School of Medicine Encryption Requirements
The School of Medicine Data Security Policy mandates that all computers and mobile devices which may be used to interact with restricted or prohibited data, including Protected Health Information (PHI), must be protected according to established guidelines. The Data Security Program was established in the fall of 2012 to bring all School of Medicine devices into compliance with this policy, and these efforts are now being intensified.
Data security is a critical issue for the School of Medicine and adherence to these policies is your personal responsibility; and legally, you are personally liable. As per the Data Security Policy, failure to ensure that your computers and mobile devices meet the necessary standards will result in restrictions on your access to Stanford systems, followed by escalating consequences, up to and including termination and legal action. Please protect both yourself and the School by taking the data security requirements seriously, and following the necessary steps to protect your information.
Exemptions to Encryption Requirements
In some circumstances, the ability to bring a particular system into compliance may not be possible. If you feel that your computer or device falls into this category, please apply for an exemption. This exemption is for systems that for specific reasons cannot run encryption software. When applying, please provide as much detailed information as possible. Once the exemption information has been received, IRT Security will review the request and get back to you as soon as possible.
Click here to apply for an exemption.
Full information about the policy, along with frequently asked questions and definitions of PHI, restricted and prohibited data can be found at med.stanford.edu/datasecurity.
If you have questions about security, encryption, or anything else, file a help ticket with IRT Security.