Confidentiality, Privacy and Security

Securing Email...Thanks Dana!

  • 1.  Securing Email...Thanks Dana!

    Posted 07-04-2020 08:38
    Dana Williams' post raised a thought about securing emails.  When your computer users send an email how do they initiate the function within the email system that secures (encrypts) the outgoing email?

    For example, some systems will secure the message if a certain word appears in the subject line or by hitting a button on the Outlook ribbon that triggers the encryption process.

    Thanks!

    ------------------------------
    Frank Ruelas
    Compliance Professional
    Arizona
    ------------------------------


  • 2.  RE: Securing Email...Thanks Dana!

    Posted 07-06-2020 10:26
    We do so by utilizing "dcphi" or "dcsecure" in the subject line.

    ------------------------------
    Nancy Davis, MS, RHIA, CHPS
    Director of Compliance & Safety
    Door County Medical Center
    ------------------------------



  • 3.  RE: Securing Email...Thanks Dana!

    Posted 07-06-2020 13:10
    "dcphi" or "dcsecure"...I "dclike it"!  ☺

    ------------------------------
    Frank Ruelas
    Compliance Professional
    Arizona
    ------------------------------



  • 4.  RE: Securing Email...Thanks Dana!

    Posted 07-06-2020 12:48
    Ours will encrypt if we type "secure" or "protect" in the subject line. It also has the ability to scan the content (not images) and to auto encrypt if it feels that the message may contain PHI.

    ------------------------------
    Kathryn Wood, RHIA
    Assist Dir of Information Systems/Privacy Officer
    War Memorial Hospital
    ------------------------------



  • 5.  RE: Securing Email...Thanks Dana!

    Posted 07-06-2020 13:08
    You might like this related "funny" story.

    I've learned that sometimes the same character string, such as "encrypt" is used in the subject line to encrypt an email if the word is entered in the subject line using a specific syntax.  For example *encrypt*.  An individual shared that he came from an organization that used encrypt as the trigger word...but the syntax had to be #encrypt#.  In other words the word encrypt set off by # rather than *.  As luck would have it, this person sent an email with PHI but used *encrypt* because of habit from his previous job and the email did not encrypt.

    The good news...the email did get to the intended recipient, and though it was impermissible disclosure given that it was sent in a manner not consistent with the organization's policy...the result of the breach risk assessment was no breach.

    Sometimes habit can catch us when we are not aware!​​​​​

    ------------------------------
    Frank Ruelas
    Compliance Professional
    Arizona
    ------------------------------