When is Secure Email (#encrypt) required?

Whenever you are sending ePHI to a recipient that is not on an approved OHCA email system, you must use Secure Email. The approved system includes @cumc.columbia.edu, @nyp.org, and @med.cornell.edu addresses.

Columbia (@columbia.edu) addresses are NOT part of the approved OHCA system due to the move of their email account space to LionMail. Secure Email must be used when sending to an @columbia.edu address, as well as other external institutions and companies including Gmail, Yahoo, etc.

The Columbia University Email Usage Policy includes details on approved OHCA email, see Section III D of the full policy text.