304.293.3631Option 1

Email Encryption for PHI and Other Protected Data

As you are aware, the Electronic Security Standards for the Health Insurance Portability and Accountability Act (HIPAA) became effective in 2005. This Federal Regulation raises the bar on protection of electronically-transmitted information. One requirement is that all emails containing PHI which are sent over the Internet must be encrypted. Please note email sent within our health care organization (West Virginia United Health System, West Virginia University Hospitals, University Health Associates, and West Virginia University Health Sciences Center) are routed internally and does not utilize the encryption system. Email containing PHI or other protected data being sent to locations outside our health care organization must be encrypted.

An email encryption system known as Secure Web Delivery is available to WVUH/UHA/HSC users to assure that PHI data or other protected data is transmitted securely over the Internet. To send an email through the Secure Web Delivery server, please insert "secure" (not case sensitive) in brackets in the subject field of an email in which you intend to be delivered securely. IE: [secure]. This action will alert the encryption system to send the email encrypted. The recipient will be notified to register on our secure web server to view the secure email. If the recipient does not login to check the message within 2 days, the recipient is sent another reminder message. After 5 days, the message is deleted and the sender is notified that the message was deleted without being read.

Transmission of PHI or other protected data over the Internet in any other fashion continues to be prohibited. You must use the procedure outlined above in every transmission of protected data. Transmission of PHI within our network (i.e. to other .hsc, .rcbhsc, .wvuh email addresses) remains protected, and is permitted so long as the recipient has a need to know.