What is encryption?
Encryption is the process of making information unreadable to all unauthorized users. Encryption can be done at the document level, file or folder level, and device level.
Why is encryption important?
There are regulations governing the handling of protected information and significant penalties for non-compliance. Encryption is the generally accepted solution that helps guarantee the safety of the patient’s information and provides a safe harbor for the institution from having to notify patients, the media and the government in the event a breach or other loss of protected health information occurs.
What information needs to be encrypted?
All PHI must be encrypted. PHI is information related to the provision of past or present healthcare to patients and can include patient name, date of birth, date of service, MRN, invoice number, social security number, address, email address, facial photos or other identifying photos
What devices or platforms need to be encrypted?
- Portable devices, such as flash drives and smart phones.
- E-mail attachments that contain PHI and go outside the secure Washington University/Barnes-Jewish Hospital system
- Desktops, if protected health information is stored on the hard drive
The university provides the following services to securely share files containing ePHI:
- WUSTL Box
- Large File Transfer
- Encryption (for the email or the attachment)
Creating a secure document
The Information Security Office provides helpful instructions to assist you with encrypting documents on your own.
Where do I go for help?
The university has many resources available to assist you. The first resource is your department or schools IT support staff who will be able to assist in determining which laptops, workstations, and departmental servers need encryption software. They will also assist you with encrypted flash drives and document encryption.