Email encryption for Rutgers


With the adoption of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), all communication containing Protected Health Information (PHI) must be encrypted. To ensure the confidentiality of private information sent via email and comply with privacy HIPAA regulations, Rutgers Connect uses multiple approaches to keep your information safe.

All email sent by users who have PHI flags is automatically secured with TLS Secure email. TLS is a cryptographic protocol that provides security between email servers. Most email servers are equipped to receive email that is sent via TLS. Rutgers is aware of some common email servers that are not equipped for TLS. If a PHI flagged user sends email to one of these known email servers, Rutgers Connect will automatically use the built-in capabilities of Office 365's, Office Message Encryption (OME) to protect your email.

If a PHI flagged user attempts to send an email to an email server that does not support TLS and is not known to Rutgers Connect, the sender will receive a bounce-back. Please review the following article to learn more about what to expect if you encounter this issue.

Please note: For backward compatibility with our previous encryption service, Zix Corporation, any message containing the keyword “ZIXSECURE” in the subject or body and leaving Rutgers Connect will have OME encryption applied to it. OIT does not recommend using keywords to force encryption. The keyword feature has been retained for specialized cases and may go away completely in the future as it is being replaced by the encryption features provided by OME.

Secure messaging is not just a government mandate; it is a practical way to conduct business. Email is not a private conversation; unencrypted email messages can be intercepted and read. Users can also protect emails that do not contain Protected Health Information by using the options provided by Office Message Encryption (OME).

The following documentation pages will help you understand how Office Message Encryption (OME) works.