System Security Standard Find out the standard ways to secure a system at UW Medicine
New Data Stewardship Training Know your Role and Responsibilities for Confidential Information
How to Encrypt Computing Devices and Electronic Data How do I encrypt?
Information Security Policies Home of the Information Security Policies
Departmental Training Materials Training materials for use in departmental education
Self Service Vulnerability Assessement Find your Vulnerabilities
Frequently Asked Questions Find Security related answers
Glossary of Terms Information Security Term Definitions
Contact the Information Security Team We are here to Help
Secure Remote Access UW Medicine Networks Team
UW Office of the CISO UW Chief Information Security Officers Website
Email is used throughout UW Medicine to help communicate efficiently with internal and external workforce. ITS-Security manages and maintains an approved email domain list. If you are communicating with anyone that uses and email domain listed on the approved email list than you don't need to use any alternate forms of email encryption.
If you are going to send restricted or confidential information to someone that does not use an email domain listed on the approved email list than you need to follow the guidance on this page.
Federal regulations require UW Medicine to know where its restricted and confidential information is located and who accesses it. If restricted or confidential information is sent out in email without encrytpion enabled then anyone between point A (where the email originated) and point B (where the email was sent to) could possibly view the contents without UW Medicine consent or knowledge. This violates many federal regulations.
There are different ways to encrypt the information being sent in an email. You can setup your email client to send an encrypted email to a "trusted" individual or you can encrypt an attachment and put all the restricted or confidential information in the attachment.
If you want to simply encrypt the attachment, see our File Encryption Guidance.
These solutions take some technical knowledge and abilities to perform
These options should be used if the person you need to send confidential information does not work at one of the companies listed on the approved email domains page.
GPG is an open source replacement for OpenPGP, which was a self-managed encryption solution, now run by Symantec. GPG is is free. GPG allows end users to encrypt communications, manage their encryption keys, and decrypt using multiple public key directories. If this already sounds too complex then this isn't the solution for you. GPG is not easy to set up if you are not somewhat technical. It also requires administrator privileges on your computing device.
You can find out more about GPG here: Gnu Privacy Guard
The solutions below can be purchased through various resellers. Each can be configured to sufficiently protect your email.
Symantec is a well-respected information security vendor and has a email encryption solution available for purchase. You can find out more about this solution here: http://www.symantec.com/business/desktop-email
Zix Corp is a top vendor in email encryption. They have experience in the healthcare industry and have been implemented in a wide range of other healthcare entities. You can find more about their stand-alone desktop solution here: http://www.zixcorp.com/products/zixmail/
If you can't find guidance for the mobile device that you use and would like help securing it, please contact IT Services - Security at firstname.lastname@example.org