Information Security Program
Home >> Guidance >> Technical >> Encryption >> Email Encryption

System Security Standard  Find out the standard ways to secure at system at UW Medicine

New Data Stewardship Training  Know your Role and Responsibilities for Confidential Information

How to Encrypt Computing Devices and Electronic Data  How do I encrypt?

Information Security Policies  Home of the Information Security Policies

Departmental Training Materials  Training materials for use in departmental education

Self Service Vulnerability Assessement  Find your Vulnerabilities

Frequently Asked Questions  Find Security related answers

Glossary of Terms  Information Security Term Definitions

Contact the Information Security Team  We are here to Help

Secure Remote Access  UW Medicine Networks Team

UW Office of the CISO  UW Chief Information Security Officers Website

Email Encryption

Email is used throughout UW Medicine to help communicate efficiently with internal and external workforce. ITS-Security manages and maintains an approved email domain list. If you are communicating with anyone that uses and email domain listed on the approved email list than you don't need to use any alternate forms of email encryption.

If you are going to send restricted or confidential information to someone that does not use an email domain listed on the approved email list than you need to follow the guidance on this page.

Why can't I send it to them without encryption?

Federal regulations require UW Medicine to know where its restricted and confidential information is located and who accesses it. If restricted or confidential information is sent out in email without encrytpion enabled then anyone between point A (where the email originated) and point B (where the email was sent to) could possibly view the contents without UW Medicine consent or knowledge. This violates many federal regulations.

How do I encrypt email messages?

There are different ways to encrypt the information being sent in an email. You can setup your email client to send an encrypted email to a "trusted" individual or you can encrypt an attachment and put all the restricted or confidential information in the attachment.

If you want to simply encrypt the attachment, see our File Encryption Guidance.

Email Encryption Methods

These solutions take some technical knowledge and abilities to perform

These options should be used if the person you need to send confidential information does not work at one of the companies listed on the approved email domains page.

Free (Open Source) Solution

GPG - GnuPrivacyGuard

GPG is an open source replacement for OpenPGP, which was a self-managed encryption solution, now run by Symantec. GPG is is free. GPG allows end users to encrypt communications, manage their encryption keys, and decrypt using multiple public key directories. If this already sounds too complex then this isn't the solution for you. GPG is not easy to set up if you are not somewhat technical. It also requires administrator privileges on your computing device.

You can find out more about GPG here: Gnu Privacy Guard

Paid Solutions

The solutions below can be purchased through various resellers. Each can be configured to sufficiently protect your email.

Symantec - PGP Desktop Email

Symantec is a well-respected information security vendor and has a email encryption solution available for purchase. You can find out more about this solution here: http://www.symantec.com/business/desktop-email

ZixMail

Zix Corp is a top vendor in email encryption. They have experience in the healthcare industry and have been implemented in a wide range of other healthcare entities. You can find more about their stand-alone desktop solution here: http://www.zixcorp.com/products/zixmail/

Mobile Device Support

If you can't find guidance for the mobile device that you use and would like help securing it, please contact IT Services - Security at mcsos@uw.edu