this post was submitted on 20 Feb 2024
4 points (62.5% liked)

Cyber Activism

126 readers
2 users here now

founded 3 years ago
MODERATORS
 

The state of medical privacy has become quite appalling lately. I started using a young doctor in a new office and they are gung ho on modern tech. That’s fine to some extent but they want to send me invoices and all correspondence via e-mail. No PGP of course. I did an MX lookup on their vanity email address & it resolves to an MS Outlook server.

I asked them for my test results. They offered to email them.

My response: I do not want sensitive medical info coming by e-mail via Microsoft’s servers. I did not give you a copy of my email address for that reason. It needs to be snail-mailed to me.

Perhaps of greater concern is that the receptionist acted like I am making a unusual request, and that they do not mail things. Apparently I am the only patient who has a problem with sensitive medical info going to Microsoft. So the receptionist is investigating whether she can get approval to mail me my results by post.

I wonder if someone in that clinic will have to run out and buy stamps because I have a problem with Microsoft.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 7 months ago* (last edited 7 months ago) (1 children)

just someone with access to a transit network.

I think you’re saying this because I have no way as a sender or recipient to ensure or verify TLS is in play at every hop, correct? Otherwise, if TLS is in force by both providers then I would only expect the email providers (and their hosting providers) to have access.

[–] [email protected] 2 points 7 months ago

Yes, that's exactly correct.