Got a device with patient health information? It must be encrypted!

January 16, 2017  //  FOUND IN: Updates & Resources

Protecting information is vital in supporting the organization’s mission of providing the highest quality care to our patients. There have been incidents in our environment where sensitive data has been on stolen laptops and lost flash drives, among other devices.

Having encryption in place would have prevented these incidents from putting patient data at risk.

To better protect our patients and the institution, encryption of all removable media and portable electronic devices with sensitive data — including patient health information — is required by Michigan Medicine policy.

This includes devices both personally or institutionally owned that are used to store, transfer, or access sensitive data, such as:

  • Laptops
  • Smartphones
  • Tablets
  • Media players
  • USB flash drives
  • External disk drives
  • Memory cards (SD cards)
  • CDs, DVDs, and other electronic, magnetic, or optical storage media

Any device currently within our environment that cannot meet this encryption requirement must apply for an exception that will be reviewed by the Michigan Medicine Chief Information Security Officer and the Compliance Office.  If your request is approved, additional steps may still need to be taken to secure the sensitive data. To submit an exception request, complete the Exception Request Form.

Need more information? See this Compliance Office tip sheet for more information about the encryption policy and its background. And see the Knowledgebase for details on how to secure portable electronic devices and removable media.

Thank you for your cooperation in keeping our patient information secure!