What is Secure Messaging?

How is PHI identified?

What if PHI is in the Subject Line?

Why are we implementing Secure Messaging?

Sending a Secure Message.

What if the recipient does not retrieve the message?

What is Secure Messaging?

Secure Messaging is the automatic process of:
  • Identifying outbound email that contain Protected Health Information (PHI)
  • Encrypting the email messages that have been identified as containing PHI
  • Sending Encrypted email messages to SBHCS Secure website, a staging server
  • Sending a clear text email message, with the link to the SBCHS Secure website, to the intended recipient of the encrypted email containing PHI

How is PHI identified?

The content of all outbound messages are scanned and compared against 2 Lexicons (AKA: dictionaries). Identifier Lexicon that has a criteria of identifier information
Example: Social Security number
HIPAA Lexicon that contains HIPAA terminology
Example: a health condition/disease

The content of the email message must meet a criteria defined in both Lexicons for encryption to occur.
Example 1: Message will be encrypted if message or attachments contain a social security number & a name of a disease.
Example 2: Message will not be encrypted if message or attachments only include a social security number.
Example 3: Message will not be encrypted if message or attachments only include a name of a disease.


What if PHI is in the Subject Line?

It is not technically possible to encrypt a subject line of an email therefore any email messages that contain PHI in the subject line will be rejected and returned to the sender.

Error Message you will receive: (PHI is highlighted)


What do you do if this happens?
  • Review the subject line
  • Make necessary corrections
  • Resend email

Why are we implementing Secure Messaging?

With the adoption of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), it is required that all communications containing Protected Health Information (PHI) be secured. To help implement this important and practical security measure, we are using Secure messaging services to protect our email and ensure all PHI remains confidential.


Sending a Secure Message.

There is no end user interaction, this process is completely automated. Refer to "what is Secure Messaging?" above to see steps.

If you want to initiate encryption, regardless of content, you can use the SBHCS keyword in the subject line of your email, and it will be automatically encrypted. SBHCS Keyword: encrypt


What if the recipient does not retrieve the message?

If the recipient does not retrieve the message within 2 weeks you will receive the following notice & the original message will be deleted from the secure website.