• No results found

CareBridge Secure Offering General Availability Announcement

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "CareBridge Secure Offering General Availability Announcement"

Copied!
10
0
0

Loading.... (view fulltext now)

Download now ( 10 Page )

Full text

(1)

CareBridge Secure Email Offering

General Availability Announcement

Tom Gebhardt CareBridge Engineering

A complete Email Transmission Security Solution providing HIPAA compliancy for all Email transactions.

(2)

Overview

•The purpose of this document is to describe the CareBridge Secure Email service offering which provides for the transmission of email with sensitive content securely across the Internet.

•The Email will be “secured” in its public-net (Internet) transmission via either TLS (transmission encryption) or content encryption.

•Any CareBridge client can make use of this capability over their existing CareBridge connection.

•The offering is generally available to all CareBridge clients as of November 15, 2010.

•A short (8 minute) detailed Flash presentation of the end-user experience can be viewed at

(3)

Email Flows

•Outbound Email…

• If you are an existing CareBridge Email Gateway Service (EGS)

customer then no changes are required.

• If you are not an EGS customer then, to allow CareBridge to

inspect/encrypt email flowing to the Internet, your Message Transfer Agent (MTA) would run in “smart host” mode. This means that the client MTA would automatically forward all non-local-delivery email to the CareBridge relay (via the existing secure CareBridge

connection) for inspection/encryption/forwarding.

•Inbound Email…

• The existing MX records for the client domain will remain

unchanged and client will continue receiving email as is done currently.

(4)

Encryption Decision

There are five main opportunities for the CareBridge service to determine whether an Email needs to be encrypted:

1. Explicitly require TLS or, failing that, Content Encryption via the sender inserting the string “Secure:” at the beginning of the Email Subject.

2. Explicitly require TLS or, failing that, Content Encryption via the sender clicking “Encrypt Email” within the Email client (available in Outlook or Lotus Notes only via IronPort Security Plugin).

3. Explicitly require Content Encryption via the sender inserting the string “Confidential:” or “Personal:” at the beginning of the Email Subject.

(5)

Encryption Decision (contd.)

4. Implicitly require TLS or Content Encryption via destination

domain. Any email sent to domains pre-specified by the client will always be encrypted. This is particularly useful when, for

example, sending emails to an insurance carrier or law firm where almost all correspondence needs to be secured.

5. Implicitly require TLS or Content Encryption via HIPAA

terminology dictionary scanning. This method uses a weighted-keyword approach to evaluate the probability of a particular email having HIPAA content. If the point-score of all the found-keyword-weights is greater than a certain threshold then the email will be automatically encrypted.

(6)

Encryption Methodology

There are two different methods of encryption used to secure the outbound email in-transit. Both methods use 128-bit encryption.

1. Transport Layer Security or TLS – The CareBridge MTA will

always attempt a TLS connection to the recipient MTA. If this is successful then content-encryption of the email may not be

necessary.

2. Content-encryption – If TLS is not possible or there is a special requirement to perform this then the email contents, including

attachments, will be encrypted and sent to the end-recipient. The recipient can decrypt the email by registering for a decryption key from a secure website and clicking on a “decrypt” link within the email. This key is reusable for future emails.

(7)

Pricing

• A “sender” is defined as each unique envelope “From” email address in the client domain which sends at least one “content-encrypted”

secure email within a particular month. TLS-encrypted email would not be accounted for.

•Pricing is based on the total number-of-Secure-Email-senders from a client domain:

• 0 to 50 senders - $200/month • 51 to 100 senders - $350/month • 101 to 300 senders - $400/month

(8)

Pricing (contd.)

• Each sender can send unlimited emails to unlimited recipients • Six-month term commitment with automatic 6-month term

commitment renewals.

• At term-renewal time, the client number-of-Secure-Email-senders pricing bracket will be trued-up to the actual number of unique senders for the prior two months. This bracket can increase or decrease but will not go below the 0-50 sender billing amount. • All new Secure Email prospects will have a 30-day free

try-it-before-you-buy-it with no contract required. Continuation of service beyond 30 days subject to receipt of signed contract.

(9)

Reporting

CareBridge™ Secure Email Usage Report

Customer: McKesson Internal - CareBridge Group Period: From 11/17/2010 to 11/17/2010

Sent Sender Recipient Encryption Reason Subject

2010-11-17 16:26:57 [email protected] [email protected] TLS Tag Secure secure: another test 2010-11-17 16:33:15 [email protected] [email protected] TLS Tag Secure secure: another test 2010-11-17 16:33:15 [email protected] [email protected] TLS Tag Secure secure: another test There were 1 unique senders that sent 5 emails during the past 60 days

There were 1 unique senders that sent 3 emails during the time period encompassed by this report Encryption Key:

TLS=Transport Layer Security (encrypted between MTA's)

Content=Content Encryption via Cisco Registered Envelope Service (encrypted end-to-end) Reason Key:

TAG Secure=Explicit Encryption Request via 'Secure:' Subject Tag

TAG Conf=Explicit Encryption Request via 'Secure:', 'Confidential:', 'Conf:' Subject Tag Recipient=Implicit Encryption due to destination domain or email address

HIPAA Content=Implicit Encryption due to HIPAA keyword point score greater than threshold value

Your site administrator(s) will be emailed a daily report of all senders that implicitly or explicitly requested Secure Email services during the prior day. An example follows:

(10)

Interested?

•A short (8 minute) detailed Flash presentation of the end-user experience can be

viewed at http://www.carebridge.net/support/_docs/secure_email.htm

•Other collateral documentation on Secure Email can be found at

http://www.carebridge.net and click on CareBridge Services/Messaging

Services/Secure Email and Customer Support/Admin Support

•Clients who expressed an interest in pursuing this offering during our original

announcement will be contacted individually.

•If you did not participate in the original announcement or would like priority

consideration for evaluating the product, please contact our CareBridge technical

marketing contacts at mailto:[email protected] or call CareBridge Support at

References

Download now ( PDF - 10 Page - 268.85 KB )

Related documents

Rslogix Emulate Tutorial

For example, if you install RSLinx Enterprise and then install RSLogix Emulate 5000 from scratch, the first time you open RSLogix Emulate 5000, slot 0 will be occupied by the

The Purpose Of The Sales Invoice Is To

Modules across their own purpose sales is to make educated forecasts and utility of sale of an invoice number that in sale of payment for leaving the template?. Little reason to

Offering Solutions for The Management of Pain

The Marianjoy Integrative Pain Treatment Center in Oakbrook Terrace, Illinois, offers specialized programs to help individuals with chronic pain learn to manage their pain and

Essays on the production and commercialization of new scientific knowledge

Quality: We measure quality (Q in our formal model) by observing the average number of citations received by a scientist for all the papers he or she published in a given

Kansas Title Transfer Notary

Accepting your kansas title transfer required to transfer process electronic title transfer form must know to take a vehicle title service areas may need to make sure about the

Remote sensing of fugitive methane emissions from oil and gas production in North American tight geologic formations

In this manuscript, we present an analysis of column-averaged dry air mole fractions of atmospheric methane (denoted XCH 4 ) retrieved from the SCIAMACHY (SCan- ning Imaging

INTRODUCTION THE PURPOSE OF THIS DOCUMENT

If this isn’t possible due to the design used on the print, then use a white stacked double diamond Umbro logo instead. Photography and graphics used should be relevant to

Clinical practices and attitudes regarding the diagnosis and management of heart failure : findings from the CORE Needs Assessment Survey.

In summary, the CORE Needs Assessment Survey identi fied multiple knowledge and con fidence gaps that are shared across members of the HF care team, as well as those that are unique