sutures newsletter

PRODUCED BY AND FOR MEMBERS OF THE DEPARTMENT OF SURGERY April 2013 | Archived Issues

Encrypting Email is Easy - Here's How

Physicians are reminded that federal laws require electronic protected health information to be secured, including when it is sent via email to addresses outside Cedars-Sinai. To assist you, the medical center's email system includes an easy way to use encryption to keep emailed information secure and protected from unauthorized access.

When using the Cedars-Sinai email system, simply include the word "Zixencrypt" anywhere in the subject line of your message, and the email will automatically be encrypted as it leaves the Cedars-Sinai email system.

After your email is sent, the recipient will receive a notification message containing a link to the Zix Corp. Messaging Center website. After completing a one-time registration process, the recipient can log in to the Zix Message Center to view your message and attachments. Once a recipient opens the Zix Secure encrypted email message, a confirmation message will be returned to your mailbox to let you know the individual has picked up the email message.

As long as the recipient sends any replies through the Zix portal, the message and communications stays encrypted and secure. If the recipient forwards the message or copies and pastes any part of the message to an external email system, the information is no longer encrypted or secure, since it has been taken out of the Zix environment.

More information on sending emails securely using Zixencrypt can be found on the Intranet (only accessible within the campus network) at http://web.csmc.edu/administrative/eis/e-mail-support/e-mail-encryption-information/.

The consequences of not reasonably securing patients' protected health information, like emailing unencrypted PHI to an external email address, can include fines and penalties. Also, anyone who causes such a security breach, whether intentional or not, must be reported by name to any patient whose personal information was exposed. For employees and staff, there may be further consequences for violating Cedars-Sinai's policies regarding privacy and information security.