When creating documents containing Protected Health Information (PHI), remember that ITS offers secure solutions to both store and send data.
Store PHI in Microsoft OneDrive
OneDrive, available in your Microsoft O365 account, is approved for PHI and available anywhere you have internet access. You can also share documents with anyone at WCM, and certain external users, like colleagues with .edu domains.
Please remember the “Minimum Necessary” Principle when sending PHI to external users, which states PHI should only be shared with those who have a need and are authorized to see the data. This might require an approved IRB protocol or a signed data sharing agreement.
Check out our Tech Tuesday demo on using OneDrive.
Communicating with patients
The most appropriate method for messaging patients is via Epic. Always make sure patient communications are being sent through Weill Cornell Connect.
Sending PHI with File Transfer & #encrypt
Email should be a last resort to send high-risk data if there are no other methods available. We recommend using Secure File Transfer only for emails with attachments larger than 25MB. Visit transfer.weill.cornell.edu to send large messages, and encrypt and protect your data in a secure environment.
If you have to email sensitive data to an external party, like a vendor, all you need to do is add #encryptto your email subject line. This encrypts your data and prompts the recipient to look at the message in a secure environment managed by ITS.