If you are within a division or department of the University that has HIPAA regulatory responsibilities your outgoing email (email messages you send off to non @creighton.edu addresses) is being scanned for HIPAA content.
If the system detects what it believes to be HIPAA content the message will be encrypted and sent to the recipient and you will receive an email from Service Desk with a subject of “Secure Message Sent:” informing you that a recent email (it will list the subject line of the specific email) was encrypted because it contained HIPAA data.
If the sent email did not contain HIPAA data and the secure mail system incorrectly identified the data as such, you have a couple options:
- You can do nothing, the email was sent to the recipient and they will be able to read the entire message after decrypting the message using the instructions in the email.
- Or you can resend the message with plaintext as the first word of the Subject Line. This word in the subject line will force the secure email program to deliver the message without encryption regardless of the contents of the message.
All of this is the same as has been in place at Creighton for many years there has been no change to the way outbound email is inspected and encrypted, however, the rule set that determines HIPAA content has changed so the new system may be better at detecting HIPAA content. If there is a problem please contact the Service Desk at 402-280-1111.
If you want to ensure an email is encrypted regardless of the content you can add #secure as the first word of the Subject Line and the system will automatically encrypt the message regardless of the contents of the email.
Receiving an Encrypted Message
When you receive an encrypted email message the body of the email will look like the following:
Download the attachment or select the Click here link. If you already have a Secure Email account, you will be directed to the login screen.
If this is the first time you are receiving a secure message, you will be prompted to register with Proofpoint Encryption. Fill in the fields, select your security question and answer, and then click Continue. The format of the password will be a minimum of 8 characters, a maximum of 32 characters, Require Numbers [0-9], and require combination of upper and lower case letters in the password.
Once you have registered, you will be taken to the secure message. The Reply and Reply All options are available; you cannot forward a secure message.
Note: If you are replying to a secure message with information that should also be encrypted, you must reply within the Secure Email portal. Replying to the original message in your own email client will NOT encrypt your response.
Reading and Replying to a Secure Message
The Reply and Reply All options are available; you cannot forward a secure message.
If you click Reply you cannot add more recipients to the message.
If you click Reply All, a secure message will be sent to all the addresses contained in the original message, but you cannot add additional email addresses.
Click Logout when you are done.
Resetting Your Password
Your password will expire every 90 days. If your password is about to expire, you will see the message Your password will expire in n days displayed in a secure message.
Select the link next to the expiration message to reset your password. If your password expires before you have a chance to reset it, you will be prompted to reset it the next time you read a secure message.
If you forget your password you can click the Forgot password to reset it. You will then be asked your security question.