UCSF Secure Email

UCSF Medical Center IT, OAAIS and the School of Medicine ISU have collaboratively developed a system to send secure email. The system is hosted by UCSF Medical Center IT.

The UCSF Secure Messenger system is designed to help faculty, students, and staff comply with the federal HIPAA regulations that went into effect April 21, 2005.

HIPAA regulations stipulate that electronic communications that contain Protected Health Information (PHI) must be transmitted in a manner that protects the confidentiality of patient information. When you send, receive, or store any electronic document that contains UCSF confidential or patient information, you are responsible for ensuring the information is processed securely. Using UCSF Secure Messenger, email customers from the Medical Center, the School of Medicine, and OAAIS' mail@UCSF systems are able to send and track secured outbound email messages.

How Secure Email Works

The UCSF Secure Email system works by placing your outbound email message on a secure web site called UCSF Secure Messenger. The recipient receives an email message from the Secure Messenger indicating that there is a secure email message waiting for them at the UCSF secure website, along with a web link to the UCSF secure web site. By accessing the web link, the recipient will be able to retrieve the message over a secure link.

How to Send a Secure Email

It is easy to use the UCSF Secure Messenger service to send secure email. Simply:

1. Begin the subject line with any one of the following key words including colon:
   • ePHI:
   • PHI:
   • Secure:
2. Continue typing your subject line.
3. Compose and send the email as you normally would.

   For example, to send secure email regarding a patient's appointment, the subject line could read:

   • ePHI: Regarding Your Appointment, or
   • PHI: Regarding Your Appointment, or
   • Secure: Regarding Your Appointment

Your message is securely stored in an encrypted or coded format until retrieved by your recipient.

Note: Trigger words are NOT case sensitive. Using a space after your trigger word in the subject line is optional. Do NOT include any confidential information in the subject line such as a patient's medical record number.

What to Expect as a Sender

You will receive an email notification confirming that your message has been sent securely. It will include the following details:

• Recipient Addressee(s);
• Subject line text excluding the trigger word;
• Attachments (if any);
• Sent date and time

Once your recipient has retrieved the email on UCSF Secure Messenger, you will receive an email notification indicating the time and date that the message was retrieved along with the details listed above.

You will also be able to track the activity of your secure message in an account that has been automatically created for you on UCSF Secure Messenger.

1. Follow the url contained in the notification by clicking on https://smmcb01.ucsfmedicalcenter.org/messenger
2. Sign in specifying your own email address and current Network (Active Directory) password;
3. Select ‘Sent Items’ under MESSAGES to review status of your sent mail

 

What to Expect as a Recipient

You will receive an email notification from UCSF Email Firewall Notifier (UCSF-Email-Notifier@ucsfmedicalcenter.org) confirming that your message has been sent securely. It will include the following details:

• Recipient(s) email addresses addressee(s);
• Subject line text excluding the trigger word;
• Attachments (if any); and
• Send date and time

You will also be able to track the activity of your secure message in an account that has been automatically created for you on UCSF Secure Messenger.

1. Follow the url contained in the notification by clicking on https://smmcb01.ucsfmedicalcenter.org/messenger.
2. Sign in specifying your own email address and current network (Active Directory) password.
3. Select 'Sent Items' under MESSAGES to review status of your sent mail.

What to Expect as a Recipient

You will receive a UCSF-branded email notifying you that a containing notification that a secure email message is waiting for you in the UCSF Secure Messenger portal. The notification will contain:

• The subject line without the trigger word
• A 'VIEW MESSAGE' link

By clicking on the 'VIEW MESSAGE' link, the recipient's internet browser will link her/him to the UCSF Secure Messenger website. Registration is required for new recipients and for accounts that have expired from inactivity. Registration setup includes:

• First name
• Last name
• New password
• New password re-entered
• Password hint phrase (to be used to retrieve forgotten passwords)

Users who have already completed the registration will be required only to enter their password when signing onto UCSF Secure Messenger. Your automatically created UCSF Secure Messenger account will remain active indefinitely.

Considerations for UCSF Exchange (Outlook) Customers (SOM, Campus and Medical Center)

• Messages sent between UCSF Exchange customers are not sent secured (encrypted).
• Messages sent to non-UCSF email servers are sent secured (encrypted).
• Recipient replies to a secured message sent from a UCSF Exchange account will bear received in the sender's Exchange email account. These replies will also be stored securely in the Secure Messenger account mailbox.
• Delivery and non-delivery status notifications will be sent to the original sender's UCSF Exchange account.

Considerations for UCSF non-Exchange Customers

• Messages sent between UCSF Exchange Customers are already secure and therefore are not processed by the UCSF Secure Messenger service.
• Recipients' replies to secure messages to a UCSF Exchange account are received decrypted in the sender's Outlook/Exchange mailbox. Replies also are stored securely in the sender's Secure Messenger account mailbox.
• Deliverable and undeliverable messages are received in the sender's Outlook/Exchange mailbox.
• UCSF Exchange customers can manage sent emails from their UCSF Secure Messenger mailbox.
• Email sent between non-Exchange email systems (i.e., Radiology user to Radiology user) will not be encrypted.
• Email sent from non-Exchange email systems to UCSF Exchange users' mail systems will not be sent encrypted.
• Email destined to all other email servers, including those that are UCSF servers (i.e., Clinical Labs and others) will be secured.
• Delivery, non-delivery, receipt messages may not be sent to the sender.

For Customer Support

Medical Center

Contact the IT Customer Support Center at itcustomersupport@ucsfmedctr.org or (415) 514-4100, option 1. Support is available 24 hours per day, 7 days per week, 365 days per year.

Participating Campus

OAAIS Customer Support is available at:

• Web: http://help.ucsf.edu
• Email: customersupport@ucsf.edu
• Phone: (415) 514-4100, option 2.

Customer Support is staffed Monday through Friday 7:00 a.m. until 6:00 p.m. (Except UC holidays).

Through online Customer Support at http://help.ucsf.edu you can:

• Create a new service request or submit a problem report
• View the status of your current or recently closed service request or problem report

School of Medicine ISU Customers who have questions about, or who are experiencing difficulty sending secure email via UCSF Secure Messenger, should contact Customer Support at (415) 502-1919. Support hours are Monday - Friday, 7 a.m. to 6 p.m.

Non-UCSF mail Recipients

The secure email notification non-UCSF email recipients receive directs the recipient to contact the UCSF email sender for assistance. Senders who receive help requests from their recipients should contact their appropriate UCSF support service.