Laptop Encryption (and Desktop Encryption)

Then UAB’s president Dr Garrison said in 2009: “all laptop computers used in the conduct of UAB, UAB Health System or Health Services Foundation business must have approved encryption software installed on the machine. This also includes any personally-owned computers that are used for UAB, HS or HSF business.”

From: http://www.hipaa.uab.edu/images/pdfs/resources/laptop_security_memo.pdf

NOTE: All laptop computers used for UAB/UABHS business, regardless of ownership, must be encrypted.
To clarify that encryption policy…

computers that must be encrypted are… Are there any Exceptions?
Any DOPM-owned Laptop

This includes those that are locked up and/or not-in-use.
 
No exceptions.
Any personally-owned Laptop that is used for DOPM-business

Yes.  Exceptions are:
  • Those used for just “remoting in” (like to the terminal-server or SAS-server or your desktop).  In other words, only for remote access to UAB/DOPM networks and where no data is transferred to local systems.
- and/or –

  • Those used for just checking DOPM email via the internet and where no data is transferred to local systems.
 
Any Desktop computer* that is used offsite for DOPM-business

(*regardless of ownership)



It is the responsibly of the user of the computer to let I.T. Dept know if that computer needs to be encrypted.

Laptops and desktops do get stolen.  We have to try to eliminate/minimize the bad consequences of that.  A stolen unencrypted computer has potential privacy and HIPAA consequences.