Encryption

Email Encryption

UNMC's email is encrypted because it has the potential to contain Protected Health Information (PHI).   Today, UNMC and its healthcare partners use ZixCorp for its email encryption tool.   Transmitting PHI via email is acceptable as long as it complies with the following UNMC policies:  UNMC Policy 6057 Use and Disclosure of Protected Health Information and UNMC Policy 6051 Computer Use and Electronic Information Security Policy.

When using email to send PHI, be sure to follow these guidelines.

    1. Do not include the patient name in the email subject line.  You may include the medical record number, patient account number and/or date of service.
    2. Verify the "to" field prior to sending the message.
    3. Include a confidentiality statement in the email footer.

For more information on the electronic communication of PHI see Information Security Procedures:  Electronic Transmission of Protected Health Information

Encrypting your Hard Drive and Laptops

Q. What is disk encryption?

Encryption “encodes” the data on the hard drive and creates a “key” to decode the data. In case of theft or loss, the data on the drive is useless to a would-be thief because they would not know the key to unlock the drive. Whole disk encryption encrypts the entire boot drive including empty space.

Q. Why are we encrypting computers?

Put simply, data security. With encryption, hard drives that could have HIPAA data/intellectual property/research data are protected from theft. Loss of this type of data represents a substantial risk to UNMC and its partners, both professionally and financially. To mitigate this risk UNMC has decided to use whole disk encryption.

ITS Information Security Procedure:  End User Devices

Q. How will encryption impact my computer?

Once encrypted, the impact will be slight. Depending on what type of encryption is used your log-in screen and process might change.

Q. What if the hard drive crashes?

If the hard drive becomes corrupted or the drive begins to fail, data recovery may be difficult. This makes having a copy of your important data on the server more important.

Q. What is UNMC using to encrypt my computer hard drive, laptop and flashdrives?

Computer hard drives:  Currently there are two methods for encryption. One is to use Microsoft BitLocker which requires Windows 7 enterprise or ultimate edition and a TPM (Trusted Platform Module) chip. The other method is PGP which can work on non-TPM equipped computers and Mac computers.

Laptops:  All laptops are being encrypted with PGP.

Flashdrives:  There are several options for encrypting flashdrives.  BitLocker-to-Go and PGP Portable and be used on any flashdrive.   Another option is to purchase a special flashdrive that is pin protected.  See Flashdrive Encryption for more information.

Q. What is a TPM chip?

TPM stands for Trusted Platform Module and is a physical chip that is part of the computer main board. This chip works together with certain encryption software to store keys and unlock disks. Currently we are trying to ensure that all new computers are quoted with this chip to support this type of encryption.

Q. How will the encryption happen?

Workstation support will be visiting and/or remote controlling computers to start the encryption process on machines currently in use. All new computers will be encrypted prior to being put in place. As always if you have issues, please contact the ITS Helpdesk at 402-559-7700.

Q. I have a Mac running Bootcamp. Can I still encrypt?

Encrypting a Mac that is using bootcamp requires a specialized procedure. Please contact the ITS Helpdesk at 9-7700 or your departmental IT support person.

Q. I am running the Mac Lion operating system. How should I encrypt the hard drive?

PGP was certified to run on the Mac Snow Leopard Operating System (10.6). However, it has not been certified for the Lion operating system.

NOTE: Significant problems have been encountered if you try to upgrade from Snow Leopord (10.6) to Lion (10.7) if you have a PGP encrypted hard drive.

Recommendation is to defer installation of Lion until the PGP product has been certified. If you MUST upgrade to Lion, please contact the Help Desk for specific instructions.

last updated 07/29//2013 by kks

;