Home

Email Encryption

Introduction

State and federal regulations require that email containing Protected Health Information and Personal Information be encrypted when sent to addresses outside of Partners.  Beginning today, you have the ability to send secure, encrypted email messages using the Send Secure service. This will better protect information leaving our organization by email.
 
It is recommended that you review site privacy and security policies before using the Send Secure service.  These policies can be found at:  http://helpdeskselfservice.partners.org/sendsecure (must be on the Network to access) 

What do I need to do to send a secured message?
Senders need to type the words send secure in the subject line of the email message. The words can be placed anywhere in the subject line.  The phrase, send secure, identifies the message as secure and encrypts the contents.  When the recipient(s) opens the message, the sender will receive an automated read receipt.

Which email messages need to be encrypted? What information is confidential?
State and federal regulations require that email containing Protected Health Information and Personal Information be encrypted when sent outside the Partners firewall. Partners also encourages that users use the service when sending any other non-public information that would subject Partners, the data owner, or the data subjects, to harm if the data was lost, stolen, or accessed by unauthorized individuals. This includes intellectual property and employee information.

Do other alternatives exist at Partners HealthCare sites for sending secure messages?
Some sites use Patient Gateway for secure communications and, for these sites, this is the preferred means of communicating with patients. Email is discouraged for patient communication. In addition, there are secure communication channels in place between Atrius, Massachusetts Eye & Ear Infirmary and other sites.  In these instances, there is no need to do any additional encryption.  A full listing can be found on the project website listed above.

We have a department email server separate from the Partners Exchange platform, can we use the Send Secure service?
Yes, provided you have configured your email server to route all outbound email through the Partners email gateway. If you have questions or concerns about this issue, open a ticket with the Help Desk (phone numbers are below) and ask that it be placed in the Information Security queue.

If you have any questions, please feel free to contact your appropriate Help Desk:
BWH 617-732-5927,  DFCI 617-632-3399,  FALK 617-983-7454, MCL 781-416-8940,  MGH 617-726-5085,  NWH 617-243-6001,  NSMC 978-354-2014, PCHI 781-433-3757, PHC 617-726-0890,  PHS 617-726-5085, BWH-RICS 617-525-0848, SRH

Policies & Regulations

Definitions

 

FAQ's

What type of information must be sent securely?
What is Send Secure?
What is Partners Confidential Data?
What do I need to do to send a secured message?
What if I use the incorrect code to send my secure email?
What is the proper way to enter the secure email code?
Isn’t all my email secure?
What’s the difference between laptop encryption and email encryption?
If my laptop is encrypted, does that mean my email is automatically encrypted?
Are there other secure alternatives to send Protected Health Information?
What other entities have secure email with Partners HealthCare?
Should I continue to use Patient Gateway if my practice uses that application?
Are there other solutions for Provider to Provider communications?
Is Send Secure different from Secure File Transfer Service?
Are there step-by-step instructions available?
What must a recipient do to read a message?
How do senders get help with Send Secure?
My recipients are having trouble and need assistance. How should I direct them?

What type of information must be sent securely?
State and federal regulations require that emails containing protected health information and personal information be encrypted if they are sent outside our Partners firewall. It is strongly recommended that emails containing other Partners Confidential Data also be encrypted using Send Secure. Sending confidential information via email contains risks and should only be done when necessary and in accordance with policy and security requirements.

What is Send Secure?
Send Secure is an email service designed to protect Partners Confidential Data contained in messages sent from a Partners email address to a non-Partners email address. If you must use email to communicate Partners Confidential Data to a non-Partners address, you must send the message securely.

What is Partners Confidential Data?
Partners Confidential Data includes electronic protected health information (PHI), personal information, intellectual property, and employee information. Partners Confidential Data also includes any other non-public information that would subject Partners, the data owner, or the data subjects, to harm if the data was lost, stolen, or accessed by unauthorized individuals.

What do I need to do to send a secured message?
Senders need to type send secure in the subject line of the email message. The secure code can be placed anywhere in the subject line. The code identifies the message as secure and encrypts the contents. When the recipient(s) opens the message, the sender will receive an automated read receipt.

What if I use the incorrect code to send my secure email?
You will get an automated email receipt for all email messages sent with the correct secure email code; check your sent items folder to review the text of your original message to confirm that the code was typed properly as send secure. If you do not receive the automated read receipt, it means your email message was not sent securely or never opened by the recipient. Information Systems recommends that you resend the message with the exact code and retain the automated receipt for auditing purposes.

What is the proper way to enter the secure email code?
The secure email code is send secure. Ideally, this should be entered as two words in all lowercase with no bolding or quotations. However, the code is not case sensitive. If you type Send Secure, the email will be sent encrypted. Other scenarios are as follows:

  • Your message will be sent securely if the two words are combined (without a space).
  • Your message will be sent securely if there are multiple spaces between the two words.
  • Your message will be sent securely if there is other text before or after the secure email code.
  • Your message will NOT be sent securely if you put text in between the key words.
  • Your message will NOT be sent securely if either of the key words is combined with another word (e.g. Send Securemessage)

Isn’t all my email secure?
Your mail is secure in that it is private and password protected. However, it is not encrypted when you send it outside of the Partners network to a non-Partners email address. To encrypt the text of your message that contains Partners Confidential Data, please type send secure anywhere in the subject line of the message.

What’s the difference between laptop encryption and email encryption?
Laptop encryption encrypts data on the actual computer. It does not encrypt individual emails being sent outside the Partners network. Individual emails containing protected health information and personal information must be secured by including send secure anywhere in the subject line of the message.

If my laptop is encrypted, does that mean my email is automatically encrypted?
No. Individual emails must still be secured by including send secure in the subject line of the message.

Are there other secure alternatives to send Protected Health Information?
Yes. Some sites use Patient Gateway to electronically send Protect Health Information to patients. Each site may have other options available. Check with your Site Security Officer on alternate ways to send Protected Health Information. Send Secure is a good option for sites that are not using another means for conveying information securely.  Partners Research Computing offers a Secure File Transfer Service to exchange large files containing sensitive data with collaborators, both inside and outside of Partners HealthCare, via a web browser rather than ftp. The service is a secure, web-based, application with anti-virus detection built in. For more information on Secure File Transfer, please visit http://rc.partners.org/sFTP

What other entities have secure email with Partners HealthCare?
Some sites use Patient Gateway for secure communications. In addition, there are secure communication channels in place between Atrius, Massachusetts Eye & Ear Infirmary, and other entities. Open the Other Secure Sites tab at http://helpdeskselfservice.partners.org/sendsecure to see a full listing of secure channels. In these instances, there is no need to do any additional encryption. (must be on the Network to access)

Should I continue to use Patient Gateway if my practice uses that application?
Yes. Patient Gateway is the preferred method for providers to communicate electronically with patients and is fully compliant with state law. For information about Patient Gateway, please contact your Help Desk or your LMR Analyst.

Are there other solutions for Provider to Provider communications?
Clinical messaging can be an efficient alternative to email for provider to provider communications. ChartLinx is a system that allows clinical messages to be sent securely between providers using LMR and GE Centricity. Clinical messages generated in ChartLinx are transferred securely, and there is no need to do any additional encryption.

Is Send Secure different from Secure File Transfer Service?
Yes. Partners Research Computing offers a Secure File Transfer Service to exchange large files with collaborators, both inside and outside of Partners HealthCare, via a web browser rather than ftp. The service is a secure, web-based, application with anti-virus detection built in. For more information on Secure File Transfer, please visit http://rc.partners.org/sFTP

Are there step-by-step instructions available?
Yes. Detailed instructions for both senders and recipients are available at: http://helpdeskselfservice.partners.org/sendsecure. (must be on the Network to access) OR download   SENDERS     RECIPIENTS

What must the Recipient do to read the message?
When a recipient with a non-Partners email address opens the message, they will need to register and create a password in order to read the encrypted message. This is a one-time only registration process that takes a few minutes to complete. The registration process is similar to setting up an account with Amazon.com or a banking website.

How do senders get help with Send Secure?

My recipients are having trouble and need assistance. How should I direct them?

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

denotes Intranet links