System Security Standard Find out the standard ways to secure at system at UW Medicine
New Data Stewardship Training Know your Role and Responsibilities for Confidential Information
How to Encrypt Computing Devices and Electronic Data How do I encrypt?
Information Security Policies Home of the Information Security Policies
Departmental Training Materials Training materials for use in departmental education
Self Service Vulnerability Assessement Find your Vulnerabilities
Frequently Asked Questions Find Security related answers
Glossary of Terms Information Security Term Definitions
Contact the Information Security Team We are here to Help
Secure Remote Access UW Medicine Networks Team
UW Office of the CISO UW Chief Information Security Officers Website
The Information Security Team gets a variety of questions asked of them and has put together this list to try and answer some of UW Medicine workforce members more commonly asked questions.
If you do not find an answer to your question here please look around the site before opening a Help Desk ticket. If you would like to have a security team member contact you about a question that you can not find an answer to please contact the IT Services Help Desk here: firstname.lastname@example.org
If you have a mobile device running Microsoft Windows, you may be fortunate enough to already have it running. To find out if BitLocker is running, go here: Microsoft BitLocker Guidance. If it's not running, see the BitLocker, TrueCrypt or FileVault guidance for installation. See the Mobile Device Encryption page for more information.
The minimum system requirements change depending on the vendor solution. Please check the vendor site of the product that you are installing to get the most up to date technical requirements.
If your laptop or mobile device is more than 3 years old you should verify that the encryption solution you want to install will work on your device.
If you deliberately process or store PHI on the mobile device, do implement full disk encryption. If you are unsure, you can err on the side of caution and encrypt.
An Administrator is a local account or an account that a support team uses that has complete access to modify any data on your computing device. For End Device Support managed devices; the EDS team manages and maintains the Administrator accounts. For non-EDS devices you can contact your local IT group or go into the user settings to see if you account is labeled as an administrator account.
If you use the SSLVPN, Remote Desktop, VNC, Citrix and other remote access technologies, and process sensitive data which is stored remotely, inside of a terminal session, you may be protecting the data adequately and not have to encrypt the storage on the mobile device. If you are in doubt, you can choose to implement encrypted storage for further assurance.
Within a month would be ideal. If you've read the full disk encryption guide for your OS, and you still can't see yourself accomplishing this within three months, contact the Security team to sign up for the brown bag sessions on full disk encryption
UW Medicine is a hybrid entity; it is a federation of health care [providers]. The central Security team in IT Services is not in a position to know your systems settings to that level of detail. The responsibility to ensure that the information is protected adequately is on the shoulders of the data custodian. If you are using the laptop, that is you. We are counting on you to put forth your best effort. Please work with the system owner to make a plan to protect your laptop if it's not already protected.
If you don't have protected health information (PHI) or other confidential information on your computing device, then that's not a problem.
It's also okay to have protected health information on a mobile device and not take it off site.
But if you do have protected information on a mobile device, you must protect it. Security has chosen to mandate that full disk encryption be in place. Failure to implement this protection subjects you to sanctions which would be recommended by Compliance and enforced your management.
Yes we believe that these aspects of the PCISA apply: