Reminder: The legacy One Portal is available until 9/23. Visit the new One Portal

Email Encryption Process

Overview

LLUMC has installed a gateway system that reviews the content and attachments of all outbound email (emails that are sent to recipients outside the LLUMC/LLU Outlook system).  This review is done to determine if protected or confidential information is in the email.  If such information is found, the email will automatically be encrypted before being sent to the recipient.  The gateway performs the encryption in such a way that no special client or encryption program is required for the recipient to view and respond to the email.

How the System is to be used

While this system will function as a failsafe to protect LLUMC from privacy and confidentiality violations via email, the intention is that staff understands when encryption is necessary and indicate that a specific message needs to be encrypted.  This is handled in two ways:

  • If the phrase [encrypt] is added to the start of the subject line, the message will be encrypted regardless of the actual content.
  • Staff that have a need to send protected and/or confidential information as part of their job function, need to be authorized by IS to do so.

Given this there are four types of emails that will be encrypted:

  1. Emails tagged with ‘[encrypt]’ sent by authorized users
  2. Emails tagged with ‘[encrypt]’ sent by unauthorized users
  3. Emails not tagged with ‘[encrypt]’ but flagged by rule to require encryption sent by authorized users.
  4. Emails not tagged with ‘[encrypt]’ but flagged by rule to require encryption sent by unauthorized users.

The Compliance department will be reviewing type 2 and 4 emails and interacting with the sender or department head to determine if there is a job function need and the sender should be authorized.  They will also be reviewing some of the type 3 emails with the sender to remind them of the desire to tag emails instead of relying on the rules.

How the Rules Process Works

As the email moves through the gateway device the content including attachments is evaluated based on a series of rules.  One example is a rule that checks for social security numbers.  If a sequence of 9 digits is found in the content of an email message and those 9 digits are a valid social security number the message is flagged and will be encrypted.  This rule is sophisticated enough that it can validate that the number falls into the ranges of actual SSNs in use.  Did you know there is a format to SSNs and not all 9 digits numbers are valid?

How is Encrypted Email Delivered?

When an email needs to be encrypted the process works as follows:

  • The original email content and attachments are encrypted by the gateway.
  • A new email is sent to the recipient providing a link to connect to the gateway to retrieve the original email securely.
  • The recipient connects to the gateway and logs in to view the original email.  Any attachments can be securely downloaded by the recipient.
  • The recipient can reply securely to the email on the gateway, but cannot forward the email.  Any reply is delivered directly to the regular inbox of the sender.

notification_important One Portal Maintenance
We’re cleaning up One Portal and removing outdated content to improve your experience. For more info or help, contact us.

We’re Stronger Together

We're building the future of clinical care and education to better serve our community.

Learn How