I work for a company that does hospital software. One of the things we're investigating is the possibility of sending encrypted emails (or encrypted email attachments) of patient information to doctors as an alternative to faxing. However, there are certain requirements for whatever system we implement.
It has to be secure. No vulnerabilities, no weak encryption.
We're looking for something accessible to the doctors. I have no idea what's considered "standard". The doctors need to be able to access the encrypted emails/attachments on their office systems, which is almost certainly going to be running Outlook. So there needs to be software that hooks easily into Outlook, is user-friendly, is professional, and available (either free or not excessively priced).
The emails will be generated by a server component, written in C#, running on an XP or 2000 server. So whatever we use needs to be accessible by us programmatically as well, through some kind of API.
I've never done any kind of email encryption stuff before, so I'm hoping to benefit from your collective wisdom. Anyone have any suggestions of where to start?