Recent Michigan Medicine HIPAA breaches
Please be advised that recent breaches have happened at Michigan Medicine that involved research subjects’ identifiable patient information (Protected Health Information/PHI under HIPAA) stored on personally-owned laptops that were not encrypted and were subsequently lost or stolen.
Use of an unencrypted, personally-owned laptop to store research data involving PHI is a violation of UMHS policy, IRB approval for research and federal regulations including HIPAA. Because of these incidents, Michigan Medicine is notifying more than 850 patients whose information was involved, along with the Media and the Federal Government.
UMHS Policy 01-04-502, Security of Portable Electronic Devices and Removable Media requires encryption of all devices, including personally-owned laptops, that are used to store, transfer, or access sensitive clinical and research data.
In addition to laptops, this policy applies to all other devices such as:
- Media players
- USB flash drives
- External disk drives
- Memory cards (SD cards)
- CDs, DVDs and other electronic magnetic or optical storage media
It is also the researcher’s responsibility to store sensitive data in appropriate locations based on their research protocol as approved by the IRB. If laptops are not approved to store sensitive research data per the IRB-approved research protocol, then DO NOT store sensitive data on a laptop, whether you own it or if it was issued to you by Michigan Medicine.
Violations of this policy result in disciplinary action, up to and including termination.
Enroll all your devices in AirWatch:
Enroll your smartphone, tablet, or personally-owned laptop in AirWatch if you use the device(s) to access or store any sensitive information. AirWatch provides the encryption and security controls that are necessary to ensure your device meets the requirements of UMHS Policy 01-04-502.
AirWatch is supported on multiple platforms, including iOS, Android, Mac, and Windows devices. See the Knowledgebase for more information on supported platforms.
HITS Service Desk staff are available to help you with AirWatch and other encryption-related questions.