SERVICES & SOLUTIONS

Secure Email

The Health Science Center's secure email service provides a solution for University members who must communicate securely with organizations, companies, or individuals outside of the university. This solution meets state and federal requirements that prohibit transmitting sensitive information (patient data, student records, Social Security numbers, credit card information, etc.) in an unprotected format. The primary users of this product will be physicians, clinicians, researchers, billing agents, etc., but it can be used by anyone needing to communicate securely with those outside our organization. When used as described below, the secure email product transmits encrypted messages that only the intended recipients can read.

To send a secure message:

Place two plus signs (++) at the beginning of the message’s subject line.  This tells the University’s email system to transmit this message securely.

Message Header

When the message is processed, the "++" will be removed and replaced with "[SECURE MESSAGE]".

Additional information regarding secure messages:

  • Only outbound messages are affected: Messages sent internally are not required to be encrypted and therefore are not processed by our secure mail service.
  • Attachments: The entire message, including attachments, is encrypted.
  • Size limit: There is a 10 MB size limit for secure messages. This limit is necessary because encrypting and decrypting large files causes inordinate delays in the processing of secure messages, especially when being opened by the recipient. Contact the IMS Service Desk for options to send messages larger than 10 MB.
  • Automatic read reciepts: The sender will automatically receive a read reciept when the message is opened by the recipient.
  • Secure reply and forwarding: The recipient can reply to or forward the message securely from within CRES; doing so will ensure the contents remain secure.
  • Automatic encryption: In addition to manually invoking encryption by using "++" in the subject line, all messages leaving UTHSCSA are scanned for sensitive content including PHI, social security numbers, and credit card information. If the scan determines that such information is contained in the message or any attachments, the message will be automatically encrypted and you will be notified of such. (Messages with "++" on the subject line are not scanned.)
  • Message expiration: At the present time, secure messages never expire. However, secure messages can be locked at any time; this will prevent the message from being subsequently opened. Please contact the IMS Service Desk if you need to lock a secure message you have sent.

To read a secure message:

How you read a secure message depends on whether you are an internal UTHSCSA recipient or an external (non-UTHSCSA) recipient.

Internal UTHSCSA recipients

If you receive a secure reply to a message you sent, it is transmitted back to UTHSCSA's mail servers via a dedicated secure channel. As a result, it should be delivered to your inbox as a regular email message that requires no special steps to open. If that channel fails, then you will receive a standard "registered envelope"; if this happens, follow the instructions for external users below.

External (non-UTHSCSA) recipients

Recipients outside of UTHSCSA will receive secure messages in a "registered envelope" via the Cisco Registered Envelope Service (CRES). The message will state "You have received a secure message from The University of Texas Health Science Center at San Antonio" and will have an attachment named "securedoc_xxxxxxxxxxxxxxx.html" (e.g. "securedoc_20131210T153959.html"). The attachment contains the encrypted message and code that enables your computer to open the message. First-time users need to register with CRES before they can open the message. Please follow the corresponding instructions below to open a secure message.

First-time users: The first time you open a registered envelope with a given external email account, you will need to register that account with CRES. The registration process is fairly straightforward and takes just a few minutes. After registering, you will use the password created during registration to open subsequent secure messages from UTHSCSA.

  1. Open the message in the inbox, then open the file attachment called "securedoc_xxxxxxxxxxxxxxx.html".
  2. You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it from the location where you saved it. For instance, if you saved the file to your My Documents folder, go to your My Documents folder and double click the file "securedoc_xxxxxxxxxxxxxxx.html". This should open it in your web browser. Note that on some email clients, the attachment may open automatically; however, we still recommend you save it to your computer and open it directly from there.
  3. You will see an image of an envelope with information about the email message. Verify that the "to" line displays your email address, then click the "REGISTER" button.
    * If the "to" line does not display the email the address where you received the message, click "My address is not listed", type in the correct address, and then click "SUBMIT". On the next page, verify your email address, and then click "REGISTER".
    * If you have an "OPEN" button instead of a "REGISTER" button, leave the password blank and click the "OPEN" button.
  4. A new user registration page should be opened. Complete the registration form and click the "REGISTER" button.
  5. After submitting the new user registration form, you will receive a separate email message to confirm and activate your account. Open that message and click the "Click here to activate this account" link within the message.
  6. You should now see a page that confirms you have activated your CRES account. If so, continue to the "Existing users" section below to view the secure message you received.

Existing users: After you have registered with CRES, you will use the password you created during registration to open secure messages from UTHSCSA.

  1. Open the message in the inbox, then open the file attachment called "securedoc_xxxxxxxxxxxxxxx.html".
  2. You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it from the location where you saved it. For instance, if you saved the file to your My Documents folder, go to your My Documents folder and double click the file "securedoc_xxxxxxxxxxxxxxx.html". This should open it in your web browser. Note that on some email clients, the attachment may open automatically; however, we still recommend you save it to your computer and open it directly from there.
  3. You will see an image of an envelope with information about the email message. Verify that the "to" line displays your email address.
    * If it does not display the email the address where you received the message, click "My address is not listed", type in the correct address, and then click "SUBMIT".
  4. Enter your CRES password and click the "OPEN" button to view the secure message contents.

If you experience problems while trying to open your message, click the "Open Online" link at the lower right corner of the envelope if it's present, then enter your CRES password and click the "Open Online" button. The message will then be transmitted to the CRES server for decryption and then displayed in your browser. (Note that the message is not stored on the CRES server once it is decrypted.)

If you still cannot open your message, please follow the "alternate method" directions below.

Alternate method and mobile devices: If you cannot open your message using either of the methods above or if you are using a mobile device, simply forward the entire message (including the attachment) to mobile@res.cisco.com. Within a minute or so, you should receive an email message back from CRES with a link to open your message. Click the link, ensure your email address is shown on the "to" line, click the "Open" button, then enter your CRES password and click the "Open" button again to view your message. (If you use this method, your message will be stored on the CRES server for eight hours.)

Still can't open your message? If you cannot open your message after trying all of the steps above, please contact your IT support or contact the UTHSCSA secure email administrator at postmaster@uthscsa.edu.

Frequently Asked Questions

Questions or problems?