Data Security Program
LKSC

Data Security @ Stanford Medicine

 

As of May 2015, University IT announced a new set of classifications for Stanford data and systems: High Risk, Moderate Risk, and Low Risk. The Prohibited, Restricted, Confidential, and Unrestricted framework will be phased out by January 2016. Going forward, please use the new High/Moderate/Low Risk designations.

Additionally, University IT has published Minimum Security Standards for Endpoints, Servers, and Applications. The School of Medicine is establishing dates by which we plan to be aligned with these standards based on the risk level of the data.

About the School of Medicine Implementation of Stanford University Security Requirements

The School of Medicine is committed to providing and maintaining a secure computing environment to protect the personal data we are trusted with and to enable the important work toward our missions to flourish.

The IT staff members in the School of Medicine are happy to help you meet these requirements - please don't hesitate to ask for assistance or clarification.

Note: Per the August 5, 2014 communication from CISO Michael Duff, the University confirmed the goal to verifiably encrypt all devices by May 31, 2015. "Devices" include University-owned and personally-owned laptops and desktops used by all Stanford personnel* on the Stanford campus network. The Ad Hoc Faculty Committee on IT Privacy confirmed the importance of encrypting employee computers used for Stanford activities.

* The School of Medicine includes faculty, staff, postdoctoral fellows, clinical fellows, students and affiliates in this population.

Read the August 5, 2014 Computer Security letter »

 

The School of Medicine data security elements are summarized here (and detailed below the table):

Action Individual Attests Yes to HIGH-RISK Data Individual Attests No to HIGH-RISK Data
Data Security Attestation Required for all School of Medicine affiliates Required for all School of Medicine affiliates
Encryption of Stanford-owned Laptops/Desktops regardless of the user* SWDE Required Either SWDE or VLRE Required

Encryption of Personally-owned Laptops/Desktops used for Stanford-related work*

SWDE Required Either SWDE or VLRE Required for devices used on the Stanford network. If not used on the Stanford network, encryption is not required.
MDM for mobile devices MDM required MDM required for devices used on Stanford campus networks
Backups of Laptops/Desktops All backups must be encrypted. Backup is strongly recommended prior to encryption. Encrypted backup is strongly recommended prior to encryption.
Automatic forwarding of @stanford.edu email account Must not auto-forward to anything other than @stanfordmed.org, @stanfordhealthcare.org, or @stanfordchildrens.org addresses. May auto-forward email account
Unsupported operating systems (such as Windows XP) running critical research applications or hardware Must be upgraded, replaced or granted a security exception * Must be upgraded, replaced or granted a security exception *

 

* A Data Security Exception can be requested for devices that cannot meet the data security requirements but which are critical to the operation of critical research applications or equipment. Exceptions can be requested at https://med.stanford.edu/datasecurity/exceptions/



Data Security Attestation

  • All individuals with School of Medicine affiliation must complete a Data Security Attestation at least once a year. This required survey requests you to identify whether or not you may work with or might receive High Risk Data as well as specify the devices you use for Stanford work. Your attestation should be updated any time your affiliation, job or role within the School of Medicine is changed.
  • Encryption

  • Stanford University requires verifiable Whole Disk Encryption. The two approved methods of encryption include SWDE (prounounced "suede") and VLRE (pronounced "velour"). Both SWDE and VLRE utilize FileVault2 for Macs and Bitlocker for PCs.
  • SWDE is the campus standard installation tool that includes encryption, the BigFix verification tool (required to meet encryption reporting regulations), and other important security features. SWDE is required for:
             - All users who may access High-Risk Data.
             - All shared and multi-user machines which may be used to access High-Risk Data.
  • VLRE is an alternative to SWDE developed by University IT. VLRE can verify encryption without requiring BigFix, as a result of privacy concerns expressed by some users. VLRE is a read-only agent that does not provide administrative access to the computer status by University IT as does BigFix. This tool is available now at vlre.stanford.edu.
             - Only users who will never access or receive High Risk Data are eligible to use VLRE.
  • All new Stanford-owned laptops and computers must be encrypted prior to being placed into operation.
  • Personally-owned computers used for Stanford work by all Medical Students or by any Graduate Student who may at any time work with regulated data must be encrypted with SWDE.
  • Mobile Device Management

  • All tablets and mobile devices used by individuals with access to High-Risk Data must be enrolled in MDM (Mobile Device Management).
  • Tablets and other mobile devices used by individuals with no access to High-Risk Data must enroll in MDM if the devices are used on the Stanford campus network.
  • Backups

  • While daily secure file backup is highly recommended, the School of Medicine does not require devices to be backed up. The School of Medicine offers an instance of CrashPlan free of charge to any School of Medicine faculty, staff, student or affiliate who wants it: Sign up for SoM CrashPlan here. This is a separate implementation from the University IT CrashPlan offering, for which there is a regular charge.
  • Backups must be encrypted for devices used by individuals who may access or receive High or Moderate Risk data.
  • How to encrypt the backups? Either use the CrashPlan service (which, again, is free for School of Medicine affiliates), or use an encrypted backup drive such as the Apricorn Padlock drive.
  • Eliminating WindowsXP and Other Unsupported Operating Systems

  • Microsoft discontinued support of WindowsXP on April 8, 2014. Security patches are no longer available for this operating system. Windows XP and other unsupported operating systems present a risk to the data on these systems as well as to other computers on the network. Devices using unsupported operating systems for standard desktop applications are not allowed. For devices that manage specialized research applications or equipment, the School of Medicine has developed a more secure network to safeguard these critical systems and minimize the risk posed by unsupported operating systems. This specialized network protects not only your own system, data and credentials, but reduces the risks for other systems on the network. As described in the Security Policy Exceptions below, if you have devices that require an exception from the data security requirements, please initiate the process of migrating to the protected network by submitting a Data Security Exception Request.
  • Please see illustrated information on the risks presented by Unsupported Operating Systems.
  • Proper Removal of Stanford Information

  • Devices that are being replaced or removed from service, or are otherwise no longer being used for Stanford work, must have all Stanford data fully removed before the device is properly disposed of or used for other purposes. Devices that become inoperable or have other failures of security software must be given to IT immediately to ensure Stanford data is protected. Information about data security upon leaving Stanford is available in the Leaving Stanford guide.
  • Security Policy Exceptions

  • There is an exception process to approve the ongoing use of devices that cannot be brought into compliance with information security standards which are either attached to specialized research equipment or run specialized software applications that can't be easily upgraded, or which perform functions that would be significantly impacted by the security requirements.  IRT staff are carefully reviewing each case and will work together with owners/system administrators to find the best solution and ensure the important work being done at the School of Medicine can continue. There are a variety of potential solutions available to resolve most issues.  
  • The School of Medicine wants to ensure your research can continue with as little impact as possible from security initiatives, but we also want to ensure your important research is protected. As your devices are at greater risk due to unsupported operating systems, inability to implement automatic patching, and/or increased sensitivity to threats from external networks, the School of Medicine offers a special network to provide enhanced security and safeguards for your computers and data. If you would like to discuss protecting your computers by placing them on this new network, please contact us.
  • To apply for an exception, please submit a Data Security Exception Request to ensure the temporary exception is documented.

  • See All FAQs »

    Information security is a critical priority for the School of Medicine and Stanford University at large. Stanford University policy states that all Stanford-owned computers and devices will need to be verifiably encrypted. This also applies to personally-owned computers and devices which either may store or access High-Risk Data or which are used on the Stanford network.

    All Stanford-purchased computers at the School must be encrypted using Stanford's sanctioned whole disk encryption prior to be placed into operation. All iOS and Android devices must be enrolled in MDM. Devices that are not capable of enrolling in MDM must not be used to store or access High or Moderate Risk Data and cannot be used on the Stanford network.

    Graduate students have either of two cases for their personally-owned computers:

  • If a graduate student may at any time access Stanford High or Moderate Risk Data, all personally-owned devices used for Stanford work must be encrypted. For students who are entrolled in a dual-degree program that includes the MD program, they must comply fully with the requirements pertaining to medical students, even if they are not actively involved in the medical school training during the entire duration of their program.
  • If the graduate student will never encounter Stanford High or Moderate Risk Data, their personally-owned computer is currently exempt from the requirement to encrypt it in order to use the Stanford network.

    As of May 31, 2015, ALL devices used on the Stanford network were required to be encrypted.
  • University data security policy states that anyone who attests to working with Stanford's High or Moderate Risk Data, including Stanford electronic PHI, must encrypt all computers and mobile devices used for Stanford work using the Stanford Whole Disk Encryption (SWDE) service for computers or MDM for mobile devices. This requirement applies to both Stanford-owned and personally-owned devices.

    Even though is it is possible to access EPIC and other tools through secure portals, a machine that is used regularly for Stanford work has a high likelihood of storing Stanford's electronic PHI either now or in the future and the potential consequences if that data is compromised are severe. It is very common for an individual computer user to not be fully aware of all the data that is stored, even temporarily, on their devices but that can be discovered upon investigation. The University has established this policy to protect patients, the Institution and individual faculty, students and staff.

    If you will never interact with High or Moderate Risk Data and do not use your personal computer on the regular Stanford campus network, your personally-owned computer is not required to be encrypted. This includes:

  • on your home network,
  • while traveling,
  • remotely through the Stanford VPN,
  • at your local coffee shop, or
  • at Stanford using only the Guest or Visitor wireless networks.

  • You may want to encrypt your machine for the protection of your data, but you do not need to use the Stanford encryption programs to do this.

    For most individuals at the school, these services can be deployed automatically to your computer via the BigFix management tool. Some installations may require the additional assistance of an IT staff person. See: http://encrypt.stanford.edu »

    Many clients have successfully installed backup and encryption tools by starting with the specific instructions available below.

    If you would like assistance with the data security or backup tools, please work with your departmental IT support. Contact the IRT Service Desk at 650-725-8000 or at https://irthelp.stanford.edu for assistance in identifying your support options or to arrange for an appointment to meet with an IRT service team member.

     

    You can amend your response to the Data & Device Attestation simply by going back to the survey link and resubmitting your answers; your original response will be overwritten. Go to: Data & Device Attestation

    Please only report the Stanford and personally owned devices that you use for School of Medicine business. You do not need to attest for devices owned by SHC or LPCH.

    Note: this attestation is different from the Device Identification Survey, which will appear as a popup on each of your computers that have BigFix installed.

    The Device Identification survey for a computer can be accessed through the BigFix dashboard on that computer.

    1. To access the dashboard, click on the BigFix icon.

    BigFix icon

    On Windows, the icon will appear in
    the Windows task tray.

    On Mac, the icon will appear in the top nav bar.

    2. To access the Device Identification survey, click on the Offers tab in BigFix dashboard. Then click on the option that reads: I want to change the information I registered for this machine; this will open up a detailed description of this offer.

    BigFix Offer

     

    3. Accept the offer by clicking on the link that appears at the end of the offer description. A Big Fix popup window offering this survey should appear shortly. There are some cases where the window may be delayed.

    Accept offer

    As a warning measure, the school has begun temporarily blocking the SUNet IDs of individuals with non-compliant IOS mobile devices. To unblock your ID and regain access to Stanford systems, simply acknowledge that you need to install a Restricted MDM profile on your IOS device by clicking the green "I Understand" button on the Security Block page.

    To ensure you are not blocked in the future, please install a Restricted MDM profile on the device in question by browsing to https://mdm.stanford.edu