December 7, 2011
Recently, the theft of two computers from a Sutter Health office and from a UCLA employee's home resulted in privacy breach notifications to over 4.2 million patients. Computer theft is a growing risk and academic institutions are not immune -- especially during the holidays. This is a timely reminder to our employees and workforce members to protect computers, mobile devices and data entrusted to you and to engage in good computing practices.
University of California policy requires that personally identifiable information (PII) including HIPAA protected health information (PHI) be secured at all times. If identified data is stored as electronic information, then you must also take added precautions to protect information from loss, such as:
1. Keep PII and PHI information on secure information servers -- not portable media.
2. Avoid storing PII or PHI on portable media (laptops, USB flash drives, backup drives) unless absolutely necessary for a UC business purpose and encrypted. Such data must be removed from portable media as soon as possible. Protect the password to encrypted devices.
3. Use physical security safeguards to deter computer theft, e.g., security cables and locks. Do not leave laptops unattended or in cars.
4. Maintain antivirus software and patches at current levels.
5. Avoid responding to phishing and suspicious emails. Delete email messages prompting you to send a password or SSN or bank account number.
Need help? If you use a laptop and are unsure if the laptop has UC approved encryption software installed, please contact one of the following areas for assistance:
For Health Sciences:
UC San Diego School of Medicine - Information Technology Help Desk, email@example.com
UC San Diego Health System - Information Technology Help Desk, 619-543-7474
ACT Help Desk, call 858-534-1853 or send an email to firstname.lastname@example.org
Alternative commercial solutions include: TrueCrypt, MS EFS, Mac OS FileVault, CheckPoint, PGP, etc. Technical support varies for commercial solutions, so we recommend that you consult with your IT support staff to determine whether technical support is available.
Why is encryption important?
- Encrypt PII and PHI on portable media. Store the password in a secure location.
- Report the loss of any computer (including laptops and external drives) ASAP.
- You are personally responsible to protect any data that has been entrusted to you.
Thank you for your assistance!