[an error occurred while processing this directive]
Data Security Program

Digital Device Security at the School of Medicine

The School of Medicine is dedicated to encrypting all Stanford-owned computers used by Stanford employees who work at the school, and to encrypting all Stanford-owned or personally-owned computers and mobile devices used by Stanford employees and affiliates who work with High Risk Data (previously Restricted or Prohibited Data). (As of May 31, 2015, all computers on the Stanford network should be encrypted as well.)

Encryption is a technique that makes data technically inaccessible to those without valid permissions. University policy requires that all computers and devices used by Stanford employees for Stanford business be encrypted. Effective immediately, as a step toward encrypting all devices at the School of Medicine, all newly-purchased computers at the School of Medicine must be encrypted using Stanford's sanctioned whole disk encryption.

University policy requires that all devices used to store High Risk data must be encrypted specifically with the Stanford Whole Disk Encryption tool (SWDE). Using High Risk data comes with personal accountability, so encrypting your data provides protection for both you and the University in the unfortunate event that your device is lost or stolen.

In recognition that the computing environment at the School of Medicine is complex, formal exceptions can be granted for devices that perform functions that will be impacted by encryption. This includes computers running specialized lab equipment, real-time research data collection and other special cases. All devices must be appropriately secured but IRT's security team will work to determine alternative methods for these cases. To apply for an exception please see the Data Security Exception Request Form.

The School of Medicine has created a tool called AMIE ("Am I Encrypted?") for you to review your compliance with the School of Medicine data security policies. The tool displays the information you supplied in your attestation and the BigFix, backup and encryption status of each of the devices to which you attest. It also provides instructions to take actions to correct any issues that are detected. Please note that for a computer to report its status fully, BigFix must be functioning properly and you will need to have completed the Device Identification Survey, which will appear as a BigFix popup on that machine. Please visit this site to see your current status: https://med.stanford.edu/datasecurity/amie/

AMIE

Data security is a critical priority for the School of Medicine and Stanford University at large. Encryption is one step in protecting all Stanford data resources. Stanford University policy states that all Stanford-owned laptops, desktops, and mobile devices must be encrypted. This is also required for all Stanford-owned and personally-owned devices used by individuals on the Stanford network.

Even though is it is possible to access EPIC and other clinical tools through secure portals, a device used regularly for Stanford work has a high likelihood of storing Stanford's High Risk data, including PHI, either now or in the future. The potential consequences if that data is compromised are severe. It is very common for an individual computer user to not be fully aware of all the data that is stored even temporarily on their devices—but that can be discovered upon investigation. This policy helps protect patients, the Institution and individual faculty, students and staff.

If you have a Mac with a multi-volume or multi-drive configuration, you will need to take the following steps to ensure its full encryption and compliance with school policy. Please read these steps carefully and contact your local IT if you are not comfortable with any of them, or if you encounter any issues during the encryption process.

1. Backup Verification

It is important that the volume to be encrypted has a good backup before you begin encryption. If you use the School of Medicine's CrashPlan service, you can verify the backup of a particular volume or drive on your machine through the CrashPlan application.

A. Under MacOS: Choose "Show CrashPlan" from the Crashplan icon in the menu bar at the top-right of the screen, or run CrashPlan from the Applications folder.

B. Once you log into CrashPlan, the initial screen will show a list of all of the volumes and internal drives that have been backed up.

2. Enable encryption of volume

A. Locate the icon for the volume to be encrypted using the Finder window. You may need to navigate down to the computer-level view of your machine to see this icon.

B. Right-click on the volume icon, and choose Encrypt "Volume Name" from the drop-down menu.

C. You will be prompted to enter a password to protect the volume. Use a complex, long password. If the Filevault recovery key is available, it could be used as the password.

D. Once you enter the password, the volume will being encrypting. Encryption will take anywhere from 24-36 hours. Please leave your machine on and attached to a power source overnight to facilitate this process.

While there isn't a ready mechanism to determine percentage complete, if you are comfortable with terminal, you can use the command [diskutil corestorage list | grep "Conversion Status:"] to get the status of the volume encryption.

3. Set up automatic mount for the encrypted volume

Once the volume is encrypted, by default, you will need to enter a password in order to view it. If you prefer, however, you do have the option to set up an automatic mount of the volume.

A. Reboot the machine. You will be asked if you want to mount the volume.

B. Enter the volume password and select the checkbox to save the password to the key chain. This will enable the volume to mount automatically when you next login.

C. If there are multiple user accounts on this computer and the accounts need to be able to access this volume, this step should be repeated for each user account.

Most people report no perceptible difference in computer performance on relatively modern computers. Highly disk- and CPU-intensive applications on older, less powerful computers may notice slight impact to performance.

See: Article on FileVault2 encryption and OS X Lion.

1. Encryption Completion

The initial encryption of most computers should finish within 48 hours. You may use your computer normally during this time but may notice some slowness. You should not experience any performance impact once encryption is complete. Until this time, please take extra care to keep the machine physically secure.

To facilitate the completion of the encryption processes, it is important that you:

  • Connect a power source to your machine upon start up
  • Run the computer for long periods of time without letting it enter sleep mode and with minimal use of applications
  • Leave your computer up and running overnight until encryption is done

2. Compliance Verification

You are responsible for verifying encryption completion. This can be done through the AMIE: Am I Encrypted? tool. Please note that for a computer to report its status correctly, BigFix must be functioning properly and you will need to have completed a Device Identification Survey, which will appear as a BigFix popup on that machine.

The status indicator should show a green checkmark for Encryption within 48 hours. If you are using the School of Medicine CrashPlan service, a green checkmark for CrashPlan may take longer. If you do not see your backup processing when you open the CrashPlan application, please contact us at 725-8000 Option 9.

If a computer already has Stanford-approved whole disk encryption enabled, it does not need to be re-encrypted at this time. However, the School has selected a set of standard encryption tools for this project (Bitlocker for Windows machines and Filevault 2 for Macs). If a computer is encrypted with a different whole disk encryption system (e.g. PGP) we would suggest re-encryption with one of the School's selected tools.

No. Passwords are an important part of computing security, but they are insufficient. It is far too easy for someone to bypass a password.

Encryption will be installed using Stanford's SWDE ("suede") Installer. To provide the highest level of privacy protection for High Risk Data, the installation process includes setting vital configuration options designed to protect your computer. You will be notified of any changes to settings during the process and will have the option of canceling if you'd like to ask any questions about them.

For a full list of operations performed by this installer, see:

Mac Requirements

PC Requirements

An encryption key is a passcode that can be used to access data on an encrypted machine if the user's password is forgotten. As part of the installation of encryption University policy requires that this key be collected and stored by Stanford. It is stored securely and it will only be used in accordance with University privacy policies to restore data at your direction, as part of a legitimate investigation, or as compelled by legal process. In the the School of Medicine, all requests to use an encryption key are reviewed by the School's Privacy Officer and documentation is kept on all requests and uses of keys.

Whole disk encryption refers to the fact that the entirety of the drive (i.e.: all data storage) is encrypted. Only those with password access to the system are able to access the data, protecting it if your computer is lost or stolen.

Whole disk encryption is a very effective method for protecting data in the event that a device is lost or stolen. However, there are other ways in which protected and restricted data stored on a computer might be compromised.

The School's Data Security Program protects against virus/malware-based data compromise by installing Sophos Antivirus software on any Windows-based computer that is being encrypted and does not already have antivirus software installed. Because of the risk of network-based attacks on computers that might compromise protected and restricted data, the encryption installation process also disables some services on computers, such as file sharing.

A list of the changes made to computers during the encryption installation process is available at:

Windows-based Computers

Apple Mac OS Computers

After installation, the way you login to your computer may change. Other than that, it should be transparent.

All computers and mobile devices on the Stanford network should be encrypted. Additionally, computers used by individuals who work with High Risk Data must specifcally use the SWDE software; others may choose VLRE instead if they prefer.

If a desktop or laptop computer that might access or store Protected Health Information (PHI) or other High Risk data has already been encrypted with one of the whole disk encryption systems supported by IRT (Mac OS FileVault 2, Microsoft Bitlocker), it does not need to be re-encrypted at this time. If you are unsure if a computer has whole disk encryption enabled, contact your local IT support person.

If you have been using a Stanford-owned device, it will be turned in to your supervisor, and they may access or pass along the data used in the course of your work. It will remain encrypted. If you have been using a personally-owned device, you will presumably be turning your Stanford data over to your supervisor, and removing it from your device. You can then decrypt your device.

Please see our checklist for Leaving Stanford for more specific information.

No. Having your device encrypted does not impact sharing techniques. That said, secure sharing technologies (Secure Email, MedSecureSend) should be used for PHI.

No, there's no impact on applications. On a computer, it may alter the way that the computer boots, but once you're logged on, it should also be transparent.

Yes. Your actual data are not altered by the encryption process: they are just made inaccessible to those without valid permissions. As a precaution, we are recommending that all computers are backed up PRIOR to the encryption process. Should anything go wrong, your data can be restored from that system.