Repost from Adv. Discussion - Secure email (DIRECT Project-compliant) via FileMaker - Ideas?

Discussion created by DrewTenenholz on Feb 20, 2013
Latest reply on Feb 21, 2013 by DrewTenenholz

All --


Does anyone have any ideas about how to send/receive SECURE email as described below?


This is a bit of a stretch, because it is a question about sending/receiving highly secure email with FileMaker, which is certainly not a 'core function' of a database application. However, it is an essential element of an Electronic Medical Records solution built with FileMaker that I'm working on. I'm open to plugins, web services, etc. to achieve this ability, so all suggestions are welcome.


In order for this EMR to qualify U.S. federal standards for 'Meaningful Use-Stage 2', I need to be able to send/receive email messages which are secured according to the DIRECT Project standard (http://wiki.directproject.org/ApplicabilityStatementforSecureHealth+Transport) which says in part:

SMTP, S/MIME, and X.509 certificates to securely transport health information over the Internet. Participants in exchange are identified using standard e-mail addresses associated with X.509 certificates. The data is packaged using standard MIME content types. Authentication and privacy are obtained by using Cryptographic Message Syntax (S/MIME), and confirmation delivery is accomplished using encrypted and signed Message Disposition Notification. Certificate discovery of endpoints is accomplished through the use of the DNS. Advice is given for specific processing for ensuring security and trust validation on behalf of the ultimate message originator or receiver.




As I understand it, the idea is to send email in much the same way https website content is delivered. An email address is registered with a 'certificate authority' (as yet undefined), and any messages received from that address are checked first to ensure that the sender is who they say they are, then that the message they sent has not been altered since it was sent and is finally the message content (both text and attachments) is decrypted and made available to the end user.


The resources I've found so far are the DIRECT project referenced above and the open-source software platform called CONNECT (http://www.connectopensource.org/), but none of this helps me see a way to send these sorts of email.


Any help is greatly appreciated.


-- Drew Tenenholz


P.S. My opinion is that although this sounds like a rather complicated and overly protective way to send email, once health care providers are using this regularly (as early as 2014), it will soon become a worldwide standard, and every application that sends mail will need to be able to handle mail like this. So, while we have our script step "Send Mail ", and it has some useful options, it will eventually need to support these options as well.