When sending or receiving sensitive data with external collaborators, it is crucial to do so in a secure manner to prevent data loss. UCSF provides a secure email solution allowing for secure transmission of sensitive data, including PHI. This can be done through your already existing/preferred email client and does not require you to download/install anything.

HIPAA regulations stipulate that electronic communications containing Protected Health Information (PHI) must be transmitted in a manner that protects the confidentiality of patient information. When you send, receive or store any electronic document containing UCSF confidential or patient information, you are responsible for ensuring that the information is processed securely. To determine what type of data is categorized as PHI, please confirm with our UCSF Data Classification Standards.

Services

• UCSF secure email is a solution designed to help faculty, students, and staff comply with HIPAA regulations. With this service, messages and attachments are automatically encrypted, allowing you to send or receive PHI. When sending an email through this service, the information stays protected by never leaving the controlled environment. Your recipients receive a message informing them of a secure message from UCSF and provides a user-friendly interface to open and reply to your message. 

Directions

1. To send a secure email, begin by opening up your preferred email client (Outlook, Apple mail, etc).
2. In the Subject field, start your subject with one of the following keywords:
   • PHI:
   • ePHI:
   • Secure:
   • [encrypt]
3. Never include any Protected Health Information (PHI) or any data classified as Sensitive (P3) / Restricted (P4) in the Subject line as it is sent in clear text. Best practices can be found here.
4. Compose your email message and hit the 'Send' button.

Support 

For more information on email encryption, go here.

For help with opening a secure email, visit secure email recipient help.