University faculty, staff, students, and affiliates may not transmit confidential data via email and/or via email attachments unless the message and attachments are encrypted.
For transmission of email messages containing confidential data within the University's Google domains, encryption of these messages occurs with the integrated feature of Google Message Security policy-enforced TLS (Transport Layer Security). External encryption occurs either by policy based encryption or the use of keywords added by the sender.
Policy based encryption is the automatic process of:
Clinical departments that handle sensitive data may have their email routing configured to automate the process of encryption for external emails. Contact your department IT support to confirm.
If your message is encrypted based on policy, you will receive an email notifying you this has occurred with instructions to resend your message with a subject keyword of insecure or cleared.
If the recipient does not retrieve the message before the expiration date, the sender receives an expiration notification message. The original message will be deleted from the secure website.
Transmitting encrypted email to external (not vcu.edu or vcuhealth.org) recipients is achieved by adding a keyword to the subject line.
Receipt of encrypted email only applies to external email contacts. Those with vcu.edu and vcuhealth.org email addresses will receive secure email messages directly in their Inbox.