To encrypt your email message, simply add one of the following tags to the subject line of your email:

(phi) (PHI) [phi] [PHI] {phi} {PHI} (encrypt) (ENCRYPT) [encrypt] [ENCRYPT] {encrypt} {ENCRYPT}

Example:

In order for email encryption to work, you must use one of the tags in the exact format listed above. Incorrect formatting may prevent sensors from recognizing your tags and can result in email going out unsecured.

Common Issues

We sometimes get feedback from physicians attempting to send patient data to another hospital. Even though the outside hospital is authorized to have our patient data, the email still needs to be transmitted to them via a secure method to prevent the message from being intercepted and read by a malicious party. Use a proper encryption tag in the subject line to send messages securely.

Many employees need to send statistical reports to outside vendors, and this usually involves grabbing spreadsheets of patient data to create charts and graphs for a PowerPoint. However, even though only the chart appears in the PowerPoint, the data is also embedded and can be opened and read by anyone receiving or intercepting the email.

Graphs and charts should be pasted as pictures into documents or Powerpoint presentations to avoid including sensitive data. Saving the document as an Adobe PDF file will also prevent background data from being accessible.
To properly attach a graph/chart from Excel to a document prior to emailing, you must:

  1. Select the item to be copied
  2. Right click on the item and select Copy
  3. In the new document, click on Home and select the Paste Special option
  4. Select Picture and click OK.

We have a very good encryption system at KP, so please use it for your personal information. Often employees will send their own data to their spouses or accountants. As a health care provider, there are lots of malicious parties interested in our outgoing email. There is a high probability that unencrypted outgoing mail will be intercepted. For your own protection, please use a proper encryption tag in the subject line to encrypt your own data before transmitting.

Often, we see PHI exposed when a KP employee receives an email with patient data and replies with a follow-up question or acknowledgment. The default setting for email replies is to include the original message body. You should either delete the PHI from your reply email, or add a proper encryption tag, (PHI), to the subject line before sending the reply.

It is important to not put patient data in the subject line, example Subject: John Doe, MRN 123456 (PHI). Though the encryption tag will encrypt the message body and attachments it will not encrypt the subject line. The subject line is always sent in clear text because it is a necessary piece for mail delivery.