It is important that all email communication containing PHI and PII is kept confidential. We've made this process easy for you with ZixCorp's protection services. There are no keys to exchange or cumbersome steps to remember, and it works seamlessly with our current email application, so there's no learning curve and no information to transfer. Email messages containing PHI should be sent securely. Recipients go through a few simple steps to access messages and can also respond securely to email messages, free of charge. FAQ and instructions are below.

If you have any questions, please call the Helpdesk at 516-470-7272 or E-mail ISHelpDesk@northwell.edu


What is Secure Messaging?
Secure Messaging is the automatic process of: Identifying outbound email messages that contain Protected Health Information (PHI), Personally-Identifiable Information (PII), or other sensitive information. Encrypting, automatically or on request, the email messages that have been identified as containing PHI or other sensitive information. Sending encrypted email messages using ZixCorp's Email Encryption Services. Please note that the above applies only to Email sent to external recipients. Email sent to other Northwell Health employees does not leave the Northwell Health network and does not need to be encrypted.

Why are we implementing Secure Messaging?
With the adoption of the HIPAA guidelines, it is required that all communications containing PHI be secured. To help implement this important and practical security measure, we are using secure messaging services to protect our email communications and ensure all PHI remains confidential.

What type of messages should be encrypted?
Any messages containing PHI, PII or any information that can be considered sensitive should be encrypted.

What is PHI and PII?
Under HIPAA, Protected Health Information (PHI) is any information about health status, provision of health care, or payment for health care that can be linked to an individual. Personally Identifiable Information (PII) is information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual.

What if PHI is in the email message Subject Line?
It is not practical to encrypt the Subject Line of an email message. Therefore, any E-mail messages that contain PHI or SSN in the Subject Line will be rejected and returned to the sender. You will need to remove this information from the subject line and resend the message. You will receive notification if your message was rejected.

How do I send a Secure Message?
There are three options:

What if the recipient does not retrieve the message?
If the recipient does not retrieve the message before the expiration date, you will receive an expiration notification message. The original message will be deleted from the secure Web site. The recipient will have 45 days to retrieve the message before it expires. Several reminders will be sent to the recipient before the message expires.

What if the message was sent to an organization that also uses Zix?
Messages sent internally, to colleagues, do not need to be encrypted. If there is a chance that your message will be forwarded to someone outside Northwell Health, please encrypt the message. Messages sent to external recipients who also happen to be using Zix, will be encrypted and decrypted transparently, meaning the recipient will see the message in their Inbox and will not need to use the portal. Hundreds of organizations Northwell Health communicates with are Zix clients, and there are over 30 million users in the ZixDirectory.
© Northwell Health 2012