I want to listen to my voicemails in a secure but convenient fashion. I plan do

Question

I want to listen to my voicemails in a secure but convenient fashion. I plan do this by having my PBX encrypt the voicemail using openssl aes 256 cbc with salt and a single static password. The voicemail would be emailed to my Gmail address where I am creating an chrome app to decrypt it using the established static password and play it.

What are the security implications of establishing such a system or is there a better recommended encryption setup? Also, as a side note, would this setup be considered HIPAA compliant?

Explanation / Answer

Good news! It looks like Gmail is HIPPA-compliant IF you are using a Google Apps domain and have requested a BAA from Google. A BAA is required for you to use external companies for such services for HIPPA compliance. Normal Gmail addresses are not HIPPA compliant AFAIK.

Your setup sounds OK - I would rather see some kind of changing password, which would at least offer protection against someone finding one password and having all voicemails.

If I were you, I'd rather create a HTTPS website to check your voicemail that can only be accessed via a VPN. While HTTPS is secure, if you put the information on a public web server, you open it up to other methods of attacks. If you have it available on your network only, then VPN into your network, someone will have to perform several attacks to get to the data you are trying to protect.

-- I'm sure you know how much the fines are for HIPPA failures. Make sure that you only use a Google Apps Gmail address with a BAA. It's worth the $50 per year for one account if you don't have it.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.