Use of KUMC's secure email system is intended to address the need for communicating protected health information (PHI) in a safe and secure manner and in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). However, it can also be used to secure other sensitive information including, but not limited to, personal identity information (PII), financial or student information. You are required to use secure mail whenever you send a message that contains sensitive information such as PHI or PII to a recipient on the Internet. Check with your supervisor when in doubt.
NOTE: As of January 21, 2009, secure email is now available to all employees without pre-registration.
You must submit a request and be approved before access to the secure email system will be granted. To request access, please contact your authorized requestor:
University of Kansas Medical Center
staff who use the MessageProtect secure email system should consider sending a
notification email or letter (see sample) to potential recipients before sending them
their first secure email. This will alert them that you will be
using secure email to communicate with them and explain how they can
correspond with you in a secure manner. Please note that, if
you send the pre-notification message via email, you should send it as a
normal, non-secure email.
No special software or installation of software is required or needed. However, a button can be added to your GroupWise toolbar button which, when clicked, will automatically add the "[secure]" to the subject line for you. If you would like to have the secure email button added to your GroupWise Toolbar, please contact your organization's HelpDesk.
You make the decision about whether or not an email will be encrypted. The first step is to request and receive approval for use of the secure email system. Once you have been setup to use the secure email system, the email you send will only be encrypted if you follow these steps.
After you are setup to use the system, there are two ways to send a secure, encrypted email:
-OR-
button on the GroupWise toolbar.
Clicking this button will insert the "[secure]" into the email
subject line for you automatically. Contact your
organization's respective HelpDesk to get the "Send Securely" button
added to your GroupWise toolbar.** NOTE: The subject line of the email is not encrypted; therefore, you should not include sensitive information in subject line of the email.
Yes, recipients of your secure messages can reply securely. Their reply to your email will be automatically decrypted by KUMC's secure mail gateways and will appear in your GroupWise mailbox as a normal, readable email. The process is seamless and you will not be able to tell whether or not the message was encrypted.
No, third parties cannot initiate an encrypted communication using KUMC's secure email system. The first email must be sent by someone within the KUMC community and then the recipient can reply to that email in a secure, encrypted manner.
Recipients of a secure email from KUMC will receive a notice in their email inbox that they have received a secure message from you. The message will contain a link to a secure website where the message can be read. The first time the recipient receives a secure message, they will be asked to create a passphrase that will be used to access the website and view or reply to their secure messages. After logging in with their self-assigned passphrase, the recipient can then view the email and use the "Reply" button to reply to the message. Messages will be stored on the secure website for 30 days.
For additional information on how recipients receive secure email messages, refer to the "What to Expect as a Recipient" section.
Secure messages will be available for viewing for 30 days after they are sent. After that time, they are automatically deleted from the system.
Yes, you can send secure messages using the GroupWise remote access page located at http://webmail.kumc.edu. This website provides most of the functionality of regular e-mail on campus. Again, an email will not be encrypted unless you place "[secure]" at the beginning of the subject line. Please note that the GroupWise toolbar button will not be available on the GroupWise remote access page.
The subject of the email is not encrypted; therefore, you should not include sensitive information in the subject line.
Yes, attachments up to 4 megabytes may be included and are encrypted.
We encourage you to familiarize yourself with the system by sending secure messages to your home e-mail address or business associates that you would like to communicate with securely. It will be very easy to tell if the message was encrypted because recipients will have to register their email address and use a password to access the message.
Email sent within the KUMC GroupWise system is secure and it is permissible to include protected health information (PHI) in e-mail from one KUMC email address to another KUMC email address. Therefore, email sent with "[secure]" in the subject line to someone with an "@kumc.edu" or "@mac.md" address will not be encrypted and will be just like any other email. Only email sent to a recipient on the Internet will be encrypted.
At this time, use of the secure email system is limited to those individuals with a need to exchange protected health information (PHI), personal identity information (such as social security numbers, names, addresses, etc.) or other sensitive financial, legal or research information with others over the Internet. The secure email system should not be used for personal business.
Staff with questions about secure email that are not covered by this FAQ, should contact their organization's respective HelpDesk for additional assistance.
©
The University of Kansas Medical Center