COM-IT Data Loss Prevention Implementation

Dec. 8, 2021

The HIPAA Privacy Program has worked with the College of Medicine IT Department and other campus units to improve the security of our email systems. This involves the use of a data loss protection (DLP) solution. By utilizing encryption, DLP will reduce the risk for our end users when sending emails that unintentionally include protected health information (PHI). Enabling DLP will allow COM-T (College of Medicine Tucson) to continue our ongoing regulatory compliance efforts as required by HIPAA. We are providing answers to some frequently asked questions regarding our DLP Implementation: 

  • Who is enrolled in DLP? 
    • DLP will be enabled globally for all College of Medicine supported units.  
  • Will all my emails be encrypted? 
    • No, only emails that trigger DLP will be encrypted. 
  • Will I know if I trigger DLP? 
    • Yes, you will receive a response from the email system letting you know what triggered DLP. 
  • How does encryption affect my recipients? 
    • INTERNAL users' email will still be viewable through normal email clients. 
    • EXTERNAL users will use a 2-step approach by: 
      • Viewing the emails and double clicking on the attachment from within the encrypted email, and requesting a one-time PIN
      •  A one-time PIN will be emailed to the same email address. 
        • Use one-time PIN to open the encrypted email. 
  • I do not send sensitive data; can I opt out? 
    • If you do not send sensitive data, this implementation will not impact you. 
  • Will this delay emails? 
    • No email delivery delays are expected. 

We would also like to share and encourage you to follow these email best practices:  

  • Do not forward emails that contain sensitive information. If required to do so, when possible, redact the sensitive information. 
  • Seek alternative means of transmitting sensitive data. A list of approved PHI solutions can be found here: https://medicineit.arizona.edu/approved-phi-solutions 
  • Ensure that the correct email address is used for each recipient.  
  • By encrypting emails manually, you will bypass DLP. A straightforward way to encrypt your email is to use the [secure] tag within your subject line.  

On Friday, December 10th, 2021, the HIPAA Privacy Program and College of Medicine IT will enable DLP. If you would like more information, please visit the DLP website at https://research.arizona.edu/compliance/dlp. If you have any questions or concerns, feel free to contact COM-IT  https://comhelp.arizona.edu.