We are committed to upholding the strictest security on the information we communicate to you. 

The Australian Government sets policies and standards to encrypt all sensitive emails to non-government recipients that could pose a risk to you, NHMRC, the government or the public - if intercepted by somebody else.

The email encryption solution allows us to communicate securely with our important non-government partners, including Council and Committee members. The solution can be used with any email application, and is compatible with desktop computers, laptops, and notebooks.

Email encryption will occur automatically when an email is sent from NHMRC to you where the email has been classified at Official: Sensitive, including Information Management Markers (IMM’s).

Each time you receive a message in this manner, you will be asked to sign in with a one-time passcode. If you are expecting immediate replies, you will be able to check a box to keep the mail client signed in for 12 hours. Subsequent emails outside of this 12 hour period will require another use of the one-time passcode.

Email marked as Official will be sent without encryption.

Together, we can help ensure that sensitive and confidential information is kept safe.

One-Time Registration

Screenshot 1 is like the email you will receive the first time you receive an encrypted message from NHMRC. This email requires you to go through a 'one-time' registration process to view the message:

Screenshot of an encrypted message notification. The screenshot shows the email is locked with a button to unlock it.
Screenshot 1 - example of an encrypted message

Once you click on the 'Read encrypted message' button, you will be taken to the 'sign-in' screen as shown in screenshot 2. To sign-in, you must click the 'Sign in with a One-time passcode' button. Please note that the use of the word 'protected' in this screen is not referring to an Australian Government information classification marker.

Screen with link to Sign-in with a One-time passcode
Screenshot 2 - example of the 'sign in' screen

This will take you to the screen:

Screen with field to enter one-time passcode
Screenshot 3 - example of screen with field to enter to a one-time passcode

The one-time passcode will be sent to the email address that received the encrypted message. It will come from 'Microsoft Office 365 Message Encryption'. Please note that this passcode expires 15 minutes after it was requested.

Screen showing a one-time password with advice it will expire in 15 minutes
Screenshot 4 - example of one-time password screen

Receipt of Email

After entering your one-time passcode you will be taken to the email. This is a cut-down version of email, but will allow you to view the email, download any attachments, and reply to the email.

Replying to an Email

The reply screen will look like a cut down version of Outlook. You will be allowed to attach documents. NHMRC staff will receive the email as a standard email.

Please note that you will only be able to reply to the sender and anyone else in the email chain. Encrypted messages cannot be forwarded to anyone, and new recipients cannot be added.

Deleting an Encrypted Email

Once you have finished with the email (either by noting its contents or responding), you should delete the original email (containing the link to the encrypted email) from your inbox, unless your organisations’ records-keeping policies mandate the emails retention.