What is it?
Encryption protects information stored on a device by scrambling the data. Only someone with a “key” (usually a password) is able to retrieve the data.
What do I need to know or do?
As representatives of UW Medicine, medical students are personally, professionally, ethically, and legally responsible for their actions. It is essential to safeguard data (electronic or paper), which is used or accessed, that is confidential (protection of data required by law) and that is restricted (considered protected by either contract or best practice, including research data).
All medical students must adhere to requirements for device encryption, email forwarding, and cloud-based file storage and applications.
To ensure proper handling of data, students are required to enable encryption on their computers and mobile devices. The process for encryption will depend on the hardware and operating system:
- For MacOS: Use FileVault, Apple’s built-in disk encryption feature. Be sure to back up your computer first.
- For Windows: BitLocker is Microsoft’s built-in disk encryption feature. To work properly, it requires two components:
- Hardware: The laptop must have a Trusted Platform Module (TPM) chip. When shopping for a new Windows laptop, confirm with the vendor that your selected model has a TPM chip.
- Operating System Edition: You must be running a specific edition of Windows (Windows 10 Professional, Education or Enterprise). If you are running Windows 10 Home, you can upgrade to the Education edition for free from the UW IT Microsoft Software page.
Mobile devices: Instructions for encryption of mobile devices is available from UW Medicine Information Security.
Medical students are required to receive their UW email on a UW Medicine-approved email service. This policy is in place to ensure the proper handling of HIPAA-protected information that medical students may receive during their education. An exception to this policy is in place for newly admitted medical students, because none of the available email forwarding options have been approved by UW Medicine.
More information can be found here: Email for Medical Students.
The only cloud-based file storage option that is approved for UW Protected Health Information (PHI) is UW OneDrive for Business. Note that several popular cloud applications are NOT approved for PHI, including Google Apps, iCloud, Dropbox, Box, and the consumer version of OneDrive. If you use any of these tools for personal use, you must become familiar with any background syncing processes and ensure that no patient information will be transferred to those systems.