About PHI on laptops or mobile devices

At Indiana University, never store files containing sensitive institutional data, especially protected health information (PHI) regulated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), on your desktop workstation, laptop, USB flash drive, tablet, smartphone, or other mobile device unless the files are properly encrypted on the device, and your senior executive officer or the IU Institutional Review Board (IRB) has given prior written approval. Because PHI must remain encrypted at rest, make sure you are using full-disk encryption on any device that has research data containing PHI on it. If you are not sure, ask your department or school IT Pro for help.

UITS provides consulting and online help for Indiana University researchers, faculty, and staff who need help securely processing, storing, and sharing data containing protected health information (PHI). If you have questions about managing HIPAA-regulated data at IU, contact UITS HIPAA Consulting. To learn more about properly ensuring the safe handling of PHI on UITS systems, see the UITS IT Training video Securing HIPAA Workflows on UITS Systems. For additional details about HIPAA compliance at IU, see HIPAA Privacy and Security Compliance

This is document ayzj in the Knowledge Base.
Last modified on 2019-06-27 15:13:35.

Contact us

For help or to comment, email the UITS Support Center.