Beware of risks associated with automatic forwarding

Automatic email forwarding to a non-UAB IT account is permissible, but be sure you understand the risks and policies that affect you.

Storage or forwarding of Restricted/PHI data is not permitted in uab.edu email.  However, if you receive an email containing Restricted/PHI information and you have configured your mailbox to forward to a third party; this will lead to a breach of this information.


Also, UAB IT encourages faculty, students and staff not to automatically forward email to non-UAB accounts because of the lack of security oversight of those types of services; data protection concerns around FERPA and HIPAA; and the desire to guarantee the best possible supported user experience on campus.

If you choose to set up email forwarding, please note:

  • Any UAB message, regardless of location, is subject to UAB open records policy.
  • Any phishing remediation resulting from forwarding messages will be charged back to the individual, not the department.
  • Information forwarded to third parties, outside of UAB contracts, could constitute an unauthorized disclosure of restricted information. You are liable for these disclosures.
  • It is a violation of UAB HIPAA policy to forward email containing sensitive information or Protected Health Information to public email systems.