Emailing letters securely


#1

Would it be possible to have a button to send a created letter in cliniko through outlook so that I can send it securely?


#2

good idea if this works


#3

Thanks! Yet to hear from Cliniko so I am hoping it is something they are working on!


#4

Hi @Dermsec, just wanted to comment here! At the moment we don’t have any immediate plans to change the email function around letters. If we were to add a separate sort of “send” button where it would send from your own Outlook address (versus directly through Cliniko), the same idea of security applies as was mentioned in this post:

As Joel had said there,

The problem is not all receiving mail servers support encryption. If the receiving mail server doesn’t support encryption, it will fall back to TLS not being used, and the email not being encrypted.

To be clear, we follow best practice and attempt to send every email with encryption, we just can’t guarantee that will be what happens, as we are at the mercy of the receiver.

If you are sending personal/sensitive information that must be encrypted, you would be safest to not use email. I guess you still could if the recipient had TLS enabled. It would be risky though.

If you’re sending a letter directly from your Outlook address, unless your email client is equipped with some sort of end-to-end encryption on your side and the receiver’s side, there would be no difference to emailing that letter from Cliniko, or through your Outlook address. There isn’t a way to guarantee what happens on the receiver’s side.

If I have misunderstood the question in any way, though, and you’re using a different sort of encrypted email service through Outlook, please let me know!

Emily


#5

Hi Emily

If we could send via outlook it would make things much easier as Egress Switch can be linked outlook that sends everything encrypted.

The way things are at the moment, it would be illegal for us to send any clinic letter to either the patient or the Doctor through Cliniko so I am having to raise the letter within cliniko then download it to paste into an Outlook email which I can then encrypt.

I know that when you click on the patents email address in Cliniko it comes up with an outlook message so I can’t believe that an attachment cannot be added using this.

Another option is to use a company like Egress as an add on to cliniko?

I know you have probably thought of all angles, but this is really important in the UK.

I really think your system is amazing and despite some of it’s shortcomings, I prefer using it to some of the other more comprehensive platforms out there (many use Egress). I work with quite a few other consultants who I am desperate to recommend Cliniko to, but without this basic GDPR requirement, I cannot champion your system (which I soooo want to do!).

If you guys could look at this again, I am sure it would be worth the expense. I am sure many people when looking at the system on the internet are put off by the lack of email security.

Thanks so much for responding!


#6

Of course, @Dermsec! Even if it might have the status of “we’re not working on it now,” we still definitely want to discuss it, as it indeed sounds like a feature that a lot of people would find useful.

Can I ask a quick question? When you said, “without this basic GDPR requirement,” you’re referring to emailing securely from within Cliniko, correct? (Or did I misunderstand?) Also, are you able to point me in the direction of where that requirement is mentioned? That would be great! :slight_smile:


#7

It has been advised to me by the legal teams of a number of hospitals in the UK that it is necessary to encrypt sensitive medical data. The ICO say that while it is best practice it is not mandatory but if there was a breach of sensitive data, they would investigate what steps were taken to ensure that the data did not fall into the wrong hands.

There are quite severe fines and lengthy investigations in place for anyone who fails to show that they have taken adequate steps and I do think that sensitive medical data SHOULD be encrypted, which I do outside of Cliniko. But, the process is longwinded and if Cliniko can get an add on, I would gladly pay extra for the saving of time (or even make an app for patients to view their medical records on line? :slight_smile: )

While ICO may say that it is not necessary, other practice management software companies are jumping on the encryption bandwagon which is being lead by the hospitals and the encryption companies. This does leave Cliniko at a disadvantage for new business as one of the first questions medical practitioners now ask is whether encryption is built in. If Cliniko wants to grow their share of the European market, then this is an area that needs to be invested in.


#8

Although not as ideal - is there an ability to password protect letter templates when they are added to an email as an attachment? That would be a great feature if possible :slight_smile:


#9

Thanks very much for clarifying that! :slightly_smiling_face: I’ve passed the information along to the team here. While I can’t make any guarantees as to how the letters functionality might be changing in the future, know that these comments aren’t going unread, and it’s super useful to hear/read this stuff!


#10

Dear Emily

I totally agree with Dermsec’s comments.

Encrypting email communication is now considered the norm and every private hospital in the UK is recommending we do so as part of GDPR compliance.

The benefit of using an encryption system such Egress is not only about encryption, but allows the ability to revoke an email if send by error, something that in my option is underestimated. There are more human errors causing data breaches than scrupulous individuals hacking my email account to find a letter about my bowel habit!

As pointed out by Dermsec, services like Egress can be embedded into outlook and soon Gmail web app. It would be hugely beneficial if a PDF generated from a patient letter could be sent to the default Mail client with a click of a button rather than “Saving and Attaching” , which is clunky. What we would do in securing the email from then on becomes our responsibility.

It must be said that currently Cliniko’s function to send letters and invoices is pretty pointless given that your 3rd party email client cannot be considered secure enough for sensitive information.

The following gmail plugin may of interest to you / your developers or others -

To link a web pdf (which is what invoices and PDF’s are) to an email client is certainly doable and I hope Cliniko seriously considers working on this.

Thank you.


#11

Thanks Fpakzad,

I am really surprised more UK cliniko users haven’t added to this discussion! It is the subject of most of my discussions with other private medical secretaries!


#12

I use virtru to send emails in encrypted form – it’s not completely hassle-free, and it won’t integrate with clinico easily, but it does have a plugin for Office365 and google. And it’s easy enough for the recipient.

Just in case anyone is interested. I’d prefer something integrated of course!