ALERT: About Encrypted Email Messages from UMHS (med.umich.edu)

Monday, March 2, 2015

2016 update: The U-M Health System has changed its name to Michigan Medicine.

The U-M Health System (UMHS) has implemented mail encryption for messages containing certain types of sensitive data that are sent outside the UMHS Exchange/Outlook email system. If you correspond with people at UMHS who need to share sensitive data with you, you may receive encrypted email.

UMHS encrypted emails are from an @med.umich.edu address and contain an attachment called securedoc.html. They are from people who use the UMHS mail system—UMHS (including the Medical School and more), University Health Services, and others.

As is true for any email attachment, do not open email attachments unless you are expecting them and they are from someone you know and trust.

Which Messages Are Encrypted?

  • Messages encrypted by the sender. Those who use the UMHS Exchange/Outlook email system are being asked to identify messages that contain sensitive institutional data, such as potentially identifiable patient information, so the system can encrypt them. To do that, they put [SECURE] in the subject line. (The word [SECURE] does not appear in the subject line when the recipient gets the message; the system removes it after encrypting the message.)
  • Messages encrypted by the tool. The UMHS encryption tool uses an algorithm to identify messages that may contain sensitive data and automatically encrypts them.

Messages that are not identified by either the sender or the tool as sensitive are not encrypted.

Recognizing UMHS Encrypted Messages

Encrypted messages from people at UMHS:

  • Are from an @med.umich.edu email addresss.
  • Have an attachment called securedoc.html.
  • Have the message text displayed below:

    Screen shot of the message text, which states that the actual message is contained in the attachment and provides instructions for opening it. Basically, you download it and use a web browser to view it.

How to Open and View a UMHS Encrypted Message

The actual message is contained in the attached securedoc.html file. You will need to download and open that file.

  1. Verify the trustworthiness of the message:
    1. Check that the From address ends in @med.umich.edu. Be aware, though, that From addresses can be forged.
    2. Do you know the sender? Are you expecting an email from that person with an attachment? If not, contact the sender and ask whether they sent you the mail to be sure before opening it.
  2. Download and save the securedoc.html file to your computer. UMHS recommends that for best results you save the file rather than viewing it online.
  3. Open the file using a web browser, such as Chrome, Firefox, Internet Explorer, or Safari. To do this in Chrome, for example, go to the File menu and select Open File. Then navigate to the file on your computer and open it.
  4. You will see a message envelope. In that envelope, click the ACKNOWLEDGE or OPEN button to see the message itself.

    Screen shot of the envelop with the ACKNOWLEDGE or OPEN button that you need to click to open the message.

    If the message itself contains attachments, the button will be labeled, OPEN ONLINE. You will need to click that button to decrypt and open the attachments.

Using a mobile device? Forward the encrypted message to [email protected] to receive a mobile login URL you can use to view the message.

Protecting Downloaded Encrypted Messages

  • Do not store downloaded securedoc.html files on your computer unless you have a secure way to do so and your computer is appropriately encrypted.
  • If you need to keep a copy of the file, store it using a service that is approved for the type of sensitive data it contains. See the Sensitive Data Guide to IT Services for help.

Questions?

For answers to questions about, or help with, UMHS enrypted email:

  • Send email to [email protected].
  • Call the Medical Center Information Technology (MCIT) Service Desk at (734) 936-8000.
  • Call the Medical School Information Services (MSIS) Help Desk at (734) 763-7700.