Network & Security

Secure Email

If you are within a division or department of the University that has HIPAA regulatory responsibilities your outgoing email (email messages you send off to non @creighton.edu addresses) is being scanned for HIPAA content.

If the system detects what it believes to be HIPAA content the message will be encrypted and sent to the recipient and you will receive an email from Service Desk with a subject of “Secure Message Sent:” informing you that a recent email (it will list the subject line of the specific email) was encrypted because it contained HIPAA data.

If the sent email did not contain HIPAA data and the secure mail system incorrectly identified the data as such, you have a couple options:

  1. You can do nothing, the email was sent to the recipient and they will be able to read the entire message after decrypting the message using the instructions in the email.
  2. Or you can resend the message with plaintext as the first word of the Subject Line.  This word in the subject line will force the secure email program to deliver the message without encryption regardless of the contents of the message.

All of this is the same as has been in place at Creighton for many years there has been no change to the way outbound email is inspected and encrypted, however, the rule set that determines HIPAA content has changed so the new system may be better at detecting HIPAA content.  If there is a problem please contact the Service Desk at 402-280-1111.