Research Resources

Research Administration Offices and Shared Services
Research Administration Staff Directory
Research Business Operations
Innovate2Impact Program
Office of Clinical and Community Trials
Office of Research Development
Office of Research Integrity and Compliance
Smith Child Health Catalyst
- Training Resources and Tools
Biorepository
Laboratory Resources
Translational Services Research Lab
Histology and Microscopy Group (HMG)
- Microscopy
- Histology Services
Biostatistics Support Services
Bioinformatics Support Services
- Packaged Bioinformatics Services
Children's Surgery Methodology And Research Training Program
Translation Services for Research
The Consortium for Technology & Innovation in Pediatrics

Research Resources
Office of Research Integrity and Compliance
Research Compliance
Research Security

General File Sharing Guidance

When sharing information with colleagues at other institutions (e.g., Shirley Ryan, Northwestern University) or externally, it is crucial to ensure that files are transmitted securely. The Medical Center provides several secure methods for sending emails (suitable for text or small files) and sharing large files containing sensitive information.

View the Medical Center's Guidelines on Data Sharing Options.

Please note, as a general practice, researchers working with human subjects should prioritize privacy by minimizing the collection of personally identifiable information (PII) whenever possible. The best way to protect a research subject’s identity is by not knowing that identity in the first place. However, collecting PII is sometimes necessary for research, and, in such instances, existing standards and policies must be followed.

Ensuring the privacy and security of email communications is critical. The following are essential guidelines for Medical Center personnel on verifying email addresses, sharing information responsibly, and the steps to take if an email is ever mistakenly sent to the wrong recipient with sensitive information:

Double-check email addresses to avoid sending to the wrong recipient. Even one typo could result in an email being sent to the wrong recipient.
Share on a need-to-know basis. Only share with those who need the information for authorized purposes, and only share the necessary amount.
Confirm proper agreements are in place before sharing information with recipients outside the organization.
If an email has been sent to the wrong person, be sure to adhere to the following steps:
- Try recalling the message via Outlook.
- Contact the recipient and request that they delete the email.
- Report the problem to Lurie Children’s Office of Compliance and Integrity as soon as possible.
- Report via EthicsPoint, email, or phone at 833.416.6297.
- Ensure a copy of the information is retained.

Remember: Confidential information must only be shared for business purposes. Unauthorized personal email and public email accounts must not be used for confidential information.

Encryption is the process of changing a message to disguise its actual content from unintended recipients. Email encryption protects emails from being read by unintended recipients when traveling over unprotected networks.

Encryption must be used when using email to transmit the following information:

Any patient confidential information, including but not limited to a patient’s or parent’s name, address, employer, DOB, telephone number, medical record number, any other potentially unique identifier, etc.
Research confidential information, including but not limited to de-identified patient confidential information that is capable of being re-identified, research on Medical Center staff, cell lines derived from patients or other sources, etc.
Business confidential information, including but not limited to hospital strategies and marketing plans, price or cost data, supplier information, etc.

Sending an Encrypted Email

Using the Outlook Desktop Application
- Go to options: In the new email window, navigate to the “Options” tab.
- Select "Encrypt": Click on “Encrypt” and choose the desired encryption option. You can select “Encrypt-Only” or “Do Not Forward.”
- Compose and send: Write your email and hit “Send.”
Using Outlook on the Web
- Select "Encrypt": Click on the “Encrypt” button (lock icon) in the toolbar.
- Choose encryption option: From the dropdown, select “Encrypt.”
- Compose and send: Write your email and hit “Send.”
Using Microsoft 365
- Select permission: Go to “Options” > “Permissions” and select the protection option you need.
- Compose and send: Write your email and hit “Send."

Additional Tips

Recipients: Be sure your recipients can handle encrypted emails. They may need to verify their identity to view the message.
Attachments: Encrypted emails also encrypt attachments, so your files remain secure.

Auto-forwarding of Email

Automatic email forwarding removes your ability to assess whether a received message with privileged information or confidential data may be forwarded appropriately. You also lack control over who sends you emails, and if a message contains sensitive data, automatic forwarding may pose a true security risk. In the event of a data breach or compromise on a non-Medical Center email system, we have no access or controls to protect your information.

To ensure that Medical Center confidential data remains within our security controls, individuals who have access or receive High Risk data should restrict the auto-forwarding of luriechildrens.org emails.

To remove auto-forwarding in Microsoft Outlook, follow these steps:

Open Outlook.
- Launch the Outlook application on your computer.
Go to Settings.
- Click on the File tab in the top-left corner.
- Select Options from the menu.
Navigate to Mail Settings:
- In the Outlook Options window, select Mail from the left sidebar.
Manage Rules and Alerts.
- Click on the Rules and Alerts button.
Disable Forwarding Rule:
- In the Rules and Alerts window, look for any rules that forward your emails.
- Select the forwarding rule and click Delete or Disable.
Save Changes:
- Click Apply and then OK to save your changes.

If you are using Outlook.com (web version), follow these steps:

Open Outlook.com.
- Log in to your Outlook.com account.
Go to Settings.
- Click on the gear icon in the top-right corner.
- Select View all Outlook settings at the bottom.
Navigate to Mail Settings.
- Go to Mail > Forwarding.
Disable Forwarding.
- Uncheck the Enable forwarding box.
- Click Save to apply the changes.

Additional instructions are available on Microsoft.com.

Even if you do not access Protected Health Information (PHI), auto-forwarding should be disabled if you may access or receive any other sensitive data, as you cannot control the content others may send to you. Auto-forwarding PHI to an external service may lead to non-compliance with regulations such as HIPPA, resulting in legal and financial penalties.

When emails are auto-forwarded, messages sent to you by others are automatically redirected to another email service, which may not be protected by Medical Center security measures. While you may not anticipate receiving regulated or sensitive data, you cannot control what others send to you. By disabling auto-forwarding, you can ensure that PHI remains within the Medical Center’s secure environment, maintaining compliance and protecting patient privacy.

Share On

Research Resources

General File Sharing Guidance

Email Privacy and Security

Encrypted Email

Sending an Encrypted Email

Additional Tips

Auto-forwarding of Email

How do I Restrict the Auto-forwarding of my Email?

Auto-forwarding and PHI