 February 2015 - 01:57 PM

My company is using Spam firewall protection.  We have added a list of external domain names to force the TLS connects  to Encrypt all messages going to these external domains. Reading through email encryption whitepaper it states that encrypted emails would be received by the recipient through the Barracuda Message Center.  Our recipient is not required to use the Barracuda message center to view the email, But i was assured this message was encrypted. Is this HIPAA compliant, or should the recipient be viewing the message through the Barracuda Message Center? 

 

Thanks

 

Greg



#2 Jaybone

Jaybone
  • Members
  • 125 posts

Posted 13 February 2015 - 11:41 AM

Two completely different things.

 

Forcing TLS: negotiates a secure connection between the Barracuda and the remote MTA wherever you're trying to send the message.  If this can't be done, the message is not sent.  The message is only guaranteed to be encrypted in-flight from the Barracuda to the recipient MTA, via that secure connection.  What happens to the message after that depends on how stuff is configured between that remote MTA and the the user's eyeballs.  It could be bounced around multiple other servers after being decrypted for all you know - it all depends on their network configuration.

 

Encrypted emails: Entire message is encrypted on the Barracuda.  This encrypted message is sent to the Barracuda Message Center.  Message Center stores the encrypted message, and provides recipient an https link to it.  Message is secure until the end user's browser decrypts the https page for viewing.