Results 1 to 3 of 3

Thread: Deactive webmail (HIPPA Reasons)

  1. #1
    altimage is offline Active Member
    Join Date
    Nov 2005
    Location
    Daytona Beach, FL
    Posts
    39
    Rep Power
    9

    Default Deactive webmail (HIPPA Reasons)

    I have a client who would like to allow users to access zimbra only through Outlook (no webmail). I can't find anywhere where it's an option.

    Alternately, can I force a specific domain to access the webmail only through https while allowing everyone else to get in through http?

    They're needing this for HIPPA compliance. Our regular configuration allows users to access through either http or https and I really can't force all 2000 other users to have to start using https just because of this one client's compliance requirements.

    Any suggestions?

    thanks,
    altimage

  2. #2
    dipeshmehta is offline Special Member
    Join Date
    Jun 2010
    Location
    Rajkot, India
    Posts
    159
    Rep Power
    4

  3. #3
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,366
    Rep Power
    10

    Default

    Quote Originally Posted by altimage View Post
    I have a client who would like to allow users to access zimbra only through Outlook (no webmail). I can't find anywhere where it's an option.

    Alternately, can I force a specific domain to access the webmail only through https while allowing everyone else to get in through http?

    They're needing this for HIPPA compliance. Our regular configuration allows users to access through either http or https and I really can't force all 2000 other users to have to start using https just because of this one client's compliance requirements.

    Any suggestions?

    thanks,
    altimage
    I think you'll find that the HIPAA Security Rule is fine with web access, provided however that the transmission is encrypted end to end.

    If you configure your Zimbra server to force users from http to https you should be OK.

    Alternatively, you could just block ports 80 and 443 and the firewall to stop all web access.

    I'm surprised at the requirement for Outlook; many users will turn off ssl/tls when they have any sort of connectivity options; you can't control that like you can the Zimbra https redirect, so it's a bit confusing why your practice wants to do things that way.

    FWIW, we take care of a number of medical practices on our manged services side, plus we've also configured our Zimbra farm to be HIPAA compliant. Not pitching here, just letting you know that you have options with Zimbra.

    One other easy way to break HIPAA compliance with Outlook is forwarding, again, which you can control in Zimbra but not in Outlook. The practitioner sets up an Outlook rule to forward emails to their ISP's home email account. Many ISP's email servers won't do server-to-server TLS, so the forwarding is done unencrypted, leading to a defacto HIPAA violation.

    We actually encourage our practices to drop Outlook, so as to make enforcing HIPAA compliance easier with Zimbra.

    Hope that helps,
    Mark

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Thunderbird folders not sync'ing with webmail folders
    By sullimd in forum Administrators
    Replies: 2
    Last Post: 06-08-2012, 02:40 AM
  2. Replies: 11
    Last Post: 02-14-2012, 01:31 PM
  3. Replies: 9
    Last Post: 10-26-2010, 02:27 AM
  4. Webmail + postfix proxy
    By kechols in forum Administrators
    Replies: 2
    Last Post: 06-18-2007, 05:25 AM
  5. Strip Out Just WebMail
    By bsimzer in forum Developers
    Replies: 1
    Last Post: 11-22-2005, 11:20 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •