USE OF SECURE UCSC EMAIL WITH VIRTRU

Effective Date: 
Tue, 09/29/2020
Policy: 

UCSC has adopted a product called Virtru for secure Email (Gmail via Chrome browser) and Documents (Google Drive).  Select units have been given access to Virtru including many categories and departments of SH&W including management, supervisors, primary care, psychiatry, CAPS, case management, health information management, insurance, ancillary services, SHOP and CARE.

Virtru users can send email containing P3 and P4 data (includes PII or PHI) including attachments as long as they have Virtru enabled correctly and follow the procedures articulated in this policy.

Procedure: 

Eligibility

Contact your supervisor if you fall into one of the approved categories above or feel you have a business need to have secure email

Users are managed via google group named virtru-provisioning.
Only SHS and ITS admins can administer the group.

Installation and Use

It is responsibility of the user to ensure that Virtru is installed and enabled correctly.
Step 1 Install & Activate for email

a. Gmail users install the Chrome extension or Outlook for email add-in (How to for Outlook)
b. You may also install for your Android or IOS Device for email encryption.
c. In the setup process I am being asked to grant Virtru access to information, for both the email and drive installation is this okay? 
d. Yes, Virtru has passed a supplier security review with UCSC.

Step 2 Install & Activate for Google Drive

a. Install for Drive
b. In the setup process I am being asked to grant Virtru access to information, for both the email and drive installation is this okay?
c. Yes, Virtru has passed a supplier security review with UCSC.

When to use Virtru

a. When sending any information containing level P3 or P4 data (includes PII or PHI) including email messages and attachments, send securely with Virtru protection on.

https://its.ucsc.edu/policies/data-protect.html 

b. For student communication – it should be last resort; secure message should be used first.
c. Do not use for PCI (credit card) data

Step 3 Start using

a. How to use Virtru
b. The subject line is clear text – never put anything secure (patient name) into subject line.
c. You can use Virtru to communicate with other staff, vendors, insurance companies, outside providers, etc.

NOTE: they need to already have an approved usage of the data. Don’t just email random people our secure data.

d. Virtru does not replace documenting in the patient/client record. (i.e. I emailed this to a patient).  Document in the note to cover you.

References

https://its.ucsc.edu/policies/data-protect.html 

 

Link to instructions:

https://docs.google.com/document/d/1T0fKybxBd8RQcx_OSv1f9FnrF5XYhC86L0INf628mDo/edit?usp=sharing