Sending Encrypted Mail

• The “Subject” line of an email must never contain HIPAA/PHI information. (e.g. name, SS number, diagnosis, PMHCC or other provider file numbers, etc.); Email Subject lines cannot be encrypted; therefore sending an email with HIPAA/PHI wording in the Subject line is strictly prohibited. Should an employee attempt to send an email with HIPAA/PHI wording in the Subject line, PMHCC’s technology will not send the email message to the recipient and the employee will be notified by the system of the violation.
• All emails sent between PMHCC Employees with a PMHCC.org email address are always sent encrypted regardless of the contents of the email. Employees do not need to do anything special to send HIPAA/PHI information to PMHCC Employees with a PMHCC.org email address.
• All emails sent to a Phila.gov email address are always sent encrypted regardless of the contents of the email. Employees do not need to do anything special to send HIPAA/PHI information to Phila.gov email addresses.
• If an employee is sending an email containing HIPAA/PHI information to an email address other than PMHCC.org or Phila.gov, the employee must include the keyword ‘secure’ in the subject line of the email. Alternatively, the employee may use the keyword 'secure' in the body of the email instead of in the subject line. The word secure can be in any form (e.g. secure, Secure, SECURE). Here are a few example subject lines:

Secure – here is the information you requested (or)

Here is the information you requested – secure (or)