Auto-forwarding, forwarding, re-directing, or sending, receiving confidential or sensitive OUHSC information from OUHSC accounts to external, private email accounts is strictly prohibited. In addition, the auto-forwarding function will be disabled.
Transmission of Confidential or Sensitive Email
If confidential or sensitive OUHSC information, including but not limited to PHI, must be transmitted to a non-University email account or over an external network (e.g., the Internet), the message must be encrypted. Encryption options include typing [secure] in the email subject line, using the Proofpoint Secure Email plug-in for Outlook, and sending via a patient portal. (For sending PHI via email, refer to HIPAA Privacy Safeguards policy.)
Users may send confidential or sensitive University information via encrypted email only from their ouhsc.edu account and only to authorized recipients. For example, PHI may be sent only for treatment, payment, or operations purposes and to third parties with whom the University has a Business Associate agreement in place (contact Purchasing or the Office of Research Administration to confirm).
Individuals must not send, forward, auto-forward, re-direct, or receive confidential or sensitive OUHSC information through non-OUHSC email accounts. Examples of non-OUHSC email accounts include, but are not limited to, Gmail, Cox mail, Hotmail, Yahoo mail, AOL mail, and email provided by other Internet Service Providers (ISP).
Emails that contain confidential or sensitive OUHSC information, such as PHI or regulated data, must include a confidentiality notice at the end of the correspondence, such as: Confidentiality Notice: The information contained in this message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, distribution, or retention is strictly prohibited. If you are not the intended recipient, or believe that you have received this message in error, please notify the sender immediately by reply email and delete the original message.
Please be advised that monitoring of your computer system, email accounts, domains and servers may be necessary to detect, prevent and eradicate illegal or otherwise damaging use by internal and external users of the University computer network in order to protect the security and integrity of the University computer system. Such monitoring efforts could lead to the imposition of criminal and civil penalties to those users whose actions are illegal, unlawful, damaging, or threatening to the University computer systems. If you need additional information on OU's security efforts/policies, please visit the Information Technology website.
