Data Security Program

Digital Device Security at the School of Medicine

The School of Medicine is dedicated to encrypting all Stanford-owned computers used by Stanford employees who work at the school, and to encrypting all Stanford-owned or personally-owned computers and mobile devices used by Stanford employees and affiliates who work with High Risk Data (previously Restricted or Prohibited Data). (As of May 31, 2015, all computers on the Stanford network should be encrypted as well.)

For most individuals at the school, these services can be deployed automatically to your computer via the BigFix management tool. Some installations may require the additional assistance of an IT staff person. See: BigFix Guide »

To support the encryption of devices which may contain or access PHI, the School provides multiple options for getting help. You can make use of the self-service materials on this site, your local IT support personnel, 650-725-8000, or schedule an appointment to see us. See: IRT Technical Assistance »

To install backup and encryption yourself, instructions are available:

See: Mac Self-Install Instructions
See: PC Self-Install Instructions

The school's automated process leverages the BigFix patch management software to seamlessly handle the complexity of each step of the installation.

1. Data Backup - On each computer with the BigFix software installed, you will receive a pop-up window alerting you that the process to back up your computer is about to begin. You will be able to defer the backup process for a period of time until you are ready to proceed.

During the actual backup, you can use the computer normally. A message will appear letting you know when it is complete. Expected times vary from hours to days.

Note: If you have personal information stored on a computer that you do not want to have backed up, you have two options for excluding this data from the backup process. For more info, see FAQ on Data Backup.

2. Disk Health Check - Once backup is complete, a series of tests will be run on your hard drive to be sure it is ready for encryption. This check will look for problems with your disk and data using diagnostic tools available natively within the operating system of your machine. This step can take anywhere from 15 minutes to several hours to complete and you may notice some degradation of performance while it is running.

If a problem is found the encryption step will not proceed. An IT specialist will contact you to assist with any required repairs.

3. Encryption - Following the completion of your computer's backup, you will receive another BigFix window alerting you that the process to encrypt your computer is about to begin. Once again, you will have the option to defer this process for a period of time until you are ready.

You may use your computer normally during the encryption process. If you shut down your computer or it enters "sleep" mode, the encryption will resume when your computer becomes active again.

To finish the encryption process, you will be prompted to restart the computer.

Note: You may notice some slowness during the encryption process. Once completed, most people report no perceptible difference in computer performance.

For more info, see FAQs on Encryption.

The School of Medicine has created a tool called AMIE ("Am I Encrypted?") that will allow you to understand your compliance with the School of Medicine data security policies. The tool displays the information you supplied in your attestation and the BigFix, backup and encryption status of each of your computers. It also provides instructions to take actions to correct any issues that are detected. Please note that for a computer to report its status correctly, BigFix must be functioning properly and you will need to have completed the Device Identification Survey, which will appear as a BigFix popup on that machine. Please visit this site to see your current status: https://med.stanford.edu/datasecurity/amie/

AMIE

If your computer is too old to be encrypted, it will need to be replaced with a modern, supportable and securable device.

University policy prohibits the use of Windows XP after April 8, 2014, when Microsoft discontinued support of the platform. If your computer runs WindowsXP or another unsupported operating system but is used to manage specialized research equipment or applications, you may qualify to be migrated to the higher security network, WinSecure, and should request a Data Security Exception to initiate this process.

For additional information on WinSecure, please review our page.

There are various options for getting help with device encryption. You can make use of the self-service materials on this site, your local IT support personnel, 650-725-8000, or request an in-person visit with IRT support, see: IRT Technical Assistance