Overview

The UCSF secure email solution is designed to help faculty, learners and staff comply with the federal HIPAA regulations that went into effect April 21, 2005.

HIPAA regulations stipulate that electronic communications containing Protected Health Information (PHI) must be transmitted in a manner that protects the confidentiality of patient information. When you send, receive or store any electronic document containing UCSF confidential or patient information, you are responsible for ensuring that the information is processed securely.

• Best Practices
• Email Encryption
• Sending a Secure Email

Best practices

• Insert a secure email keyword into the Subject line and let the email system process the message appropriately; if you have any doubt about the sensitivity of the content of your message, tag it for encryption.
  
  NOTE: While all email messages on our system are encrypted using Secure Socket Layer (SSL) when traveling from your email client to the email system. Email messages sent to other UCSF mailboxes never leave the email system; they are routed from one email database to another. Historically, relying on SSL encryption has been deemed an acceptable level of risk. Email messages sent to another @UCSF mailbox are not being routed through our secure email (encryption) service at this time.
   
  • Secure Email Keywords include:
    • PHI:
    • ePHI:
    • Secure:
    • [encrypt]
       
• Format your secure email keyword correctly (for example, "Secure:"), to ensure the email is encrypted.
• Never include any Protected Health Information (PHI) or any data classified as Sensitive (P3) / Restricted (P4) in the Subject line as it is sent in clear text.
  For more information regarding Data classification standards, please review the UCSF Policy 650-16 Addendum F, UCSF Data Classification Standard.
• When in doubt about your message content, send it using a secure email keyword in the subject line.

Email Encryption

Many encrypted email services can be challenging for users. With our email encryption service, messages and attachments are automatically encrypted with complete transparency. There is no need to manually encrypt your email to send and receive messages securely—it happens in the background. Email encryption simplifies secure communications, leaving you in control.

Because our email encryption service is incorporated with our email security solution, there is no separate registration process for UCSF faculty, learners, and staff.

Sending an encrypted message

When you send an email message through our encryption service, the information stays protected by never leaving our controlled environment. Your recipients receive a message informing them of a secure message from UCSF and provides a user-friendly interface to open and reply to your message.

How to send an encrypted message.

Removing access to an encrypted message

Sometimes, after sending out an encrypted message, you need to block access to that message. To disable access to an encrypted email message, please submit a ticket at Get It Help (requires MyAccess Login).

Note: This is commonly referred to as "revoking the encryption key."

In your request please include:

• Date and time the message was sent
• The subject of the message
• Which recipient(s) should no longer have access to the message
  • It can be an individual, multiple individuals, or all recipients
• For the fastest action possible, please be specific

What your recipients can expect

Registration The first time you send an encrypted email message to a recipient, that person will have to register with the email encryption service in order to open the message. A person only has to register once!

• View the email encryption registration process
• Download a PDF version to send to your recipients

Resetting a Password: Our encryption service has a robust self-service password reset feature.

• View the password reset process
• Download a PDF version to send to your recipients

Sending a Secure Email

Sending an email message through the email encryption service is easy!

1. Open a New message window in your preferred email client (e.g., Outlook, Apple Mail, Outlook Web App (OWA)
2.  Add the intended recipients in the To:, CC: or BCC: fields 
3. In the Subject field, start your subject with one of the following keywords:
   1. PHI:
   2. ePHI:
   3. Secure:
   4. [encrypt]
4. Compose your email message
5. Select the Send button to send your encrypted message
   NOTE: Replies to messages sent using the email encryption service remain within the service, keeping patients' and UCSF's protected information safe.

When in doubt, send it securely!