Background

The UCSF Medical Center, OAAIS, and the School of Medicine have collaboratively developed a system to send secure email. The system is hosted by UCSF Medical Center IT.

The UCSF Secure Messenger system is designed to help faculty, students and staff comply with federal HIPAA Security regulations that went into effect April 21, 2005.

HIPAA regulations stipulate that electronic communications which contain Protected Health Information (PHI) must be transmitted in a manner that protects the confidentiality of patient information. When you send, receive, or store any electronic document that contains confidential or patient health information, you are responsible for ensuring the information is processed securely.

Using the UCSF Secure Messenger system, email users from the Department of Medicine, Medical Center, and other mail@UCSF systems may send and track secured outbound emails.

How Secure Email Works

The UCSF Secure Email system transmits your outbound email message to the UCSF Secure Messenger website. When you send a secure email, Secure Messenger sends an email notification informing your recipient that there is a secure email message for her at the UCSF Secure Messenger website. The notification includes an embedded link to the UCSF Secure Messenger site.

The recipient retrieves your message from the Secure Messenger website via a secure link.

To Send a Secure Email

It is easy to use the UCSF Secure Messenger service to send secure email. Simply:

1. Type "ePHI: ", "PHI: " or "Secure: " at the beginning of your email Subject line. Be sure to include the colon after the trigger word.
2. Continue typing your Subject line
3. Compose and send the email as you normally do

For example, to send secure email regarding a patient's appointment, the Subject line could read:

• ePHI: Regarding your appointment, or
• PHI: Regarding Your Appointment, or
• Secure: Regarding Your Appointment

Your message is securely stored in an encrypted or coded format until retrieved by your recipient.

What to Expect as a Sender

After sending your secure email, UCSF Secure Messenger sends you an email notification confirming it has sent your email as a secure message. The notification contains the following details:

• Recipient Addressee(s)
• Subject line text without the keyword trigger word (ePHI, PHI or Secure)
• Attachments (if any)
• Date and time sent

When your recipient retrieves your email from the UCSF Secure Messenger website, Secure Messenger sends you another email notification documenting the date and time your recipient retrieved the message. This second notification also includes recipient address(es), subject, attachment(s), and date and time sent.

Department of Medicine, Medical Center, and other mail@UCSF customers may track their secure message via account that have been created for them on the UCSF Secure Messenger system.

To access your UCSF Secure Messenger account:

• Click on the URL contained in the notification: https://smmcb01.ucsfmedicalcenter.org/messenger
• Log in with your email address and email password
• Select "Sent Items" under the MESSAGES to review status of your sent mail

What to Expect as a Recipient

When you send a secure email via UCSF Secure Messenger, your recipient receives a plain text, UCSF-branded email containing notification that a secure message has been sent from you. The notification contains:

• Your subject line without the trigger keyword (ePHI, PHI, Secure)
• A "VIEW MESSAGE" link

Your recipient retrieves your email by clicking on VIEW MESSAGE to link to the UCSF Secure Messenger website and logs on to the site.

The first time each recipient receives a secure message from you, she is required to register by providing the following:

• Recipient's First Name
• Recipient's Last name
• Password
• Password re-entered
• Password hint phrase (to be used if registrant forgets her password)

Users who have already completed the registration will be required only to enter their password when signing onto UCSF Secure Messenger.

mail@UCSF Customer Considerations

Messages sent between Department of Medicine and other mail@UCSF users are already secure and therefore are not processed by the UCSF Secure Messenger service.

Recipients' replies to secure messages to a mail@UCSF account are received decrypted in the sender's mailbox. Replies also are stored securely in the sender's Secure Messenger account mailbox.

Delivery and non-Delivery messages are received in the sender's mailbox.

Department of Medicine users can manage sent emails from their UCSF Secure Messenger mailbox.

Customer Support

Department of Medicine users who have questions about, or who are experiencing difficulty sending, secure email via UCSF Secure Messenger should contact the DOM Helpdesk at 415-476-6827, or email helpdesk.ucsf.edu.

The secure email notification non-UCSF users receive directs them to contact the UCSF email sender for assistance.

Department of Medicine users who receive help requests from their recipients should contact the DOM Helpdesk.

Pre-Notification Sample Letter

Users who plan to use UCSF Secure Messenger may wish to send a pre-notification letter (See sample) to potential recipients first. Be sure to send this WITHOUT a UCSF Secure Email trigger.

Note that the sample letter contains a link to a survey questionnaire about the secure email service. Please encourage your recipients to participate in the survey so that we may improve the system.