Clinical has incorporated the PKI interface developed by Health Signature Authority (HESA) to enable transfer of encrypted and digitally-signed e-mail between health care providers. The following information describes how to install and use this PKI interface.
1. For detailed information on installing PKI Components, refer to Setting Up Online Claiming and PKI Certificates.
Note: While some of this information is specific to Pracsoft, the process of installing and registering the certificates is performed within the Medicare Australia system.
2. Install the iKey driver software from this kit.
3. Select the PKI Encryption check box for the user.
4. Import the certificates for the people and/or organisations that the user wants to send encrypted messages to (for example another Practitioner or SA WorkCover).
5. Edit the MD3 Address Book to have the same e-mail address as that given in the certificate for that person or organisation.
To send encrypted e-mail from within Clinical to someone in the Clinical Address Book, you need to obtain copies of that person's public keys. These can be obtained from the Certificates Australia web site or directly from the person that you wish to send to. They are usually distributed as pairs of certificate files with the '.CRT' file extension. One of the files contains the Encryption key, which allows you to encrypt e-mail so that only that person can decrypt it. The other contains the Signature key, which is used to verify that an e-mail was digitally signed by that person. It is not usually possible to tell which key is in each certificate file from the filename.
Once you have your certificates imported and tokens registered, you can begin sending encrypted messages from within Clinical. When Clinical is started, it detects the presence of the PKI software. When you enter your password, you are prompted to enter your PKI password. The password is stored in the computer's memory until you log out or shut down Clinical. The password is never stored anywhere on the computer's hard disk.
If you have registered a token, you must use the token password and ensure that the token is plugged into the USB port. If you have not registered a token, you can enter the site password and your e-mail is signed and decrypted using the site certificates.
E-mail in Clinical is only available in the Letter Writer. To e-mail a letter, either select File > E-mail > Send on the Letter Writer menu, or click the Send E-mail button on the toolbar. If you have used the Clinical Address Book to choose the recipient, Clinical checks to see whether there is an encryption key for that recipient in the certificate store.
If so, the 'Encrypt with Medicare Australia PKI key' check box is activated and selected. If you do not wish to encrypt the e-mail, then unselect the check box. If you did not choose a recipient when generating the letter, you can select one while in the E-mail window by clicking the small button immediately to the right of the 'Recipient's Name' field. Again, Medical Director checks to see whether there is a certificate associated with that recipient and activates the 'encryption' check box if there is.
When clicking the Send button, Clinical automatically uses the recipient's public key to encrypt the letter before attaching it to the e-mail. It is also digitally signed by your Signature key. If you are using a token, it is very important to ensure that it is plugged in at this point, or your computer may lock up. When the recipient receives the e-mail, they are only be able to decrypt it if they have the correct private key.
Clinical does not directly import e-mail, but interfaces to the e-mail software that is already set up on the computer using an interface known as MAPI. When you are using the Clinical Letter Writer, you can view the contents of your e-mail 'InBox' and import e-mail from there directly into patient records. To do this, select File > E-mail > Import from the Letter Writer menu.
When you view e-mail in this window, Clinical automatically decrypts any encrypted mail using your private key before displaying it. To do this, Clinical uses the password that you entered after logging on and the private key on your token (or in your site certificate if you used the site password). Obviously, the token must be plugged in if it is required.
If the password does not match the token or certificate, the e-mail is not decrypted and an error message is displayed.
Your public keys are available on the Certificates Australia web site, so you do not necessarily have to distribute them yourself, you can direct people to this web site if they want to encrypt something that they are sending to you. If they are using MedicalDirector Clinical, they only need to obtain your certificates once, as they is stored against your name in their Address Book after they have imported them.