New encrypted email system to protect the exchange of information

While IDF is not a medical system or healthcare provider, we take protecting constituent data and privacy very seriously. We have implemented a new protocol to encrypt any emails that contain either personal health information (PHI) or personally identifiable information (PII). 

When the Health Insurance Portability and Accountability Act (HIPAA) was established in 1996, there were no smartphones or wirelessly connected medical devices, and very few care providers stored electronic protected health information. In fact, many people did not have computers (or computing devices of any kind) in their homes. 

Today, communication systems allow for the sharing of personal information via laptops, tablets, and smartphones. Telehealth services now happen regularly via video conference. That convenience can come at a cost: more than 500 healthcare providers fell victim to ransomware attacks in 2020; data breaches put patients at risk of identity theft and financial fraud. IDF maintains physical, electronic, and procedural safeguards to protect the confidentiality and security of any personally identifiable information that you disclose to IDF. Stored customer information is kept in a secure environment where access is restricted to employees who need the information to perform a specific job. However, due to the nature of the internet, computer networks, systems, and other factors, no transmission of data over the internet is guaranteed to be completely secure.

What is an encrypted email and what does this mean for communication with IDF?

Because emails can be sent over unsecured Wifi networks and on multiple devices, they are extremely vulnerable. Email encryption involves disguising the content of an email message in order to protect potentially sensitive information from being read by anyone other than the intended recipient. Encryption will render the content unreadable for everyone except the intended recipients. In this case, that is you or IDF.

There is nothing that you have to do at the moment. Most emails (like newsletters, announcements, and emails that don’t include PII or PHI) will remain as they always have. But you may receive emails from IDF, either originating from IDF or as responses to inquiries, that are encrypted. 

An encrypted email will look like this:  

Download and save the attached message. It will be an HTML document.  Click to open the attachment. Once you open the attachment, you will have two choices: Sign in to a Microsoft account OR choose a one-time passcode. Choose the one-time passcode for the easiest experience.

Once you choose to get a passcode, one will be emailed to you. Type it into the open text box and read your email.

What is personally identifiable information (PII)?

Personally identifiable information (PII) encompasses any information that can be directly or indirectly linked to an individual’s identity, according to the National Institute of Standards and Technology (NIST).

PII includes, but is not limited to, Social Security numbers, passport numbers, driver’s license numbers, addresses, email addresses, photos, biometric data, or any other information that can be traced to one individual. Medical, educational, financial, and employment information all fall under PII.

What is personal health information (PHI)?

Protected health information (PHI) is a subset of PII, but it specifically refers to health information shared with HIPAA-covered entities. Medical records, lab reports, and hospital bills are PHI, along with any information relating to an individual’s past, present, or future physical or mental health.

PHI includes any individually identifiable health information, whether physical or electronic, including names, addresses, medical records (including diagnoses), photos, or any other health information that can identify an individual.