Did you know that all hard drives and any permanent storage must contain disk encryption if they stored PHI in the past, present or future? Why is this important? Sensitive and/or regulated data on encrypted drives in a computer that is lost, stolen, or improperly disposed of cannot be viewed without a special “key” only available to a WashU IT administrator.
Unencrypted drives pose a great risk to WashU which is why encryption is required under HIPAA. By default, devices sourced from the Depot come with full disk encryption by default. However, the device must remain powered on to “phone home” to report compliance. Equipment sourced elsewhere is required to have full disk encryption software manually installed. The university has many resources available to assist you.
The first resource is your department or school’s IT support staff who will be able to assist in determining which laptops, workstations, and departmental servers need encryption software. They will also assist you with encrypted flash drives and document encryption. For more information about encryption, check out Encryption | Office of Information Security | Washington University in St. Louis.