For Your Eyes Only - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

05:16 PM
Connect Directly

For Your Eyes Only

HIPAA and other government regulations may help spur the adoption of secure messaging technologies

Despite high concern and regulation around privacy, secure messaging technology has been a tough sell to most companies, including those in health care. But easier-to-use technology and a new round of privacy rules might make it a more palatable option.

The past few years have been marked by lively talk about secure messaging with little demand, says David Ferris, president of messaging and collaboration research firm Ferris Research. But new regulations may change that, he says. The final round of the Health Insurance Portability and Accountability Act takes effect in April and might spur health-care companies to use it.

Jupiter Media Metrix analyst Monique Levy says there's considerable confusion about what HIPAA requires for messaging, but the industry is moving toward secure communications. "I think it's going to be standard practice and ultimately it will make sense to adopt industrywide," she says.

The market is still in its infancy, worth perhaps $40 million to $50 million a year, says Jonathan Penn, an analyst at research firm Forrester Research. Vendors include Authentica, Entrust, PGP, PostX, Sigaba, Tumbleweed Communications, and Zix. The reason secure messaging isn't more popular is that it's tough to do, generally requiring both senders and recipients to install the same software on their PCs.

Anticipating HIPAA's requirements was the main motivator for John Willars, IT director and HIPAA security officer at Mission Hospital Inc., to start using secure messaging two years ago. "I wanted to figure out what I could do to be ahead of the curve," he says. Willars started using Sigaba's plug-in for Microsoft Outlook, in conjunction with servers at Sigaba, formally known as Secure Data In Motion Inc. About two months ago, the hospital brought the hardware in-house by acquiring its own E-mail gateway server. A typical use, he says, might be a doctor asking for a report from radiology that would be sent by encrypted E-mail.

Sigaba is typical of how vendors are tackling the major obstacles to secure messaging's use. In addition to authentication and encryption, it can filter viruses and other unwanted content. The critical components are a gateway server that encrypts messages as determined by security policies, an authentication server, and a key server. The recipient decrypts the message with a key provided by a key server. Alternately, the recipient's S/MIME system can decrypt the E-mail. While a mail-client plug-in is available for certain uses, secure communication can be conducted without requiring recipients to install any software.

Some IT managers might not be terribly concerned about the risks: Intercepting an E-mail in transit isn't a trivial technical challenge. But other risks include phishing, where E-mail is made to look like it's from a trusted company in order to steal identity information.

However, none of the systems protects against the most likely means of disclosure: the over-the-shoulder peek, or a person leaving a PC with a sensitive message open.

That's why, despite being enthusiastic about Sigaba's capability and ease of use, Mission Hospital's Willars is cautious: "We discourage using E-mail for sending personal health information."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
Graph-Based AI Enters the Enterprise Mainstream
James Kobielus, Tech Analyst, Consultant and Author,  2/16/2021
What Comes Next for AWS with Jassy to Become Amazon CEO
Joao-Pierre S. Ruth, Senior Writer,  2/4/2021
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll