Encrypted Email: What Could Possibly Go Wrong?

So this arrived from an email address similar to, yet not quite the same as, the URL of a physician’s office where I had an appointment a few days hence:

Encrypted Email Message
Encrypted Email Message

My email client is set to prefer plain text, disallow remote content, and not open attachments, so that’s as far as it got. Donning asbestos work gloves and face mask, I pried open the message and its attached HTML file with the appropriate tools and found, as expected, scripts doing who-know-what.

Called the office and, also as expected, was told my appointment time had been changed.

Showed up, mentioned it to the doctor, and was told the office must check off many boxes to demonstrate its HIPAA compliance.

Bottom line: HIPAA now requires patients (a.k.a., us) to open random attachments from random senders, all in the name of privacy.

Banks do that, too.

3 thoughts on “Encrypted Email: What Could Possibly Go Wrong?

  1. I’m lucky; appointment changes are handled via telephone, and beyond robocalls to remind/confirm an appointment (“Press 1 to accept, 2 to cancel your appointment”) it’ll be a human at the other end.

    Results usually go through one of the patient portal systems. Most of the practices use different systems, though the local clinic and hospital use the same MyChart system. I was surprised to see chart information for my visits to hospitals over the Cascades, both the surgical unit as well as the urgent care* clinic operated by the same company. This is not the company that runs the local medical operations. (Appointment reminders are in the MyChart pages, but they’re secondary to the phone calls.)

    If there’s a key update in MyChart, it’ll send me an email with a link to the login page. Nothing fancier than Mk 1 html, too.

    OTOH, the two eye surgery practices I’ve dealt with both use a common chart provider, but the logins are not automagically linked. I never bothered to link them.

    (*) Protip: the New! Improved! pneumonia shot can generate a really bad reaction 72 hours later. Not fun when there’s a lot of flu going around.

    1. Our Ooma VOIP service offers both NoMoRobo and “community” filtering to suppress robocalls and telemarketers. Unfortunately, dimwits apparently added the phone numbers for some-but-not-all local doctors & businesses, so they hear the “call blocked” message and we have narly a hint they tried to call.

      I turned off all Ooma’s filtering, but the calls were still blocked. I’m not sure what’s going on. It’s possible their phone systems block outbound calls to VOIP providers, a supposition nobody in the front-office staff could possibly diagnose.

      It’s getting way too complicated!

      1. Our landline is pretty basic. Real wire(tm) to the switching office, and nothing really fancy. I think we’ll get real broadband shortly after hell freezes over, and the cell connection is blocked by terrain, so this is the most reliable.

Comments are closed.