The Importance of Encryption When Using Removable Media
When we share, transfer, send, store, or back up information to and from our workstations and mobile devices, we should be using methods that ensure the security of that information. To that end, the Executive Vice President for Medical Affairs (EVPMA) recently approved moving forward with the final phase of the Enterprise Encryption project, i.e. the encryption of removable media and USB flash drives.
The best options for sharing and storing data are the authorized services provided by UMHS, such as MiShare, M+Box, and NAS – all of which are approved for the storage of sensitive data including ePHI:
- MiShare is the web-based secure file transfer service available to all with an @med.umich.edu email account.
- M+Box is a cloud-based storage and collaboration system with an interface for uploading, downloading, sharing, and discussing files.
- NAS is the UMHS file sharing and storage system which stands for “Network Attached Storage” and is replacing our previous Novell system.
Occasionally, we need to use USB flash drives to transfer our data. When we do, these encrypted drives are the recommended devices:
- Apricorn USB encrypted flash drives of 8GB or less. Self-encrypting, these are also “FIPS 140-2” certified products. (“FIPS” stands for Federal Information Processing Standard – the “federally approved cryptographic standard”).IT Service Providers and Device Support staff are required to use encrypted drives when assisting customers in backing up their information.
- Kingston USB encrypted “DataTraveler” flash drives of 8GB, specifically those distributed by MSIS through the 2015 FIGs grant.
For more information, see these Guidelines When Using Removable Media which are available on the MCIT Customer Service Center website (Level-2 required). Please share this information with your staff. Keeping our data secure is yet another way we safeguard the work we do on behalf of our patients.