UTHSC Email Encryption

In the past, sending protected or confidential data via UTHSC email was prohibited for security reasons. However, you now can encrypt individual UTHSC emails and transmit sensitive information to anyone with the confidence that only the recipient(s) will be able to decrypt and read the message.

Encryption is easy to enable on a case-by-case basis. All you have to do is add the word encrypt anywhere in the subject line of an email sent from your UTHSC account, and you’re set! No special interface or website is needed for sending, and the message notification goes directly to the recipient’s inbox for easy retrieval.

Sending an Encrypted Email

In order to send an encrypted email using your uthsc.edu email account, add the word encrypt anywhere in the Subject line of your email, along with your regular Subject line information. (Words that contain “encrypt” in them, such as “encryption” or “encrypted” will not trigger the encryption process.)

NOTE: Encryption can be guaranteed only for UTHSC email sent via the UTHSC email router. Unless you have deliberately gone into your email software and changed the router for your UTHSC email, you are using the proper router that will allow for encrypted UTHSC emails.

Receiving an Encrypted Email

Recipients of encrypted emails will receive a message in their UTHSC email inbox notifying them of the encrypted email and stating the sender’s email address. The notification will contain an attachment (“message.html”) that provides instructions for accessing the actual encrypted message. See below:
sign in image

People with a Microsoft account (whether personal or business/academic) will use those credentials to sign in and access the message. (That means UTHSC and UTK members will use their NetID and password.) People without a Microsoft account must choose the option to receive a passcode, which is delivered to their email inbox.

Replying to or Forwarding an Encrypted Email

If the recipient chooses to respond to an encrypted message, encryption will continue to be enabled on the entire email thread as long as the recipient replies from the screen where the encrypted message is displayed (see below). This applies even if the Subject line is changed. Other recipients of the email will use the same process to view the encrypted information as described above.

image of exampe email with a green checkbox and circle highlighting the reply all option

IMPORTANT

Replying to the sender via the email that the recipient received in his/her inbox to notify them of the waiting encrypted message is not recommended, as encryption will be broken if the word encrypt is removed from the Subject line. Additionally, the initial encrypted message will be rendered unavailable.

example email showing a red x. encrypt is missing from the subject or body

Frequently Asked Questions

Show All Answers | Hide All Answers

(Click on a question to show/hide the answer.)

Why do I need to use encryption?

Close

Encryption ensures that protected or sensitive information is not intercepted during email transmission, thus protecting you and the university from potentially costly and reputation-damaging data breaches.

What types of emails should be encrypted?

Close

Any UTHSC email that contains the following protected or sensitive information must be encrypted:

  • Protected health information (i.e., patient record information)
  • Personally identifiable information (ex., social security number)
  • Credit card information
  • Any information protected by governmental or institutional regulations

How do I encrypt an email using my UTHSC email account?

Close

It’s simple. When composing your UTHSC email, just add the word encrypt anywhere in the Subject line. Then write your email as usual and send it on its way! The email server will do the rest.

Will similar words that include “encrypt” in their spelling trigger the encryption process?

Close

No. Words such as “encryption”, “encrypted”, etc. will not work to encrypt a UTHSC email. It must be the word encrypt.

What happens if I misspell the word “encrypt”?

Close

The email will not be encrypted. The sender must take special care to type this trigger correctly in order to enable encryption. One way to ensure this is to create an encrypted-email template that contains the word encrypt in the Subject line and use this each time encryption is required. See Microsoft’s instructions for creating a template in Outlook for step-by-step instructions.

If I accidentally add the word “encrypt” to my subject line, will my email be encrypted even if no protected or sensitive information is contained in the message?

Close

Yes. If the word encrypt is in the Subject line, then your email WILL be encrypted, regardless of the message content. For example, if the subject is “When should you encrypt email?”, then the email will be encrypted.

Will this work on my personal email account?

Close

No. Adding the word encrypt to the Subject line will only work to encrypt email if you are using your UTHSC email account and UTHSC email router. NOTE: Unless you have deliberately gone into your email software and changed the router for your UTHSC email, you are using the proper router that will allow for encrypted UTHSC emails.

Does Office 365 automatically encrypt every email?

Close

No. The sender MUST add the word encrypt in the Subject line to encrypt a UTHSC email.

What does the recipient have to do to view the email?

Close

An encrypted UTHSC email is just like any other message, except that it contains an HTML file attachment that the recipient must open and sign in to with Microsoft/Office 365 email account credentials or a one-time passcode. (The email includes instructions for viewing the encrypted message.) All of this is done directly in the recipient’s inbox.

Is the recipient’s reply to my email encrypted?

Close

Yes, the entire email thread will be encrypted.

Do I have to use encryption when sending protected or sensitive information to other UTHSC or UTK email addresses?

Close

Yes. Any UTHSC email that contains protected or sensitive information MUST be encrypted, regardless of the recipient.

Are attachments to encrypted emails also encrypted?

Close

Yes

IT Help? Try...

.    or    .

Contact Us

Information Security

877 Madison Ave
Memphis, Tennessee 38163
Phone: 901-448-1260
Fax: 901-448-8199
Email: itsecurity@uthsc.edu

Confidential Compliance Hotline:
901-448-4900