Technically Speaking: Email Encryption

Cybersecurity threats are all around us in the 21st Century. As more and more of our medical, financial and personal lives are lived online, bad actors are flocking to the Internet to try to steal data and scam unwitting victims. Here at Children’s, we have taken countless steps to keep our users safe. Most of our security systems live and work beneath the surface and are invisible to end users, but some occasionally poke through and reveal their presence.

This happened about a week ago when a colleague sent an email containing a social security number to a family member. ProofPoint, our email security solution, immediately recognized that the email contained sensitive information and was bound for a non-Children’s account, so it encrypted the message, keeping the user’s information safe from prying eyes. ProofPoint will do the same thing if it detects protected health information (PHI). In either case, it will alert the sender of its actions.

Users can also choose to manually encrypt an email message by adding [Encrypt] to the subject line. Be sure to include the square brackets.

When you send an encrypted email, the recipient will receive an email with the message below:

Once they “Click here” in the body of the message, the system prompts them to create an account to login and view the encrypted message. After they read the message, you will receive a confirmation email to that effect.

Some of you may be thinking this is a violation of privacy. It isn’t. Children’s has a duty to ensure that sensitive data like PHI and financial information remains secure, and as a private entity, it can take whatever steps are necessary to provide that security. If we allow any leaks, we can be held accountable, and that’s not a legal position we want to find ourselves in. Besides, the encryption is automated, and the contents of messages aren’t being reviewed by any humans. If this were your personal email, that would be a different story.

If anyone has Hubbard IT issues, please reach out using the MyServiceCenter portal on your desktop. Thanks for all you do!

Stephen Dolter, M.D., CMIO

Leave a Reply

Your email address will not be published. Required fields are marked *