>We pretty much already have that with the PKI system that web browsers (and other programs) check when verifying certificates for various websites we connect to (including this one).
As an aside, it took a seismic event (the confirmation of mass government spying) to actually get it implemented properly, and the US government did file a few lawsuits about being able to openly break encryption with a back door. We're fortunate to still have it fully intact.
>It doesn't require government intervention. It does require configuring servers that doctors, pharmacists, hospitals, labs, insurance companies, etc use to authenticate themselves with each other and a number of authorities to verify their identities (like the CA bundle that your web browser uses to verify that the server you connect to is indeed Hackernews and not some rogue entity).
Yes, that's more in line with the solution that we implemented (well paid to have implemented) with the outbound email interception and website redirection. All PHI goes through TLS via the website.
>PKI is a powerful tool which certainly can be used in a healthcare setting. Unfortunately, because of organization inertia, it's probably not going to happen (despite the fact that the technology behind it has been around for decades).
Ironically, they use it heavily in integration from third parties. Their SFTP/FTPS was locked down. They use a login whitelist and PGP signatures for login, everything must be encrypted with asymmetric PGP keys, folders were locked down, the works.
Many of our larger clients requested that all email and fax correspondence go exclusively through those SFTP/FTPS channels. Smaller clients had difficulty handling that on their own and usually had to call in a local support guy eventually.
>PKI is a powerful tool which certainly can be used in a healthcare setting. Unfortunately, because of organization inertia, it's probably not going to happen (despite the fact that the technology behind it has been around for decades).
It certainly happens in the bigger companies. They don't mess around. It's the smaller companies that struggle with it because they don't readily have the expertise.
As an aside, it took a seismic event (the confirmation of mass government spying) to actually get it implemented properly, and the US government did file a few lawsuits about being able to openly break encryption with a back door. We're fortunate to still have it fully intact.
>It doesn't require government intervention. It does require configuring servers that doctors, pharmacists, hospitals, labs, insurance companies, etc use to authenticate themselves with each other and a number of authorities to verify their identities (like the CA bundle that your web browser uses to verify that the server you connect to is indeed Hackernews and not some rogue entity).
Yes, that's more in line with the solution that we implemented (well paid to have implemented) with the outbound email interception and website redirection. All PHI goes through TLS via the website.
>PKI is a powerful tool which certainly can be used in a healthcare setting. Unfortunately, because of organization inertia, it's probably not going to happen (despite the fact that the technology behind it has been around for decades).
Ironically, they use it heavily in integration from third parties. Their SFTP/FTPS was locked down. They use a login whitelist and PGP signatures for login, everything must be encrypted with asymmetric PGP keys, folders were locked down, the works.
Many of our larger clients requested that all email and fax correspondence go exclusively through those SFTP/FTPS channels. Smaller clients had difficulty handling that on their own and usually had to call in a local support guy eventually.
>PKI is a powerful tool which certainly can be used in a healthcare setting. Unfortunately, because of organization inertia, it's probably not going to happen (despite the fact that the technology behind it has been around for decades).
It certainly happens in the bigger companies. They don't mess around. It's the smaller companies that struggle with it because they don't readily have the expertise.