IM-29 April 9, 2015; IM-38 April 25, 2012; IM-16 February 23, 2012
Email is not a secure method of transmitting information. Email containing information of a confidential or sensitive nature must contain the following statement: “This communication is being transmitted by the Department of Social Services (DSS) and is confidential, privileged, and intended only for the use of the recipient named above. If you are not the intended recipient, unauthorized disclosure, copying, distribution or use of the contents is strictly prohibited. If you have received this in error, please notify the sender and destroy the material received.”
Transmitting information of a confidential or sensitive nature (i.e. Federal Tax Information (FTI), Protected Health Information (PHI), Personal Identifying Information (PII) such as SSN or DCN, etc.) via email to entities that do not have a mo.gov email address is only permitted if the email is encrypted. To encrypt an email and with or without attachments, type the following somewhere in the subject line: [encrypt].
When an email is sent using [encrypt] in the subject line, it will require decryption by the recipient of the email. Upon receiving and opening a DSS encrypted email the message instructs the recipient to open the attachment called “SecureMessageAtt.html”. When the recipient opens the attachment, they are prompted to click a button to read the message. The first time a recipient opens an encrypted message sent using the Proofpoint email encryption system, they are prompted to register with the Proofpoint email encryption system. This is a one-time registration process and is required to view the encrypted message. Detailed instructions to send or open, and to register to receive encrypted emails can be found at http://dss.mo.gov/encrypt.htm. DSS staff are encouraged to share this information with email recipients prior to sending an encrypted email.
Persons who are not State employees using a non-State email account will have the capability to send a secure email to FSD staff by following “Instruction #3: How DSS clients, business partners and end-users can send an encrypted email to DSS” found at http://dss.mo.gov/encrypt.htm.
Generally, federal tax information should not be transmitted by email. Protected information, including federal tax information, must not be transmitted by email outside of the DSS, either in the body of an email or as an attachment.
If protected information must be sent by email, staff may only send via the DSS internal email system and must ensure:
- The email recipient is authorized to receive protected information
- The email is encrypted
- No confidential information is included in the subject line of the encrypted email; the subject line displays even when the email is encrypted
- Any email attachment that contains protected information is encrypted
NOTE: When leaving their workstations, logoff or lock computers.