Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is unfortunately how lots of people and companies think "secure" email needs to work. Any message from my bank or doctor works this way even it is something as simple as an appointment reminder. It is massive waste of user's time and programing effort, but I'm afraid that is where the world is moving.


Unfortunately doctors have to do this because the common legal interpretation of HIPAA and HITECH Act is that they have to.

Dates of service for a patient are protected health information. Most covered entities and business associates won't risk sending any PHI using methods that are not covered under the safe harbor provisions of the HITECH act. So... endless proliferation of "secure email" systems instead of using email. (And I don't see S/MIME taking off anytime soon as an alternative, even though that would be sufficient to qualify for safe harbor.)


Harder to spoof or phish (depending on the implementation). I know that a message shown on my bank's main website, with the correct URL, is legit.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: