April 28, 2011

Tool For Sending Sensitive Data Electronically Via Secured Email Attachment Application

The Secure File Transfer Application (FTA) is a tool workforce members can use with email to securely transfer files of information.

Vanderbilt University Medical Center (VUMC), through its Information Privacy and Security Executive Committee, regularly assesses the operating and computing environment to identify risk factors and define safeguards against intentional or unintentional disclosure of Protected Health Information (PHI), person-identifiable, or other confidential or proprietary information created, used, or maintained by Vanderbilt.

The FTA is a companion process to support compliance of the Electronic Messaging of Individual Identifiable Patient and Other Sensitive Information policy OP 10-40.37 to assist in secure file transfer.
Electronic messages (e.g. email, text messaging, or instant messaging) may contain information that is regarded as sensitive by either the sender or receiver.

VUMC policies define several categories of sensitive information including Protected Health Information (PHI); Research Health Information (RHI); and Personal Information that may contain individually identifiable information about patients, employees, students, or research participants. Individually identifiable Sensitive Information is not to be transmitted by Vanderbilt Workforce Members over electronic communication systems without taking appropriate measures to safeguard the security of the information against message interception, content alteration, or unauthorized disclosure.

(Use of secure messaging via the StarPanel message basket system is the preferred mode of electronic messaging among and between VUMC clinical staff and faculty about a specific patient.
Also, the preferred method for communicating between a provider and a patient is My Health at Vandy.)

It is the File attachment that is secured, rather than the text of the email.

The FTA should be used for transferring confidential or sensitive information but not for general file attachment use.

Workforce members should use the File Transfer Application when they need to send protected health information, research health information, and other sensitive information to transfer electronically.

Examples of uses for the FTA include, but are not limited to:
Emailing PHI or RHI to a coworker
Emailing PHI to a Payer
Emailing PHI or RHI to a regulatory or registry body.

The main Secure File Transfer Application email is located at https://accellion.mc.vanderbilt.edu/courier/1000@/mail_user_login.html 

Workforce members use their Vanderbilt email address as the userID and their ePassword to sign in to the application.

Further information about how to use the application and a training document can be found on the Privacy and Security Website located at http://www.mc.vanderbilt.edu/root/vumc.php?site=InfoPrivacySecurity&doc=30530