HITS has implemented secure (or encrypted) outbound email on the UMHS Exchange server.
Outbound mail containing what the tool determines to be sensitive data will be automatically encrypted.
- "Outbound" means the email was routed outside the UMHS Exchange environment. For example, when sending an email directly to another @med.umich.edu account, the email never leaves the UMHS Exchange environment, so the email will not be encrypted. Sending to any other address, including @umich.edu, requires the email to leave the UMHS Exchange environment.
- The tool uses a kind of algorithm to determine the sensitivity of a message. If it meets certain criteria, the message will be encrypted before leaving the UMHS system.
If email must be used to transmit secure data to an external email address, always add [SECURE] (including the brackets) in the subject line of the message. This addition will ensure that the message will be encrypted and sent securely. Attachments will also be encrypted. The data limit for outbound email is 25 MB.
For more information on outbound email encryption to external addresses see the Outlook - Email Encryption
- Email communication between UMHS users should stay within the Outlook/Exchange system, so always send messages for UMHS staff to their email@example.com address - not their firstname.lastname@example.org address.
- Use the Global Address List (GAL) within Outlook to select a UMHS recipient's email address.
- If you must send email with identifiable patient information or other sensitive data to an external email address, include [SECURE] in the subject line. See the #Sending an Encrypted Message section for more information.
- [SECURE] may be written in lower case (the implementation is not case sensitive); however, you must include the brackets.
- The content in the subject line is not encrypted. Therefore, you should never put sensitive information, such as a Medical Record Number (MRN) or patient name in the subject line of the mail message.
Impact of Outgoing Email Encryption
- With the implementation of outbound email encryption, there is a file size limit of 25MB per message.
- Messages will expire after 180 days.
- The tool does not permit "Reply All" to or "Forwarding" of an encrypted message.
Sending an Encrypted Message
While MCIT has implemented secure (or encrypted) outbound email on the UMHS Exchange server, consider the following other options prior to sending or transferring sensitive data (or potentially identifiable patient information) outside the Health System:
- The MiChart Patient Portal (MyUofMHealth.org) should be used for communication between providers and patients. The portal has a limit of 5 MB per message.
- MiShare is best for file exchange, including the transfer of image files (screen shots, pictures, or scanned images/PDFs). MiShare can accommodate over 25 MB of data. Documents sent via MiShare stay on the server 5 days and then are deleted.
- U-M Box is for file storage, not transfer. M+Box can also accommodate a transfer of over 25 MB of data. Students, staff and faculty at the U-M are all entitled to have a 50 GB M+Box account.
Visit the Encryption - UMHS Policy 1-04-502 Guide page for more information regarding the transfer and encryption of sensitive information.
If email must be used to transmit secure data to an external email address, be sure to add [SECURE] (as written in brackets) in the subject line of the message. This addition will ensure that the message will be encrypted and sent securely. Attachments will also be encrypted. The data limit for outbound email is 25 MB.
The tool used to encrypt email also acts as a safety net and will attempt to calculate if the data in the message is indeed considered sensitive or ePHI.
- If the message has sensitive data, the tool will encrypt the message.
- If the tool determines that the message has no sensitive data, the message will be sent as a standard email message.
Receiving an Encrypted Message
When an external recipient receives an encrypted email message from UMHS, the actual message is not sent directly. A recipient must first open a secure attachment and acknowledge the encryption before being able to open and read the message in the "Registered Envelope".
A recipient will use the following procedure to view the secure message:
The recipient receives a Notification Message with an attached securedoc.html file.
The recipient must view/open the file in a web browser. In the web browser, the recipient then clicks the ACKNOWLEDGE button to access the message.
Replying to an Encrypted Message
Once the recipient accesses the encrypted message, the recipient has the option to reply by clicking the Reply button in the browser window.
- Only the sender will receive the reply. The Reply All function is disabled, so if the UMHS individual sends an encrypted message to several recipients, none will be able to "reply to all" and have the message go to all the original recipients.
- While the reply is secure, it is not encrypted. The message is transmitted back to the original UMHS sender using TLS (transport layer security), so the reply meets UMHS compliance and HIPAA requirements.
- The reply message to the sender will appear as a normal email message; the reply is not encased in a Registered Envelope.