Email and Encryption

As a health care organization and as health care providers we are obligated to do all that we can to protect and ensure the privacy of our patients and their health information. The federal Health Insurance Portability and Accountability Act (“HIPAA”) clearly states that a breach of this trust by any member of the health care community is subject to serious repercussions, including civil and criminal penalties.

Therefore, Mount Sinai Health System policies require all emails containing patient information to be encrypted.

To encrypt an email from a Mount Sinai Health System email account (,,,,, to a non-Mount Sinai Health System e-mail address (i.e.,,,,, etc.) include [secure] (the word “secure” in brackets) in subject line.
(For the former Continuum hospital users, you may also continue to use #secure# in the subject line.)

Use of any non-Mount Sinai Health System email account (Gmail, Yahoo, AOL, etc) to transmit sensitive information is strictly prohibited.

If you transmit patient information from your Mount Sinai Health System email address to another Mount Sinai Health System email address you need not take any action. These emails are automatically encrypted.

Compliance with our encryption policy and the federal HIPAA regulations are compulsory of all faculty and staff; failure to comply may result in disciplinary action, up to and including termination of employment and/or termination from the medical staff.

Thank you for your continued support of our ongoing efforts to ensure full compliance with HIPAA regulations and the protection of important data. Should have any questions please call Raymond Shelton at 212-523-7019 or Heather Chamides at 212-241-4669 for assistance.

Comments are closed.