Secure Email (and File Transfer Service)

Data security is an important issue for all NIH users. As part of proper data management, we all have to comply with the security standards set by the Federal Information and Security Management Act (FISMA). A concrete step you can take to help protect data integrity at NIH, especially if you handle sensitive records like patient case files, is to know how to properly manage personally identifiable information (PII), such as social security numbers or birth dates. (For more on PII, see also the Interface article in issue 241, entitled Using the NIH Guide for Identifying Sensitive Information.)

It is especially important to ensure that email messages containing PII or other sensitive data are properly safeguarded. Although Public Key Infrastructure (PKI) encryption methods work well for users who share a public key within one directory (like the Central Email Service at NIH), making sure correspondents outside that directory have access to the correct public key is not always practical. Therefore, CIT now offers an alternative method to the existing PKI-based S/MIME mail — a web-based Secure Email/File Transfer service that makes it easy for NIH users to send secure and confidential email through our secure messaging platform.

What is Secure Email/File Transfer Service?

Secure Email is a new web-based CIT service now being offered alongside our existing Secure File Transfer Service. Secure File Transfer already allows NIH users to send large documents over a secure socket layer (SSL)/encrypted connection without having to obtain a PKI certificate. Initially, this service was meant for scientists (or other NIH staff) who wanted to send very large images or documents securely outside of the NIH network. It then became clear that this tool would also be very useful to NIH staff in need of a secure way to exchange information that can be categorized as sensitive or PII with patients or others outside of the NIH network.

Secure Email extends the existing Secure File Transfer service to email messaging, enabling NIH users to securely send and receive emails with or without large document attachments. While non-NIH customers cannot use Secure Email to send messages, they can receive encrypted email from the service. Using the Secure Email /File Transfer Service ensures the protection of PII and thoroughly secures all data and information being sent via email. Secure Email also offers a level of non-repudiation and tracks correspondence history.

The CIT Secure Email/File Transfer Service

All NIH users are preregistered to receive deliveries through this service and can access their messages at https://secureemail.nih.gov/bds/Login.do. Users are authenticated either through their Active Directory (AD) account (for NIH and HRSA users) or with a registered email address and password in the case of non-NIH users who are registered in the NIH External Domain. Currently, there is a 2 GB size limit on all email messages due to browser limitations, and stored files and emails will be deleted after 90 days. There is a small fee charged to your IC for using Secure Email/File Transfer Service.

How do I use it?

Secure Email is easy to use. As an NIH user, all you need to get started is to register for the service with the NIH Help Desk at http://ithelpdesk.nih.gov/Support/ or call 301-496-4357 (6-HELP) (local), 866-319-4357 (toll free), or 301-496-8294 (TTY). Once you have registered with the NIH Help Desk, you will be able to SEND your messages via Secure Email, after signing in at https://secureemail.nih.gov/bds/Login.do.

As a registered sender on this system, you can use it to send to any email address. Recipients, including non-NIH users, can always 'reply' back to the message they receive through the service.

Who can use Secure Email/File Transfer?

All NIH users and those non-NIH users registered in the NIH External Domain can use Secure Email to SEND and RECEIVE secured emails/files.

Other non-NIH users can only use Secure Email to RECEIVE and REPLY TO secured emails/files sent from NIH users. They cannot send messages.

Need help or have questions?

If you need help or have question relating to Secure Email, please contact NIH Help Desk at http://ithelpdesk.nih.gov/support/ to submit a request for support using our web form, or call 301-496-4357 (6-HELP) (local), 866-319-4357 (toll free), or 301-496-8294 (TTY).

Back to top of page