The College of Medicine is working in conjunction with various units around campus to help improve the security of our email systems. This involves turning on data loss protection (DLP). DLP is a strategy for making sure that end users do not send sensitive or critical information outside an organization's network. DLP products use business rules to classify and protect confidential and critical information so that users do not accidentally or maliciously share data whose disclosure could put the organization or individual at risk.
Soon all emails that contain sensitive information will be automatically encrypted. Sensitive data should be redacted from email whenever possible, but COM-IT now supports this new protection allowing it to be sent securely when no alternative exists. Faculty and staff can still manually encrypt any email by following the email encryption section below.
Best Practices
- Do not forward any email you receive that contains sensitive information. If it is required to do so, redact the sensitive information before replying.
- Seek alternate means of transmitting sensitive data. (secure web applications, phone, etc.)
- Become familiar with the University of Arizona's Data Classification and Handling Standards
- See IT Security's best practices website for more information
- Subject Lines do not get encrypted. Do not add PHI to the Subject line.
Encrypt Proactively
If you encrypt the email yourself, the system will recognize this and let the email through without alerting you.You are able to use the [secure] and [encrypt] tags within the subject line of your email. To review other encryption options please visit: https://it.arizona.edu/documentation/uaconnect365-email-encryption
Frequently Asked Questions
DLP helps identify when email and data are being sent externally to the University in a way that may violate University policy. This will allow the University to be in compliance with HIPAA while helping faculty and staff avoid accidental and unintentional disclosures of PHI.
No email delivery delays are expected with the implementation of this service.
For INTERNAL users the answer is no, email will still be viewable through the normal email clients. ( e.g. Outlook, OWA)
For EXTERNAL users, the process they will be 2 step approach:
- Double click on the attachment from within the encrypted email, and request a one time PIN
- one-time PIN will be emailed to the same email address
- Use one-time PIN to open up the encrypted email.
Not everything, only emails that trigger DLP will be encrypted.
If you send an email that triggers DLP the system will email you right away letting you know. There is no need to be alarmed as the email has flowed through to its intended recipient. Notifications can be used to correlate the cause of the DLP system being triggered.
DLP will be enabled globally for all units under COM-IT. If you do not send sensitive data, this implementation will have no impact on you.
Initially, sensitive data will include protected health information (PHI).
Below are a couple of examples to get you familiar with any visual updates:
If you have any questions or concerns please reach out (520)626-8721 or submit a request through our ticketing system https://comhelp.arizona.edu