Sending Information Securely


Often we need to send files, documents and other information to colleagues at Stanford and elsewhere. To make sure that files containing High, Moderate, or Low Risk Information (previously Prohibited, Restricted or Confidential information) make it to their destination securely, Stanford provides you with a way to send secure email (for text or small files), and a way to send large files of sensitive information (for files up to 20GB).

(If you've been using a cloud-based service like Gmail, GoogleDocs or DropBox to send files, please see our page on Cloud Computing for tips on what services are secure and approved, and what services aren't.)


Stanford Secure Email

You may not have realized it, but Stanford's own email service has a secure function built right in. If you have a Stanford email address, you can send secure emails just by adding something to your subject line, within your regular email program.

The short instructions:

  1. Make sure that your email program is properly configured (if you're using Zimbra Webmail, it's already set up to work with Secure Email).
  2. Start composing an email; to make it secure, just include Secure: anywhere in the subject line. (You don't even need to remove the Re: if it's a reply.)
  3. If your recipient is not a Stanford employee, they'll have to create a login to "pick up" their secure message.

The long instructions: To find out all about the service, visit the official website at


MedSecureSend (MSS)

Sending a file of up to 20G is easy with MedSecureSend; you just create a temporary login to the system, and you can send files securely to your collaborators anywhere in the world, Stanford affiliates or not. The MSS interface is like a webmail program, so it's easy to use. Visit our MSS tutorial to get started.

NOTE: All MSS accounts are temporary, and sending privileges expire after 30 days of inactivity. If your account is not behaving as expected, just create a new one (you can even use your existing login name).


Email by Smartphone: Mobile Device Management (MDM)

IRT provides Mobile Device Management (MDM) to users of smartphones and other internet-ready mobile devices. MDM configures your phone or tablet with the proper security settings, so that if your device is approved, you can use Stanford email and VPN settings.

Currently MDM is only available for Apple devices and some Android devices, so on our MDM page we outline which devices are approved for which levels of sensitive information, and how best to secure your device. Visit our page on MDM for more info.


Stanford Medicine Box

Stanford Medicine has collaborated with to provide enterprise document management and collaboration in an environment that meets Stanford security requirements. Box is an easy-to-use platform that you can log into with your Stanford credentials. (It is NOT approved for High Risk information.) Box supports creation, management, and collaboration for documents that have been written in common desktop tools (like Microsoft Word and Excel).


If you have an SUID, you can log in now to set up your account. Visit the page on Stanford Medicine Box for more info.


External Drives

If you need to transport or store sensitive data on a physical medium, such as a USB drive or external hard drive, Stanford security regulations require that drive to be encrypted. There are commercial options we recommend, such as the Apricorn Aegis Padlock and the Apricorn Secure Key. (IRT Security is looking for options to provide School of Medicine affiliates with the drives free of charge.)

It is also possible to encrypt a drive yourself, using your operating system's native encryption software. (Note: Some methods require erasing the drive, so make sure to back up any necessary information beforehand. Also, it's possible there may be problems with compatibility, if you attempt to use the encrypted drive on an older computer.)

Mac OS 10.8 and later:

  1. Connect the drive to your computer.
  2. Right-click (or option-click) on the drive's icon, either in the finder window or on your desktop, and select the "Encrypt" option.
  3. A dialog box will pop up, and ask you to choose a password and provide a hint. Remember: if you forget your password, you won't be able to access your drive, so choose one that's easy for you to remember, but difficult for others to guess. Once you've chosen a password and hint, click "Encrypt Drive."
  4. Once you've pressed "Encrypt Drive," there won't be a progress bar or other indication that the encryption process is happening—but it is, so take care not to eject the drive or let your computer sleep until the disk has been successfully encrypted.
  5. To check whether the drive's been encrypted, right-click (or option-click) the drive and select "Get Info" (or highlight the icon and press command-i) to bring up the information dialog box. If the disk is encrypted, the "Format" will read "Mac OS Extended (Journaled, Encrypted)."
  6. Now, when you eject the disk and re-insert it, it will ask you for a password.

Note: If you have Mac OS 10.7, or if you received an error requiring a "GUID Positioning Table (GPT) Partitioning Scheme," you need to encrypt using Disk Utility, which will erase the disk first (so if there's information that you need to keep, save it to your hard drive first):

With the disk still connected, open Disk Utility and select the appropriate external drive.

  • If you received an error requiring a "GPT partitioning scheme," select the Partitions tab, find the option for "GUID Partition Table"  and click "Apply."
  • If you have MacOS 10.7, select your drive in Disk Utility and select the "erase" tab
  • For "Format," select Mac OS Extended (Journaled, Encrypted)
  • Click "Erase" to proceed.
  • Choose a strong, easily-remembered password, and an appropriate hint, and click "Erase" again to begin the formatting process.
  • When the process is finished, you can eject the disk and re-insert it; each time you connect it, the disk will ask you for the password.