The University of Kansas Medical Center (KUMC) has implemented secure messaging to protect the privacy and confidentiality of sensitive information including protected health or personal identity information that is contained in email messages and attachments sent over the Internet.

Why are we implementing secure email?

Regular email sent over the Internet is easily intercepted or read by other individuals. Secure email is intended to address the need for communicating protected health information (PHI) in a safe and secure manner and in compliance with the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA's Security regulations, which went into effect in 2005, stipulate that electronic communications containing PHI must be transmitted in a manner that protects the confidentiality of patient information. The KUMC secure email system meets these requirements by using encryption to protect email from being intercepted or read as it is transmitted across the Internet.

What should I do if I receive a secure email from the University of Kansas Medical Center (KUMC)?

When someone at KUMC sends you an encrypted email, you will receive an email indicating that you have received a secure email and inviting you to create a profile that will allow you to view and reply to the email. An example of the email is provided below:

You must complete the one-time profile creation process before you can view the secure email from KUMC.  To complete the registration process, follow these steps:

1. Click on the web link provided at the bottom of the notification email.
2. The Profile Creation website for the KUMC secure email system will be displayed as shown below.
   
   
   
   
   
3. Follow the instructions on the Profile Creation page to setup your secret passphrase. This is the passphrase (e.g., password) that you will use each time you retrieve a secure email from the University of Kansas Medical Center. For help with creating a secure passphrase, click here.
4. Click on the "Send Registration" button when you are finished to complete the one-time registration process. The following acceptance page will be displayed, indicating that your passphrase and hint have been created. You are now registered and ready to retrieve your secure email messages.
   
   
   
   
   
5. Return to your email mailbox. Within minutes, you will receive the following email from the MessageProtect system indicating that your passphrase and hint have been accepted.
   
   
   
   
   
6. In addition, you will also receive a second email with details about the secure email messages that have been sent to you. This email will provide the email address of the person who sent you the email, the subject of the email, and a web link where you can view and reply to the email. If you have received more than one secure email, each email will have a separate web link.
   
   
   
   
   
7. Click on the web link and, when prompted, enter the passphrase that you created during the profile creation process. An example of the web link for retrieving a secure email message is provided below.
   
   
   
   
   
8. Enter your passphrase to retrieve the secure email that has been sent to you.

What should I use as my passphrase?

Only you should know what you select as your passphrase. There are no restrictions on the length or content of a passphrase, but we encourage you to follow these best practices for creating a strong passphrase:

• Use a combination of upper and lower case letters, numbers, and at least one special character ($.#@!% ^* )
• Pick long passwords, at least 8 characters in length
• Use two numbers or symbols in the first eight characters
• Don't use a common dictionary word, a name, a string of numbers, or your login ID
• Use a different password from all your other passwords
• Protect your password from misuse - do not to let anyone else know or use your password and, if you must write it down, keep it somewhere private such as in locked drawer
• If you suspect that someone else may know your current password, change your password immediately
• Change your password periodically, even if it hasn't been compromised
• Don't type your password while anyone is watching

One of the easiest ways to create a passphrase is to use the words from a book that you like, words from a song that you always remember with ease, or a statement that some powerful figure made that you will NEVER forget. The key to a successful password is to create a phrase that is easy for you to remember, but no one else will ever think about attributing it to you.

Example passphrases:  (do NOT use these as your own passphrase)

pass phrase: My Brother's Birthday Is april(4) Twenty Second Nineteen Sixty three(3)
password : mbbi4t$ns6

pass phrase: "Four score and seven years ago our fathers brought…"
password : 4scanse... (arrived at by choosing the 1st 2 letters from each word until a total of eight characters resulted).

pass phrase: "It was a dark and stormy night...".
password : iWadasn...

What if I forget my passphrase?

You may change your passphrase by clicking on one of the web links to access a secure email message and then select the link provided at the bottom of the "You Have Secure Mail" screen. A new screen will display your existing clue, and allow you to change either your clue, your passphrase or both.   If you make changes, you will receive an email stating that your passphrase or clue has been changed.

Please note that the new passphrase will allow you to view only those secure messages received after you changed the passphrase. If you have forgotten your passphrase and need to view previous messages, you will need to contact the sender and have them send the message to you again. For your protection, we are not able to retrieve your previous or current passphrases.

Can I change my passphrase?

Yes. Click on the link provided at the bottom of the "You have Secure Mail" page and follow the instructions on changing your passphrase. Please note that the new passphrase will allow you to view only those secure messages received after you changed the passphrase. If you have forgotten your passphrase and need to view previous messages, you will need to contact the sender and have them send the message to you again. For your protection, we are not able to retrieve your previous or current passphrases.

How do I register to receive secure email from KUMC?

The secure email system at KUMC is a closed system, which means that you must be invited to register as a recipient by a member of the KUMC community. Once a KUMC staff member sends you a secure email, you will receive a notification email with instructions on how to create your profile. If you are a patient at KUMC, talk with your physician about communicating with them via secure email.

How can I send secure information to someone at KUMC?

You can send secure information to someone at KUMC by replying to one of the messages they have sent to you. Open the message from the Received Items list and click on the “Reply” button. You will get a New Message form with the person’s e-mail address and the subject already filled in. You can then substitute your message in the message area and attach one or more attachments.  Attachments are limited to a total size of 4 megabytes.

When you have finished composing your message press the “Send" button at the bottom of the form. Your reply message will be forwarded securely through the MessageProtect system.

Can I change the subject line of the email when I reply?

No, you cannot change the subject line of the reply email.

Can I change the recipient or add a recipient to the email when I reply?

No, you cannot change the recipients of the email.

How long will messages remain on the system for me to access?

Messages remain in the Secure Message System for 30 days. If you need to access the message after it has been removed, contact the sender to have the message sent to you again.

Can I print a copy of the secure email that I have received?

While there is no printing functionality built into the secure email system, there are other ways of printing the contents of the email. The easiest is to use the print functionality built into your Internet browser. For example, click "File" and then "Print" within Internet Explorer to print your message and/or attachments.

Should I retain the original e-mail notifications?

To access the secure message at a later time (within 30 days), you will need to save the notification e-mail in your normal e-mail account. From there, you can click the web link to access the secure email message. Please note that each secure message is protected with the passphrase you were using when you received it. If you change your passphrase during the 30 days and attempt to access a previous secure message, you will need to enter your previous passphrase in order to view the message.

Who should I contact if I need assistance with KUMC secure email?

If you require assistance with registering your profile or viewing and replying to a secure email that you have received from KUMC, contact Customer Support at 913-588-7995 or email customersupport@kumc.edu. Support hours are Monday – Friday, 7 a.m. to 9 p.m.