If users at your practice require high levels of security, Bp Premier can encrypt outgoing and incoming emails using PKI certificates.
Before you begin
The following must be set up before you can configure encryption from Bp Premier:
- Best Practice Software recommend that, if your practice allows users to send encrypted emails, each user should have a separate email address for clinical correspondence, instead of using a global practice email. For more information on setting up email, see Setting up Bp Premier to use email.
- Users who need to send encrypted emails must obtain a Keytoken or smart card and management software.
- Users who need to send encrypted emails must install the management software on their Bp Premier workstation.
- The certificate store folder on the Bp Premier server must be shared to users who send encrypted emails. Your IT support can assist with sharing Windows folders.
How does e-mail encryption in Bp Premier work?
If email has been configured, the email icon will appear in the tool bar on the word processor. To be encrypted, email must be generated from a patient record.
If the word processor is opened from a patient record, and the addressee and user have PKI keys configured as described in this article, Bp Premier will encrypt the e-mail. The Message field will include the text "An encrypted HL7 document from Best Practice is attached."
The following notes apply to email encryption:
- If the addressee is a contact, the contact must import a public key from the Contact details screen.
- Public keys can be obtained by:
- asking the recipient for their public key
- searching, downloading and importing the certificate into the contacts book from https://www.certificates-australia.com.au/general/cert_search_health.shtml
- importing a Bp Premier user's public key
- A user must use the template field Addressee full details for Bp Premier to recognize a contact in address book with public key attached.
- Email cannot be encrypted when multiple recipients are selected.
Set up PKI certificates on the server
- Log in to the Bp Premier server as a user with access to Configuration.
- Select Setup > Configuration > E-mail and click Create PKI Certificate Store.
- Accept the default location for the PKI certificate store: C:\BPSPSI.
- Set a PKI Certificate store pass phrase. A minimum 6 characters applies.
- Click Save.
- In a file explorer, browse to the C:\BPSPSI folder. Set the folder to 'shared'. If unsure, consult your network administrator or IT support.
IMPORTANT Do not lose the PKI certificate passphrase. Best Practice Software support cannot retrieve the passphrase from your installation.
Set up PKI certificates for a user
Install PKI management software and iKey Token on the user's usual Bp Premier workstation. Consult the software's help documentation for information on installation.
- Log in to Bp Premier on the user's workstation.
- Select Setup > Configuration > E-mail and click Create PKI Certificate Store.
- Accept the default location for the PKI certificate store, C:\BPSPSI.
- Set a PKI Certificate store pass phrase for the workstation. A minimum of six characters applies.
- Click Save.
- Click Search. Browse to the shared folder \\<servername>\BPSPSI and click OK.
- Save and close the Configuration screen.
- Select Setup > Users from the main menu.
- Select the logged-in user and click Edit.
- Click Hesa key, select Individual Certificate (Hardware token), and click OK.
- Select Certificate on token "Key Encipherment" from the list of certificates.
- Click Register.
- Enter the token pass phrase that was set up in step 4.
- Click OK on the Token successfully registered screen.
- Close the HESA key screen. You will need to return to this screen if you need to export public certificates to contacts.
- Save and close the Edit user details screen.
IMPORTANT Do not lose the PKI certificate passphrase. Best Practice Software support cannot retrieve the passphrase from your installation.