Zix Secure Email from the RDCRN REDCap instance

In order to ensure the highest level of security and confidentiality for e-mail based communication originating from the REDCap electronic research data capture system, the RDCRN DMCC has contracted with leading email encryption provider Zix. Zix’s encryption assurance as well as its web-based email portal now allows RDCRN studies to, e.g., send pdf copies of completed REDCap-based eConsent forms to study participants or send e-mail based reminders for participants to fill out surveys on a regular schedule.

The RDCRN’s REDCap instance has now been configured to send all outgoing email traffic through Zix. Zix first determines if the recipient’s email domain supports end-to-end encryption, in which case the message will be delivered normally. The message will include a blue banner that says “This message was sent securely using Zix”:

This should be the standard delivery method for messages sent to institutional email addresses supporting end-to-end encryption as well as various common free email providers such as the following: aol.comatt.netcomcast.netearthlink.nethotmail.comlive.comme.commsn.comsbcglobal.netverizon.netyahoo.com, and gmail.com. Please note that research participants need to consent to email communication before sending email messages.

If the recipient domain does not support end-to-end encryption, then the email message will be redirected to the Zix Portal. The recipient will receive a notification from Zix that a secure message is available for them to read in the portal:

 

By clicking ‘Open Message,’ the recipient will be directed to the Zix portal where they will be asked to register and sign in to their secure inbox. Messages in the portal inbox will expire after 30 days.

It is important to know that currently only email traffic originating from RDCRN’s REDCap instance automatically sends securely using Zix. Any replies and subsequent responses are not automatically secured through Zix or encrypted. Research study staff should follow their institutional policy regarding secure communication via email.