Encrypted E-mail Solutions

Here is some information on setting up secure e-mail encryption with outside parties. There are basically two options available. Prices can vary based on the selected vendor and the information provided is for very general planning purposes and we would need to formally quote these before going forward. The major difference is how widely you intend on sending encrypted e-mail, and cost.

S/MIME:

This method is the simplest form of transmitting data between two trusted partners or individuals.

  • Pros: This security is built directly into Microsoft Outlook and it’s use is seamless for the sender and receiver. Meets HIPPA requirements for PHI. Best solution for a small number of users. Fastest method to receive encrypted e-mail. Lowest start up costs for a small number of users.
  • Cons: This requires a Digital Certificate to be purchased, renewed periodically and installed on both the sender and receiver systems. There is a degree of configuration required for all parties. Apex can provide support to other business with their permission and for an additional cost. E-mail is only encrypted when sent to recipients with Digital Certificates, you can accidentally send PHI or confidential information to the wrong person. Both users need to be configured before you can send encrypted e-mail.
  • Best Fit: When you’re exchanging secure e-mail with a well defined set of outside businesses and individuals which will not subject to change frequently.
  • Costs: $100 per user who will be receiving encrypted e-mail (reoccurring every 3 years); and $200 per user at an outside company who will be receiving encrypted e-mail (reoccurring costs every 3 years) – price include the rough estimate for labor and the Digital Certificate.

E-Mail Gateway:

This method will use a set of rules defined on the server to automatically determine PHI, such as sender/receipient/subject/content/etc. The system will automatically convert those e-mails into an encrypted format and send them to the recepient. There is no special software or configuration requirements for the sender or recipient.

  • Pros: This is good when the list of senders or recpients is not well define or may include home users. Automatically protects all PHI to avoid accidentally sending PHI in an unencrypted format, regardless of the recpient. On-the-fly encryption to anyone, which doesn’t require pre-configuration. 
  • Cons: It may require the recipient to go to a website to download the attachment, which makes frequent use of this method a slower method. Additional server hardware, software and maintenance is required.
  • Best Fit: If you’re exchanging e-mail with a diverse group of not-well-defined individuals, who may not have the ability or knowledge to work with Digital Certificates.
  • Costs: Around $3,000 per three year term, plus hardware around $1000 and installation labor and ongoing support. Pricing is subject to change, this was based on old pricing before Symantec Acquired the product from PGP. Another solution is the Cisco IronPort E-mail Security Appliance.

Hosted E-Mail Gateway:

Basically the same as the E-Mail Gateway from a security standpoint, with the only difference of the costs of implementation. The hosted solution doesn’t require a server nor the related hardware, software and support costs. However, it does have a higher ongoing service fee.

  • Pro/Con/Fit is the same as “E-Mail Gateway” above.
  • Costs: McAfee Email Encryption is $4,930 for a three year term for 100 users (again we need to do the entire company); or one year for $2,055.00 Other providers are McAfee/MXLogic Hosted Solution