Sending Secure E-Mail at MedStar
It is important that all associates understand when it is necessary to encrypt the data we use in our daily work activities. Generally, as long as it is for a permitted business purpose, e-mails containing patient (or research subject) information do not need to be encrypted when sent to another MedStar Health employee at an email address within the MedStar Health email system.
However, when sending ePHI or information identifying a research subject outside of MedStar’s network for approved business purposes, we are required to protect the information and encryption is one of the best ways to secure that information. Implementing safeguards, such as encryption, for our ePHI can make a big difference between a non-reportable incident and a breach that would require reporting to the Department of Health and Human Services and/or the State of Maryland or the District of Columbia.
Whenever possible, it is always best to avoid transmitting ePHI and other sensitive information outside MedStar Health’s network. When necessary, only transmit the “minimum necessary” information for the permitted purpose.
MedStar Health maintains a secure email portal that can be used to send external email securely. Do you know how to send an email securely? Access the instructions on StarPort.