• Report an Incident
• Incident Information
• Self Service Security
• Services and Products
• Best Practices
• Policies, Guidelines and Procedures
• Security Awareness, Training and Education (SATE)
• Vulnerability Information
• About EIS
• What's New

---

Secure Email Overview

Introduction

UCSF Medical Center IT, OAAIS and the School of Medicine ISU have collaboratively developed a system to send secure email. The system is hosted by UCSF Medical Center IT.

The UCSF Secure Messenger system is designed to help faculty, students, and staff comply with the federal HIPAA  regulations that went into effect April 21, 2005.

HIPAA regulations stipulate that electronic communications that contain Protected Health Information (PHI) must be transmitted in a manner that protects the confidentiality of patient information. When you send, receive, or store any electronic document that contains UCSF confidential or patient information, you are responsible for ensuring the information is processed securely.

Using UCSF Secure Messenger, email customers from the Medical Center, the School of Medicine, and OAAIS' mail@UCSF systems are able to send and track secured outbound email messages.

A. How Secure Email Works

The UCSF secure email system transmits your outbound email message to the UCSF Secure Messenger website. When you send a secure email, Secure Messenger sends an email notification informing your recipient there is a secure email message at the UCSF Secure Messenger website. The notification includes an imbedded link to the UCSF Secure Messenger site.

The recipient retrieves your message from the Secure Messenger website via a secure link.

B. To Send a Secure Email

           It is easy to use the UCSF Secure Messenger service to send secure email. Simply:

• Enter "ePHI: ", "PHI: " or "Secure: " at the beginning of the Subject field
• Continue typing your Subject line
• Compose and send the email as you normally would

For example, to send secure email regarding a patient’s appointment, the Subject line could read:

• ePHI: Regarding Your Appointment, or
• PHI: Regarding Your Appointment, or
• Secure: Regarding Your Appointment

Your message is securely stored in an encrypted or coded format until retrieved by your recipient.

C. What to Expect as a Sender

After sending your secure email, UCSF Secure Messenger sends you an email notification confirming it has sent your email as a secure message. The notification contains the following details:

• Recipient Addressee(s)
• Subject line text without the keyword trigger word
  (ePHI, PHI, or Secure)
• Attachments (if any)
• Date and time sent

When your recipient retrieves your email from the UCSF Secure Messenger website, Secure Messenger sends you another email notification documenting the date and time your recipient retrieved the message. This second notification also includes recipient address(es), subject, attachment(s), and date and time sent.

Medical Center, School of Medicine, and OAAIS customers may track their secure messages via an account that has been created for them on UCSF Secure Messenger.

To access your UCSF Secure Messenger account:

• Click on the URL contained in the notification:
  https://smmcb01.ucsfmedicalcenter.org/messenger
• Log in with your Outlook email address and Windows Active Directory password
• Select ‘Sent Items’ under MESSAGES to review status of your sent mail

D. What to Expect as a Recipient

When you send a secure email via UCSF Secure Messenger, your recipient receives a plain text, UCSF-branded email containing notification that a secure message has been sent from you. The notification contains:

• Your subject line without the trigger keyword
  (ePHI, PHI, Secure)
• A ‘VIEW MESSAGE’ link

Your recipient retrieves your email by clicking on VIEW MESSAGE to link to the UCSF Secure Messenger website and logs on to the site.

The first time each recipient receives a secure message from you, the recipient is required to register by providing the following:

• Recipient’s first name
• Recipient’s last name
• Password
• Password re-entered
• Password hint phrase (to be used if registrant forgets password)

Users who have already completed the registration will be required only to enter their password when signing onto UCSF Secure Messenger.

E. School of Medicine, OAAIS, and Medical Center Customer Considerations

Messages sent between UCSF Exchange Customers are already secure and therefore are not processed by the UCSF Secure Messenger service.

Recipients’ replies to secure messages to a UCSF Exchange account are received decrypted in the sender’s Outlook/Exchange mailbox. Replies also are stored securely in the sender’s Secure Messenger account mailbox.

Deliverable and undeliverable messages are received in the sender’s Outlook/Exchange mailbox.

UCSF Exchange customers can manage sent emails from their UCSF Secure Messenger mailbox.

F. Customer Support

Contact OAAIS Customer Support

OAAIS Customer Support is available at:

• Web: http://help.ucsf.edu
• Email: customersupport@ucsf.edu
• Phone: (415) 514-4100, option 2.

Customer Support is staffed Monday through Friday 7:00 a.m. until 6:00 p.m.
(Except UC Holidays).

Through Online Customer Support at http://help.ucsf.edu you can:

• Create a new service request or submit a problem report
• View the status of your current or recently closed service request or problem report
• Search our Solutions Database for answers to common questions or solutions to commonly-reported problems

G.  Pre-Notification Sample Letter

UCSF faculty, students, and staff who plan to use UCSF Secure Messenger may wish to send a pre-notification letter (see sample) to potential recipients first. Be sure to send this without a UCSF Secure Email trigger.

Please tell us what you think of our new website