Abstract

I am working on a secure messaging protocol for patients and clinicians. At the moment, patients are sending their questions over e-mail to NHS clinicians and the clinicians are forced to either ignore the questions – because of the insecurity of the medium – or send clinical information in the clear – because of trying to serve the patient’s immediate clinical needs.

I am hoping to offer a better service that is more secure but minimizes impact on clinicians’ workflow, i.e. by allowing them to continue to use their NHS e-mail. I need to know from the group:

1. how technically secure is this protocol?
2. where are the social engineering vulnerabilities?
3. are vulnerabilities low enough to allow adopting this protocol as an improvement over existing workflow?

By way of background, my name is Mohammad (www.mo.md) and I trained as a physician at Cambridge University and a programmer at Anglia Ruskin University. I wrote six books about the use of IT in health care but have no expertise in security so was hoping to benefit from the Friday security group meetings.