HIPAA Secure Email Information/FAQ's
It is important that all email communication containing PHI is kept confidential. Email leaving the University must be protected so that it cannot be intercepted. To that extent, we've made this process easy for you with ZixCorp protection services. There are no keys to exchange or cumbersome steps to remember. And it works seamlessly with our current email application, so there's no learning curve and no information to transfer.
Emails containing PHI will be sent securely. Recipients will go through a few simple steps to access messages and will also be able to respond securely free of charge.
If you have any questions, please contact the Service Center at 732-743-3200.
What is Secure Messaging?
Secure Messaging is the automatic process of:
* Identifying outbound email that contain Protected Health Information (PHI)
* Encrypting the email messages that have been identified as containing PHI
* Sending encrypted email using ZixCorp's Best Method of Delivery™
How is PHI identified?
The content of all outbound messages are scanned and compared against two lexicons, or dictionaries.
* Identifier Lexicon has a criteria of identifier information
[example: Social Security numbers]
* HIPAA Lexicon contains HIPAA terminology
[example: a health condition/disease]
The content of the email message must meet a criteria defined in both lexicons for encryption to occur.
* Example 1: Message will be encrypted if message or attachments contain a Social Security number and a name of a disease.
* Example 2: Message will not be encrypted if message or attachments only include a Social Security number.
* Example 3: Message will not be encrypted if message or attachments only include a name of a disease.
What if PHI is in the subject line?
It is not practical to encrypt a subject line of an email. Therefore, any email messages that contain PHI in the subject line will be rejected and returned to the sender.
What do you do if this happens?
* Review the subject line
* Make necessary corrections
* Resend the email
Why are we implementing Secure Messaging?
With the adoption of the HIPAA, it is required that all communications containing PHI be secured. To help implement this important and practical security measure, we are using secure messaging services to protect our email and ensure all PHI remains confidential.
__ Sending a Secure Message __
If lexicon policies are used exclusively, the encryption process will happen transparently without requiring any user input. Please refer to "What is Secure Messaging?" above for more details.
However, UMDNJ has set up a special keyword encryption policy. To manually encrypt an e-mail that the user believes contains protected health and/or sensitive information, the user must type ZixSecure into the subject line and/or the body of the e-mail. This will then, regardless of the information contained in the message, be encrypted.
What if the recipient does not retrieve the message?
If the recipient does not retrieve the message before the expiration date, you will receive an expiration notification email. The original message will be deleted from the secure Web site.