The state of medical privacy has become quite appalling lately. I started using a young doctor in a new office and they are gung ho on modern tech. That’s fine to some extent but they want to send me invoices and all correspondence via e-mail. No PGP of course. I did an MX lookup on their vanity email address & it resolves to an MS Outlook server.
I asked them for my test results. They offered to email them.
My response: I do not want sensitive medical info coming by e-mail via Microsoft’s servers. I did not give you a copy of my email address for that reason. It needs to be snail-mailed to me.
Perhaps of greater concern is that the receptionist acted like I am making a unusual request, and that they do not mail things. Apparently I am the only patient who has a problem with sensitive medical info going to Microsoft. So the receptionist is investigating whether she can get approval to mail me my results by post.
I wonder if someone in that clinic will have to run out and buy stamps because I have a problem with Microsoft.
I’m not sure you understand. When you say “O365”, that implies desktop apps. When I say I did an MX lookup, that means the MX server is
(foo).mail.protection.outlook.com, which means the email traverses MS assets in the clear regardless of what software they use.FWIW, unrelated, it’s notable that o365 was studied¹ by the Dutch gov and found² to violate GDPR due to telemetry data kept in the US.