Encrypt all devices that store sensitive information

Protecting information is vital in supporting the organization’s mission of providing the highest quality of care to patients. It is your responsibility to ensure all of your devices that store sensitive patient information are encrypted. This includes all removable media or portable electronic devices used to store, transfer or access sensitive information (refer to Michigan Medicine Policy 01-04-502).

Such devices include both personally and institutionally owned:

• Laptops

• Smartphones

• Tablets

• Media players

• USB flash drives

• External disk drives

• Memory cards (SD cards)

• CDs, DVDs and other electronic, magnetic or optical storage media

For information on how to ensure your device is secured to meet this policy visit the HITS Knowledgebase.

If your device cannot be encrypted and other secure storage solutions cannot meet your business needs, an exception request must be submitted. The exception will be reviewed by the Michigan Medicine Chief Information Security Officer and the Michigan Medicine Corporate Compliance Office. If your request is approved, additional steps may still need to be taken to secure the sensitive information.

To submit an exception request, complete the 01-04-502 Exception Request Form.

Need more information?

See this Corporate Compliance Office tip sheet for more information about the encryption policy and its background.