Search the OSCAR Documentation
< All Topics

Encrypted email from OSCAR

eMailing Patients Shouldn’t Be Hard

But to do it securely in a way that meets privacy legislation involves some setup.  The entire process is covered my video

Why Emails are IN secure

According to the CMPA
• Use of email or other virtual tools to discuss sensitive information can increase the risk of such information being intercepted by third parties.
• Despite reasonable efforts it is not possible to completely secure the information.
• Employers and some online services (eg gmail) may have a legal right to inspect and keep emails that pass through their system.
• Virtual care tools can introduce malware into a computer system, and potentially damage or disrupt the computer, networks, and security settings.
• Communications through email can be forwarded, intercepted, circulated, stored, or even changed without the knowledge or permission of the Physician or the patient.
• Even after the sender and recipient have deleted copies of an email, back-up copies may exist on a computer system.
• Communications through email may be disclosed in accordance with a duty to report or a court order.

Secure eCommunication Options including eMail

Encryption scrambles the contents of a communication so that only those with access to a secret key or password can unscramble and read it. Examples of encrypted e-communications include

  • OSCAR messages

  • PHIPA compliant eFax eg SRFax

  • eMail with end to end encryption option eg Proton

  • instant messaging with end to end encryption option eg Telegram

  • Patient Portals eg myOscar and some commercial products

  • Password protected files transmitted by email

Why Proton?

Proton Mail is a private email service that uses open source, independently audited end-to-end encryption and zero-access encryption to secure your communications. This protects against data breaches and ensures no one (not even Proton) can access your inbox.  A free version is available.

Setting up Firefox to use Proton webmail

OSCAR 19 provides the patients email as a link.  Clicking the link can have you open the system default email app, but can be set to open the Proton email web client. This part is tricky and varies slightly depending on the version of Firefox you have installed.

  • Open in Firefox and sign in to Proton
  • Open Firefox’s Web Console in the lower part of the tab below your mailbox. You can do that using either:
    • Ctrl+Shift+k (Mac: Command+Alt+k)
    • “3-bar” menu button > More Tools > Web Web Developer Tools
  • Ensure you are on the Console tab that has a double caret >>.  Select and copy the following line of script (it’s all one line) in front of the caret and paste it in the space to the right of the double caret:
navigator.registerProtocolHandler('mailto', '', 'Proton');
  • If you have never pasted there before Firefox will ask you to take some action to prove you understand it’s dangerous to run scripts from strangers. For FF version 119 as illustrated above, it says “Scam Warning: Take care when pasting things you don’t understand. This could allow attackers to steal your identity or take control of your computer. Please type “allow pasting” below (no need to press enter) to allow pasting.” Follow their instructions.
  • Once you have activated paste, then paste the script again. Then press the Enter key to run the script. Alternately if there is a Run button above the command line, click the run button.

  • An infobar should open above the page just below the toolbar area asking you to confirm. Click “Add Application”. You now can close the Web Console by clicking the “X” on its top bar at the right.

NOTE: navigator is the user agent, here the Firefox Browser.  The navigator.registerProtocolHandler lets websites register their ability to open or handle particular URL schemes (aka protocols).  The protocol being added to is ‘mailto’.  The URL is that of the Proton inbox with the placeholder of %s for any subject that might be passed.  The name that the protocol that is added is ‘Proton’

Setting up OSCAR 19 to Display eMail

Go to Admin > eChart > Display settings

Choose Display Patient Email Address by selecting yes and click the save button

Setting up a Given Patient to Use eMail


Obtain the email and consent to use it from the patient.  Enter both into the Master Demographic by either clicking the Edit button or the edit icon in the Contact Information section.

Remember to click Update button at the bottom of the edit page!

Using the eMail Link

The top bar of the chart displays the email as a clickable link.

HINT: use Ctrl + click on the email link to force Proton to open in a new tab

Another location for the patient email link is in Lab reports

Regardless of where and how you clicked the web email client for Proton will open

ENSURE that you click the External encryption button.

Enter a message password and an optional password hint and send.

The patient will get an email with the password hint and the link to the Proton web access site where they can enter the password

Then viola the encrypted eMail

Here is a YouTube video on the procedure

Copyright © 2023 by Peter Hutten-Czapski

Table of Contents