You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
1) I have coverage with a private Medical Insurance Co. When I have to send them info etc, there is password-protected platform that I need to sign into, and upload from there. When they send me a message, they send me an email to tell me to log into the platform and read the message.
2) Medical Insurance Co referred me to a private Medical Clinic, and asked Medical Clinic to contact me. Medical Clinic requested me to send my medical information (referral letter, x-rays etc) to Medical Clinic by a normal email from my normal personal account. Medical Client doesn't accept info any other way. Over the course of treatment, we have emailed back and forth with medical information.
3) On reflection, it seemed weird that we were sending sensitive personal information by email. I asked Medical Insurance Co if this was a sensible arrangement used by their subcontractor, and also asked how Medical Insurance Co is sending patients' personal info to Medical Clinic.
4) Medical Insurance Co said it was fine to send medical info by email because email is encrypted, and also that they apply the highest standards of GDPR blah blah blah (so didn't really answer the question about how Medical Insurance Co sends info to Medical Clinic).
AIBU to think this is a bit flaky? Is a "normal" email sent between my personal Yahoo email and Medical Clinic's general email address really encrypted and secure?
(All this is inside the UK, and they're big companies that ought to have the resources to manage this stuff. Also, I'm not suggesting I personally have suffered any harm or that I need a million quid to make my hurt feelings go away).
If they were being sent through the postal system would you expect both parties to have invested in an Enigma machine?
Is a “normal” email sent between my personal Yahoo email and Medical Clinic’s general email address really encrypted and secure?
No its not.
It is not true to say that normal email is encrypted.
The risk of operating in this way is not massive, but it's not zero. I take more precautions than this when sending a list of 15 student email addresses to a colleague!
Health information is 'special category data' and as such requires more care than normal info like name and address.
If they were being sent through the postal system would you expect both parties to have invested in an Enigma machine?
The difference is that with postal mail, it's not so easy to type one letter wrong and send a medical diagnosis to the wrong person. Or accidentally CC 781 people about their HIV diagnosis instead of BCCing them. Or forward an email trail without realising there is sensitive information further down. And so on.
Email ballsups are some of the most common types of GDPR breach (by far the most common in my organisation), and that's why it pays to take particular care when emailing data. And ESPECIALLY special category data.
Is a “normal” email sent between my personal Yahoo email and Medical Clinic’s general email address really encrypted and secure?
No its not.
it probably is encrypted using TLS at some point in the data's journey, but its difficult to say that with certainty without knowing all the technical details of yahoos system and the system at the other end. And it may not be encrypted on all stages of the journey.
Whether it is encrypted at rest is a different question, and again needs inside info to know for certain, but these day I would expect that it is, but thats not guaranteed.
I wouldnt be too concerned about emailing this kind of info, as long as you/they email it to the right person.
It's absolutely not end-to-end encrypted in the use case you describe. That's either ignorance or a lie.
Personally, given the number of times they've had their pants pulled down (and the scale when they have), I'd suggest that the biggest security risk here is having it lying around in Sent Items in a Yahoo! account.
It's not great but better than nothing, stick it in a password-protected zip file / document next time. Then ring them with the password.
I work for a UK medical insurer.
I'm no IT expert but I can tell you that the level of security around our emails is unbelievably high. Every email gets categorised into one of 4 categories: Public, Business Use Only, Confidential, Highly Confidential
When I say this process is scrutinised, I can't stress how much. People have lost their job for sending emails incorrectly categorised or to addresses they shouldnt have sent stuff.
In short, we take data privacy extremely seriously and if we're sending medical data externally, it's treated with the highest security
I would not send medical records over email without addition encryption. I would probably loose my job if I did.
s/mime based encrypted policies must be used to send any PII in my organisation.
I work for a software company providing IT systems to the NHS, so I guess I'm a semi-expert at this.
If one of our customers wanted to send clinical info over email to patients we'd decline pointing out why it's bad. As someone above said it's no worse than posting it but with modern technology it should be better.
A few options....
1. NHS use NHS mail a lot. Used to run on a private network now I think it's a big NHS VPN. They can send clinical data over that as it's all ringfenced, but not end to end encrypted. Also your private health provider may or may not have an NHS mail account.
2. Use a portal. Send the link via email/phone but then utilise MFA when loggin in.
3. Whack it in a zip file and password protect it. Not perfect but better than nothing.
Good luck.
I get the point, but what’s your concern? ie what use is your medical info to anyone else?
People who will want to access it ie insurance companies will be able to access it anyhow
Email is absolutely not secure. SMTP is essentially a plain text protocol that you can manually invoke using telnet. If you’re lucky there’ll be encryption between some nodes, but by its very nature it’s not required, especially across domains so for instance between Yahoo and your insurance company’s mail gateway. There’ll be all sorts of men in the middle as well for cloud based virus and spam filtering.
No matter what policies or protocols your insurance provider or your business @boardinbob, puts in place internally they will have no say at all on how the data is handled outside of their realm. If they’re under the misapprehension that they do dictate such traffic handling then perhaps they need to pick up a copy of “the internet for dummies”. The 1995 edition will do as it’s not changed.
@politecameraaction If you’d like to kick your insurance provider in the nuts you can shop then to the ICO. At the same time I’d raise a complaint by email internally with them for each time they mishandled your data. They’ll wash their hands of it so then log onto the FCA website and escalate each complaint there. They’ll revive a £525 charge (I think it’s gone up from that) for each complaint made to the FCA irrespective of the outcome. I’m an absolute @&@?t when it comes to this sort of thing, so I’d raise a complaint about each individual leg of a conversation.
I get the point, but what’s your concern? ie what use is your medical info to anyone else?
I can only point you to the link I posted further up the thread. There are some potentially very sensitive conditions that people would rather not have the world and his dog knowing about.
If that company had used a secure system requiring a login, rather than bog standard email, they would not have had to pay a six figure fine, would not have had their incompetence all over the front pages, and wouldn't have caused a huge amount of anxiety among their patients.
Thank you all for your input and advice, both technical and anecdotal. Their approach does seem flaky to me.
If you’d like to kick your insurance provider in the nuts you can shop then to the ICO.
I think I would like to kick them in the nuts, as the "calm down, dear, your email was encrypted" line was given to me by the data privacy officer of Insurance Co, and it took them two months to respond to me. But it can be for the ICO to decide if they are right and I am wrong.
I get the point, but what’s your concern? ie what use is your medical info to anyone else?
I don't particularly care if anyone knows I had a broken ankle, but some people might feel like their (or their kids') miscarriages or depression or cancer or substance abuse are things that ought to be kept private. And I don't reeeeally want my name, address, date of birth, employer, whatever floating around unnecessarily...
If that company had used a secure system requiring a login
Unless the secure system was moveit.
Bottom line, it's your data.
You are the Data Controller and whoever you are sending it to is the Data Processor. The clues are in the "C" and the "P" - you could've said no and demanded a different method (encrypted email from you and then password via another method or registered post etc), but you didn't, you agreed to do it.
Also as the Processor you're within your rights to ask how they are securing it, which you did, and have accepted their 'controls'.
If you really weren't happy, you shouldn't have sent it...
When you typed "data privacy officer" do you mean "Data Protection Officer"?
Ask them for their Data Protection Impact Assessment for this process.
Article 35 of UK GDPR:
"A data protection impact assessment referred to in paragraph 1 shall in particular be required in the case of:
...processing on a large scale of special categories of data referred to in Article 9(1),.."
As mentioned above, Health data is special category.