Encryption

Encryption of emails from your website/our server to your practice is available whenever patients submit data via one of the forms on the webpages.

You may well feel that encryption is unnecessary since the privacy notice gives an adequate disclaimer to patients before they submit any data at your website, and that is a reasonable point of view which we would support. However if you are able to implement decryption at the practice then activating encryption of messages to the practice from the webserver is a valuable addition to the security of the process.

For background reading on encryption and cryptography generally you could refer to the FAQ's linked from OpenPGP home page, and also the documentation linked from the GnuPG homepage.

WARNING Before enabling encryption you must be sure that you have reliable systems at the practice to decrypt incoming messages. We use strong encryption that cannot be broken and we do not keep backups of the data submitted, so if you cannot decrypt the message then the message is as good as lost. In extremis we may be able to help you (as a chargeable service) if the problem is merely a misconfiguration at your end and if you were to send us both the messages and your secret key which matches the public key that you installed, but this introduces insecurity (since someone else intercepting the message and the key may be able to decrypt the messages).

But don't let this warning put you off. We use a standard method of encryption which can be decrypted by several products, both free and reasonably priced commercial products e.g. GnuPG, OpenPGP, and probably PGP (not yet tested), and as long as you take precautions such as keeping a backup of your keyring then there should be no problems.

We are investigating options to automate decryption to make it easier to manage at the practice, and so at the moment we make no specific recommendations. We have tested both GnuPG 1.0.6, OpenPGP 6.5.8 and 7.0.3 and confirmed that these products are able to decrypt our encrypted messages. Almost certainly PGP can also be used but we have not yet tested it.

For example, if you use OpenPGP 6.5.8 then you can set an F key e.g. F6 to be the hotkey to decrypt the current window, and then decryption is as easy as selecting the body of the email (e.g. in Outlook, with the preview pane active, just click on the text of the message) then hit F6. You will be asked for your passphrase, but if you set the options to cache this for several hours, you will only need to enter it once at the beginning of the day.

We provide a facility for you to send encrypted test messages to the practice before you activate encryption on the system options such as prescriptions and appointments, and we strongly advise that you make use of this facility.

The options for administration of encryption are found on the email configuration option on the admin menu. There you will find:

1. A utility to upload your public key (i.e. the contents of the file produced when you "export" your public key).
2. A utility to test encryption and decryption before you activate it on your live website facilities.
3. The options to activate encryption on some or all of your email addresses.

Do not activate encryption until you have used the test functions to ensure that you can decrypt messages encrypted on the website.

If you find that you cannot decrypt messages and yet you think that your software is set up correctly, email support@gpuk.net giving full details of your encryption software including version number. We may be able to make an adjustment to suit your package. Currently we do not support Cryptix based software such as ZeroClick, but we hope to be able to do so soon.

WARNING Because of the disruption that would be caused if messages were encrypted and you were unable to decrypt them, we err on the side of caution whenever you make changes. We automatically disable encryption on any email addresses when you change them, even if you have installed a key for the new address, and we disable encryption on all addresses when you upload a new public key. This gives you an opportunity to test that the keys have uploaded successfully without corrupting your keyring, and that you can indeed decrypt messages received at those all addresses using that updated keyring, before you activate them for live use.

If you are concerned that messages will be sent unecrypted during this maintenance period, then you could either return the appointments and prescription pages etc to demo mode to warn your patients not to use them, or you could temporarily (using the page editors) add a warning header to notify patients that messages are not being encrypted, removing this message later once testing is complete and encryption has been reactivated, or you could use the password option to temporarily change or add a password unknown to your patients so as to block these services.