It would appear that the British National Health Service, as exemplified by my local hospital, are not allowed to use email for formal communications. A consultant in the hospital cannot email my General Practitioner (local doctor) with the results of a procedure etc. Snail mail is used instead. I was told I would receive a formal response (no more than an acknowledgement of my email to them) by snail mail. When I asserted my preference for email I was told that 'they' don't allow that. I was quite amazed.

A statement that snail mail is more secure than email seems odd.

Rather than addressing the security of the communications they are avoiding it. I believe they are a Microsoft house so I'm guessing their email system (yes, they have one) is Microsoft based. How easy is it to set up a secure email system from that to an end user, using whatever might be available to a typical home user, e.g. Thunderbird or Eudora? AFAICT it only needs to be one way? Hospital to patient, assuming the patient can then make up their own mind about the security needs of what they have to say. GPG seems OTT for the average user (who prefers email - I wouldn't insist on it for any other patient. ), but how easy is it to set up a signature which would effectively guarantee the authenticity of the content? By 'secure' here, I simply mean something that is as good as the postman, which must be their current definition of adequacy.

Suggestions appreciated.