Encryption

Encryption is the process of making information unreadable to all unauthorized users. Encryption can be done at the document level, file or folder level, and device level.

Why is Encryption Important?

There are regulations governing the handling of protected information and significant penalties for non-compliance. Encryption is the generally accepted solution that helps guarantee the safety of the patient’s information and provides a safe harbor for the institution from having to notify patients, the media and the government in the event a breach or other loss of protected health information occurs.

What Information Needs to be Encrypted?

All PHI must be encrypted. PHI is information related to the provision of past or present healthcare to patients and can include patient name, date of birth, date of service, MRN, invoice number, social security number, address, email address, facial photos or other identifying photos

What Devices and Platforms Need to be Encrypted?

  • Portable devices, such as flash drives and smart phones
  • E-mail attachments that contain PHI and go outside the secure Washington University/Barnes-Jewish Hospital system
  • Laptops
  • Desktops, if protected health information is stored on the hard drive

Policies

Resources

Where Do I Go For Help?

The university has many resources available to assist you. The first resource is your department or schools IT support staff who will be able to assist in determining which laptops, workstations, and departmental servers need encryption software. They will also assist you with encrypted flash drives and document encryption.