When to Use Secure Encryption to Send an Email

On several occasions, we have been asked if it’s safe to send personally identifiable information (PHI) or sensitive data via regular email to other internal users of a network. In other words, if you are sending PHI or sensitive information to a co-worker, is it OK to just send it in a regular email?

Answer: No. Never.

The reason is that email providers, such as Intermedia and O365, are outside of your network. When you send someone an email (even if it’s someone within your company), that email travels from you to the email provider and then on to the intended recipient of the email. Hackers can intercept unencrypted emails at any point along that path. That’s why it’s critical to only send PHI, confidential information or sensitive financial reports and data, etc., using email encryption.

How to Tell What Information Should be Sent Securely

Not everything needs to be sent via encrypted email. Think about how sensitive a message is and whether it needs to be protected against prying eyes or inadvertent forwards. Ask yourself the following questions:

  • Does the email contain something of value – a password, a bank account number, sensitive company information, including confidential items such as client names, work products, etc?
  • Are you communicating something sensitive or business confidential?
  • Is this message sensitive enough to add an expiration date?
  • Would you ever want to take back the email?
  • Are you discussing something that is potentially embarrassing to you or others?
  • Does the email relate to a situation that is rapidly changing or evolving?

If the answer is yes to any of these questions, you will want to use encryption.

Guidelines to Follow When Sending PHI or Sensitive Information

  • Limit the information you include in an email to the minimum necessary information.
  • Whenever possible, avoid transmitting highly sensitive PHI (for example, mental health, substance abuse, or HIV information) by email.
  • Never use global automatic forwarding to send emails from your email account to another account.
  • Never send PHI by email unless you have verified the recipient’s address (for example, from a directory or a previous email) and you have checked and double-checked that you have entered the address correctly.
  • Always include a privacy statement notifying the recipient of the insecurity of email and providing a contact to whom a recipient can report a misdirected message.
  • Do not allow forwarding of a secure email.

The 15 Secure Email Identifiers that You Need to Know

In general, if you are sending an email that contains ANY of the following information then you should send it securely:

  • Names (if within a given context)
  • Social Security numbers
  • Medical record numbers
  • Account numbers
  • Health plan beneficiary numbers
  • Certificate/license numbers
  • Vehicle identifiers and serial numbers including license plates
  • Device identifiers and serial numbers
  • Internet protocol addresses
  • Full face photos and comparable images
  • Biometric identifiers (i.e. retinal scan, fingerprints)
  • Any unique identifying number or code
  • Payroll Information
  • Copies of insurance details/renewals
  • Banking information – ACH, account numbers, routing numbers, etc.

For information about our secure email solution, clients can contact their client account manager. If you are interested in learning more about our managed and cloud solutions contact us today!

Schedule a free 15-minute discovery call
We’ll discuss your IT requirements and assess whether we’re the right fit for you.


Liked the articles?

Well, there’s plenty more where that came from! Our incredible team is constantly on the lookout for the latest and greatest IT content to keep you informed about what’s cooking in the world of technology. Make sure you don’t miss out on our amazing content by subscribing to receive blog updates.

  • Remark: We will collect your information for marketing purposes. However, we respect your privacy rights. If you wish to access or amend any Personal Data we hold about you, or request that we delete any information about you that we have collected, please send us an email: info@mis-solutions.com
  • This field is for validation purposes and should be left unchanged.