Home User Manual Discussion Forum Search

Encrypted Email - Standard vs Direct

Sending and receiving encrypted Email requires both sender and recipient to share public key security certificates (also known as digital signatures). This verifies that sender and recipient are 'trusted' sources. Open Dental supports Standard Encrypted Email and Direct messaging. Both methods require that you Obtain an Email Security Certificate and Install Private and Public Keys on a Workstation.

Note: Setting up encrypted email in Open Dental is similar to setting it up in Microsoft Outlook and Thunderbird.
Topic Open Dental Resources Microsoft Outlook Resources Thunderbird Resources
Get and Install a Digital ID Obtain an Email Security Certificate
Install Public and Private Keys on a Workstation
Get a digital ID from a certifying authority Creating PGP keys
Exchanging Digital IDs Adding Trust Add a recipient's digital ID to your Contacts Sending and receiving public keys

Standard Encrypted Email
Standard Encrypted Email is a secure method of exchanging email with 'trusted' sources. Before encrypted email can be exchanged using Open Dental:

  • Email must be setup.
    Email security certificates must be purchased and installed on workstations. 
  • Both sender and recipient must manually share public key certificates by exchanging digitally signed messages. 

See Setting up Standard Encrypted Email

How it works:

  1. In Open Dental, Provider A sends a clear text, unencrypted email to Provider B that contains Provider A's public key. To verify the public key is attached to the email, check the Signed By field on the Edit Email window. It should contain Provider A's email address. 
  2. Provider B opens the unencrypted email and adds Provider A as a trusted source. In most email programs (e.g. Microsoft Outlook) there will be a notifcation in the email that the user can click to add a trusted source.
  3. Provider B replies with an email that contains their public key (digital signature).
  4. In Open Dental, Provider A opens the Email Inbox. Provider B's email message will have 'N' in the Sig column. Click the 'N' to add Provider B's public key to the list of trusted sources on the workstation.
  5. Provider A can now exchange encrypted email with Provider B. 

The certificate cache is always checked when sending. If a certificate expires, you will need to repeat the steps above with the recipient.

Direct Messaging
Direct messaging is a method of encrypted email that is intended to simplify the 'discovery' of public key security certificates. Public key certificates are hosted in DNS so they can be discovered 'automatically' using the domain part of the recipient's email address. Direct is used primarily by EHR providers to exchange clinical healthcare data securely with other providers. 

Before Direct messages can be sent using Open Dental:

  • Email must be setup.
  • Email security certificates must be purchased and installed on workstations. 
  • Public key certificates must be installed on a hosting server for both sender and recipient.

See Setting up Direct Messaging

How it works:

  1. Both Provider A and Provider B install email security certificates on workstations and host public key certificates in DNS. 
  2. Provider A attempts to send an encrypted email to Provider B. A query automatically goes out to 'discover' Provider B's public key certificate. When successfully found, the encrypted email is sent to Provider B.
  3. Provider B receives the email, and if needed, adds Provider A's public key certificate to his list of trusted sources.

Direct messages can be sent to a provider who does not use Direct (e.g. a non-EHR provider).  The receiving provider must become a trusted source by obtaining a digital signature and setting it up on their system. See Become a Trusted Source for instructions on how to create and setup a digital signature in Microsoft Outlook.


Open Dental Software 1-503-363-5432