HTML Preview Email Encryption Memo In Format page number 1.
O FFICE OF THE GOVERNOR | MISSISSIPPI DIVISION OF MEDICAID
To: All DOM Independent Contractors
From: Nicole Litton, Deputy Administrator for Policy & Compliance and
HIPAA Privacy Officer
Date: April 22, 2014
Re: DOM’s Email Encryption Policy
It is DOM’s policy that emails containing Protected Health Information (“PHI”) or Personally
Identifiable Information (“PII”) sent outside of the agency network be encrypted by the sender.
If you are a DOM Independent Contractor with an email address that does not end in
“@medicaid.ms.gov”, you will need to enroll in DOM’s Cisco Secured Email service in order to
view any encrypted emails sent to you by a DOM workforce member. For your convenience,
instructions on setting up your account have been attached to this memo. Using the Cisco
Secured Email service will allow you to receive and respond to encrypted emails sent by DOM
personnel. You will not be able to initiate a secure e-mail to DOM through this service.
By executing the DOM Business Associate Agreement you agree, “…to use appropriate
safeguards and comply, where applicable, with the Security Rule to prevent Use or Disclosure of
PHI….” (See Section III (b)). In order to adhere to this obligation you should take the necessary
steps to protect DOM PHI or PII contained in all electronic transfers with encryption software or
a program that uses FIPS 140-2 certified algorithm which is 128 bit or higher, such as AES.
Encryption can be end to end at the network level, or the data file containing PHI can be
encrypted.
If you are not currently transferring DOM PHI or PII in this manner, please address this issue
immediately. If you do not have the encryption capabilities as described above or have questions
regarding e-mail encryption as it pertains to DOM PHI or PII, please contact the DOM Security
Officer at 601-359-6064.
Attachment
MEMORANDUM