Electronic protected health information (ePHI) must remain secure at all times, at rest and in transmission. When patient information is transmitted via e-mail to outside providers, placing OSUsecure in the subject line of the message encrypts the message. However, it only encrypts the message to recipients without an osu.edu domain e-mail address. Sending ePHI in this manner to an outside provider, even one at the Wexner Medical Center with an osumc domain e-mail address will encrypt the message. If any ePHI is sent to an osu.edu address within the college or university, it is not secure and does not follow the HIPAA guidelines.
For detailed information about OSUsecure emails, please read this IT Service Desk overview on Proofpoint (OSUsecure) Email Encryption.