OUHSC - Information Securityhttps://news.ouhsc.edu/?z=1News and Articles over Information Security.Laptop EncryptionThe Mandatory Encryption Process: IMPORTANT---PLEASE READ 
All OUHSC students, residents, fellows, faculty and staff: All laptops used for University business must be encrypted by the department Tier 1. This includes personally-owned laptops with MS Windows or Macintosh operating systems. Details of the process has been provided to faculty and staff by their department Tier 1. 
***** Liability: It is incumbent upon all employees of the University to take steps to protect ALL University data on ALL laptops, thus ensuring sensitive and regulated data is protected. Under Federal law, employees may be held personally responsible for the loss of an unencrypted device that contains electronic Protected Health Information (ePHI), including large fines and up to 10 years imprisonment. HIPAA enforcement and penalties for the loss or theft of unencrypted ePHI are increasing. Millions of dollars in penalties have been assessed against health care organizations for the loss or theft of unencrypted devices. http://www.healthcareinfosecurity.com/another-big-fine-after-small-breach-a-5116. 
***** What Should You Do? University Data may NOT be stored on unencrypted laptops. University employees must take all required, reasonable, and prudent actions necessary to ensure the security and retention of ALL University data. University employees SHALL maintain up-to-date, device-appropriate security safeguards and follow the policies, standards, and guidance provided by the University, as well as comply with appropriate safeguards required by state and federal regulations. Incident reporting: All devices, including personally-owned devices, that access or maintain University data and that are lost, stolen, have been subject to unauthorized access, or otherwise compromised must be reported immediately to Campus Police, IT Security, and the HIPAA Privacy Official. 
***** Definitions University business: Work performed as part of an employee’s job responsibilities, or work performed on behalf of the University by faculty, staff, volunteers, students, other trainees, and other persons whose conduct, in the performance of work for the University, is under the direct control of the University, whether or not they are paid by the University. In the context of laptop use, University business includes the use of a laptop to access OUHSC email, non-public University systems, networks, or data in the performance of work for the University. Sensitive University data: Any information, which through loss, unauthorized access, or modification could adversely affect any of the missions of the University or the privacy of individuals. Some sensitive data is protected by law or regulation, while other data is determined to be sensitive by virtue of its importance to the mission of the University. Examples of sensitive data include medical and patient information, credit card numbers, Social Security numbers, financial records, student records, employee data, and research data.
https://news.ouhsc.edu/templates/?z=1&a=3599Fri, 04 May 2018 00:00:00 GMT