Skip to table of contents

Skip to main content

1.4 - Prohibiting Forwarding of OUHS Email

Updated: 7/12/2024

Auto-forwarding, forwarding, re-directing, or sending, or receiving confidential or sensitive OUHS information from OUHS accounts to external, private email accounts is strictly prohibited.  In addition, the auto-forwarding function will be disabled.

Transmission of Confidential or Sensitive Email

If confidential or sensitive OUHS information, including but not limited to PHI, must be transmitted to a non-University email account or over an external network (e.g., the Internet), the message must be encrypted.  Encryption options include typing [secure] in the email subject line, using the Proofpoint Secure Email plug-in for Outlook, and sending via a patient portal. (For sending PHI via email, refer to HIPAA Privacy Safeguards policy.)

Users may send confidential or sensitive University information via encrypted email only from their ouhsc.edu account and only to authorized recipients.  For example, PHI may be sent only for treatment, payment, or operations purposes and to third parties with whom the University has a Business Associate Agreement in place (contact Purchasing or the Office of Research Administration to confirm). 

Individuals must not send, forward, auto-forward, re-direct, or receive confidential or sensitive OUHS information through non-OUHS email accounts. Examples of non-OUHS email accounts include, but are not limited to, Gmail, Cox mail, Hotmail, Yahoo mail, AOL mail, and email provided by other Internet Service Providers (ISP).

Emails that contain confidential or sensitive OUHS information, such as PHI or regulated data, must include a confidentiality notice at the end of the correspondence, such as Confidentiality Notice: The information contained in this message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, distribution, or retention is strictly prohibited. If you are not the intended recipient or believe that you have received this message in error, please notify the sender immediately by reply email and delete the original message.

Please be advised that monitoring of your computer system, email accounts, domains, and servers may be necessary to detect, prevent, and eradicate illegal or otherwise damaging use by internal and external users of the University computer network to protect the security and integrity of the University computer system.  Such monitoring efforts could lead to the imposition of criminal and civil penalties to those users whose actions are illegal, unlawful, damaging, or threatening to the University computer systems. If you need additional information on OU's security efforts/policies, please visit the Information Technology website.

Return to top