Protected Health Information and Other Confidential Information

All hardware devices, including students' own devices and personal laptops, on which school email, file, or collaboration services are used must be encrypted. AirWatch MDM must be enabled for personal smartphones. Thumb drives or any storage devices that contain PHI data must also be encrypted. For more information or support, students should contact the Academic IT Support Center (, email: Students, faculty, and employees are responsible for ensuring that their devices are password enabled and encrypted.

The key points of the above policies are as follows:

  • Students may use only an ISMMS email account to communicate protected or confidential information. Emails containing PHI, financial information, or other confidential ISMMS information and/or social security numbers may not be sent or redirected to non-ISMMS email accounts.

  • The minimum necessary amount of PHI should be disclosed via email. When at all possible, student should use the Medical Record number, rather than the patient name, as the patient identifier.

  • Messages that leave the Mount Sinai Health System network and contain PHI or other confidential information must be encrypted using the ISMMS IT-approved solution described as follows.

  • Messages sent within the Mount Sinai Health System network are automatically encrypted.

  • Encryption will not prevent misdirection or unintended forwarding of a previous string of emails. Extreme caution must be exercised to prevent such risks. Students should be aware of their generated content.

Last updated