MDVault for End-to-End Encryption
Making all your email recipients secure & HIPAA Compliant
A person can send secure message from a secure email account using SSL/TLS technology. This message is secure provided the recipient’s email account is in the same server or with any other secure server/service like MDofficeMail. However, if the recipient’s email address is hosted by a non-secure server there is NO guarantee for the secure receipt of your message. As you are aware, majority of individuals use free accounts with no security at all.
To handle this critical issue that happens so often without notice, that is, to maintain the end-to-end security of emails, MDofficeMail is presenting MDVault, a technological innovation for encrypting email messages and delivering securely over the internet, with end-to-end security, to any email account whether it is secure or not. In addition this process doesn’t involve the hassle of installing additional software, certificates.
How does MDVault work?
- While composing a message using webmail of MDofficeMail, as soon as the recipient’s email address (in To/CC/BCC field) is typed, MDofficeMail automatically detects whether that email address is a “Safe Recipient” or not.
- In case of Safe recipients, the message is sent securely with SSL/TLS encryption.
- In case of other recipients, message is locked and held in MDVault of MDofficeMail secure server without delivering it to the recipient. Instead, a notification is sent to the recipient informing that a secure, encrypted message has been received.
- By clicking the https web-link (key to unlock) within the notification, the recipient can log into MDVault (MDofficeMail) secure server to decrypt, view the message and download attachments, if any.
What are the other security features of MDVault?
Some of the state-of-the-art security features provided by MDVault are:
- Authentication Request: Sender can authenticate a new recipient. If this option is selected while composing, the message, recipient not only needs a password to decrypt the message, but also need a security code which can be provided only by the sender. Recipient needs to contact the sender to fetch the security code to decrypt and view the message.
- Force expiration of sent messages: In case incorrect information is emailed by error, sender can force expire the message. Force expired message will no longer be available to the recipient.
- Fixed life of sent message: Messages are automatically deleted from MDVault after 30 days irrespective of whether it is already viewed by the recipient or not.
- Downloading and storing: If the recipient wants to save important messages for future reference, they can download and save the message on their computer.
- Secure reply: Recipient of a secure message can send a secure encrypted reply.
- Automatic session timeout.
- Change-Password Reminder: Users are reminded to change their password every 90 days to maintain the HIPAA compliance.
Do I need to do anything to activate MDVault encryption while composing messages?
Absolutely nothing, While using Webmail "Safe Recipients" and "Other Recipients" are automatically segregated. Secure but plain message is sent to "Safe Recipient". MDVault feature is implemented in case of "Other Recipient" as explained above. While using MS Outlook/Outlook Express/Windows Mail, you need to type the word encrypt, secure, or “::” anywhere in the subject line while composing message to send a plain message.
Is there a way for my patients to send a secure message to me?
Yes, there are two easy ways:
a) Your patient can browse
https://EmailYourDoc.com, compose and send a secure message to you (MDofficeMail user).
b) If your patient has already received a secure message from you, there is an option to send a secure reply by clicking on the "Secure Reply" tab.
Are attachments supported by MDVault?
Yes, attachments are encrypted and may be downloaded from MDVault secure site. The recipient can include an attachment in their replies as well.
Are there any limitations with MDVault?
Message headers, including the subject, are not encrypted and get delivered with the MDVault notification. So be careful not to include sensitive information in the subject. Also, email held by MDVault may be removed after 30-60 days. So we don't recommend using it as a long-term secure message or file store.
Is it possible to customize the MDVault notification message?
This is available for email hosting plans with private domain (your own domain name). 'MDofficeMail' logo and banner will be replaced with yours in Webmail login page, webmail, message receipt intimation, and secure message header. It is possible to customize the notification template as per your taste.
Can you demonstrate MDVault?
Please click here to receive a sample encrypted message.
Is there any additional charge for MDVault?
No. All MDofficeMail Plans include MDVault encryption by default. You can subscribe for our CryptnSend if you wish to purchase MDVault as a standalone service for your existing email account.
How secure is MDVault, and what encryption technology does it use for HIPAA compliance?
MDVault uses industry-standard AES-256 encryption in CBC mode with MD5 hash. Many federal agencies and financial institutions around the globe use the same class of encryption to protect very sensitive data. AES-256 encryption is so secure that there are no publicly-known attacks that will recover anything useful from an AES-256 encrypted file in any remotely reasonable amount of time.