System Security Standard Find out the standard ways to secure a system at UW Medicine
New Data Stewardship Training Know your Role and Responsibilities for Confidential Information
How to Encrypt Computing Devices and Electronic Data How do I encrypt?
Information Security Policies Home of the Information Security Policies
Departmental Training Materials Training materials for use in departmental education
Self Service Vulnerability Assessement Find your Vulnerabilities
Frequently Asked Questions Find Security related answers
Glossary of Terms Information Security Term Definitions
Contact the Information Security Team We are here to Help
Secure Remote Access UW Medicine Networks Team
UW Office of the CISO UW Chief Information Security Officers Website
Protection of confidential information is of the highest priority in UW Medicine. Confidential information includes protected health information (PHI) and personally identifiable information (PII). If possible, users should avoid storing PHI or PII on laptops, USB memory sticks, and other mobile devices since any information on a mobile device is at elevated risk for unauthorized disclosure secondary to loss and theft. If storage of PHI or PII on a mobile device is necessary, UW Medicine requires that these devices be encrypted.
Encryption is the process of converting data into an unreadable format that is reversible with the use of a security key or password.
There are three parts to encryption: restricted and confidential data to protect, an encryption cipher or algorithm and an encryption key. We have sensitive data to protect so encryption software uses an approved encryption algorithm to "scramble" the data and make it unreadable. The data is stored or transmitted and when someone needs to view the data they use the key or password to "unscramble" or decrypt it.
If you access, store or use Protected Health Information (PHI) or Personally Identifiable Information (PII) or other confidential data on a laptop or a mobile device you must encrypt the data.
Protecting patient data is of primary importance to the organization. We all need to take due care with patient data and ensure that their privacy is not compromised. Mobile devices pose a unique problem as they are easy targets for theft and loss. The data stored on these devices needs to be protected because of this problem. Encryption is a standard solution and is an effective tool to prevent unauthorized access to data.
We have put together a list of options based on the operating system and popular solutions available today.
UW Medicine promotes the use of full disk encryption for laptops and mobile devices wherever possible. Some of the solutions listed below are not full disk.
Before installing any of the solutions listed below BACK UP YOUR DATA. If something happens to your password or key, or if the installation goes wrong you could lose all the data on your laptop or mobile device. Once the encryption solution is installed you should routinely back up your data to make sure you have the most current set of data available to you in case something happens to your device.
Any pay solutions listed below are up to the end user to determine how to pay for.
The product listed below will work on all Microsoft and Mac operating systems. It is also a full-disk encryption solution with vendor support.
This product was chosen because the University of Washington already has an agreement in place with the vendor for their anti-virus solution.
If you are going to be putting any RESTRICTED or CONFIDENTIAL electronic data on your Android device, then you must encrypt it. This can be done in multiple ways.
If you must put the files on your Android device then there are encryption applications that you can use to encrypt images, notes, and files on your Android device.
Two top encryption applications for Android are:
If you have Android version 4.0 or above than you can encrypt your phone using the new built in "Encrypt your phone" functionality.
You can find more about this new feature on the Google site located here: Android Encrypt your phone Support page
iOS device running iOS 3.0 or higher have built in encryption for the hardware on the device. This does not mean the data on your device is secure. If the device is jailbroken then the unauthorized individual could have access to most of the data on the device.
If your iOS device is running iOS 4.0 or higher and has a passcode set, the iPhone will automatically encrypt all the data.
If you can't protect data by encrypting your laptop, saving it to an alternate storage device is another option.
Alternate storage devices include USB flash drives, also called thumb or jump drives, and external hard drives. Using alternate data storage devices requires more care on your part. Only use storage devices that are encrypted or are physically secured. While you are working, you must double-check that you are saving data only to the alternate storage device.
These devices are more vulnerable to theft and loss than larger devices. If you choose to use an external hard drive, it should not leave your work area and it should be physically secured with a cable lock. If you store data on a USB drive you should attach it to a lanyard to reduce the risk of loss. Another portable storage device solution is BitLocker to Go, available on Windows 7 Enterprise.
Note that the software provided to encrypt and decrypt alternate storage devices might require administrative privileges on your computer. Check with your system administrator for assistance if you do not have administrator rights.
Encrypting USB Storage Devices using BitLocker To Go - Printable PDF Instructions
If your question was not answered on this page, we have compiled a list of questions frequently asked about Laptop and Mobile Device Encryption here: FAQ
To obtain information or help with encryption, contact IT Services Help Desk at firstname.lastname@example.org. If this is an urgent matter, please call them at 206-543-7012. Please reserve calling for truly urgent matters.