Skip to main content

Sending Secure Encrypted Email

In this article [jump to a section]:

What is Encrypted Email?
Simple Email Encryption
Information Rights Management
S/MIME

 

What is Encrypted Email?


Encrypted email is scrambled in a way that makes sure only the intended recipient can open and read it.  Although email is already securely transmitted from one server to another, this extra layer of protection is crucial when we are dealing with PHI and other sensitive information.

The SOM policy for the Acceptable use of Email and Confidential Data states email containing confidential information such as PHI, PII, or client credit card information must be encrypted when sent to an external recipient.  An external recipient is any recipient who does not have an email address of any variation (e.g. @som) ending in umaryland.edu or umm.edu.  

[back to top]

Simple Email Encryption


The simplest way to send an encrypted email off-campus is to begin the email's subject with [secure].  Make sure the subject begins with [secure], and make sure there is a space between it and the rest of your subject.

Your recipient will receive an email that looks like this:

Clicking Read the message opens the following in a web browser, which prompts the user to either log in with a Microsoft account, a Google account, or request a one-time passcode.  The passcode will be sent to the same email address as the encrypted email was sent to, ensuring that it is the original recipient who is trying to access it.  In this below example, the Google account option is presented because this was sent to a Gmail account.

 

Need Help? redirects to this Microsoft article.  Please note that the [secure] tag only works when sending to an external recipient.  If you send a test encrypted email to yourself or to a SOM coworker, it will have no effect.

[back to top]

Information Rights Management


Information Rights Management is another encryption method which gives you a few more options.

When drafting an email, click Options > Encrypt > your name > Encrypt Only.

The recipient will receive the message the same as if you were sending it with a [secure] subject in the first example, needing to authenticate with a Microsoft account, Google account or a one-time passcode.

This will encrypt a message even if it is sent to another SOM mailbox.  The encryption will follow the email, so if it is replied to or forwarded, it will remain encrypted.  If it is sent to an external mailbox, it will still be encrypted and will require the recipient to login or use a passcode.  The email also can't be saved, and text can't be copy/pasted from it.

If you wish to prevent the email from being forwarded at all, you would choose Options > Encrypt > your name > Do Not Forward.  In addition to the protections listed above, the email cannot be forwarded.  

University of Maryland School of Medicine - Confidential will not allow anyone without a SOM account to read the message, regardless of where it is forwarded.  University of Maryland School of Medicine - Confidential View Only does the same but also prevents the email from being forwarded, saved or copy/pasted.

[back to top]

S/MIME


S/MIME is an older way of encrypting emails. It requires a certificate to be installed in Outlook, and in some cases, a browser plug-in to be installed. The S/MIME encryption option should not appear in Outlook unless you've changed the Trust Center settings. However, it is present in Outlook is a web browser:

Instead, please use this method to encrypt emails in Outlook in a web browser.

[back to top]