7.6.C. Data Security

The School of Medicine Data Security Program mandates enterprise backup and encryption of all computers and mobile devices used for Stanford business by faculty, staff, students and other affiliates, if the device might store or access Protected Health Information (PHI) or other High Risk Data. This requirement applies to both Stanford-owned and personally-owned equipment. All individuals in the School of Medicine must complete a Data & Device Attestation to identify whether they are exposed to High Risk Data and, if so, the kinds of devices they use. Every Instructor must submit a Data & Device Attestation at https://med.stanford.edu/datasecurity within seven days of his or her initial appointment start date.