Reminder: Secure your emails with PHI
All emails containing sensitive information, including patient health information — or PHI — must be secured. Federal regulations and Michigan Medicine policy require this, but most importantly, our patients’ trust depends on protecting their sensitive information.
If an email containing PHI is sent between Michigan Medicine workforce members, it must be created within the Michigan Medicine Outlook Exchange email system (i.e., from a @med.umich.edu email address to another @med.umich.edu address). Email sent within the Michigan Medicine Outlook Exchange email system secures the internal emails, although the sender must still ensure that they are sending the minimum sensitive information necessary and that the recipient’s email address is accurate. Use only email addresses from the Global Address List within Outlook.
If email containing PHI is sent to an external email system, including to campus email addresses (@umich.edu), further actions are required by the sender to ensure the email is secured:
- Type “[SECURE]” in the subject line.
- DO NOT include sensitive information in the subject line, as the subject line is not secured.
This will encrypt the message and secure any attachments.
The recipient will receive an email with a “securedoc.html” attachment; the attachment will include instructions for the recipient to open and read the secured message. Here is what an external recipient will see when a message has been secured.
Learn more about outbound email encryption on HITS Outlook-Email page..