ARCHIVED: Guidelines for complying with HIPAA privacy and security rules when using Skype for Business and UniCom voice mail at IU
On this page:
- HIPAA requirements
- Guidelines for securely storing and sharing sensitive data
- Learn more about HIPAA and computer security
HIPAA requirements
Teams Calls provides office telephone service for faculty and staff at Indiana University.
HIPAA compliance requires protected information to be encrypted when it's "at rest" (in storage) and "in transit" (during transmission over a communications network). For further definition of these concepts, see Data Encryption.
At IU, all data "in transit" via Microsoft Skype for Business (for instant messaging, or voice or video conversations) and UniCom (for voice mail) are encrypted during transmission. This includes data transmitted in voice mail messages to Outlook on your personal computer.
Information stored on servers (such as call attributes and voice mail) is also encrypted. This, plus the additional measures of housing the Skype for Business and Outlook servers in the IU Data Center, and restricting physical and administrative access to them, satisfies one end of the "at rest" requirement.
However, the other end of the "at rest" requirement must be met client-side (that is, on your computer). It is important that you (or your department's IT Pro) take the following recommended precautions to ensure the devices (computers, laptops, and mobile devices) and applications (Skype for Business, UniCom, and Outlook) you use are properly secured to protect any sensitive data they store or transmit.
Guidelines for securely storing and sharing sensitive data
UITS recommends taking the following precautions if you store or communicate data that contain protected health information (PHI) or other sensitive data protected by HIPAA.
Use disk encryption
Use disk encryption on any desktop system, laptop, or portable device you use to access or store sensitive data. For disk encryption, UITS recommends:
- Bitlocker (Windows)
- FileVault 2 (macOS)
- GnuPG (Linux)
Use a secure messaging application
Use Office Message Encryption (OME) when you use Outlook to forward email and voice mail messages containing sensitive data. See:
- About Office Message Encryption (OME)
- Ensure that mail sent from your Exchange account to an outside address is encrypted
- About confidential information in email
Also, before forwarding a message containing sensitive data, you should add the words [Secure Message]
(case insensitive, with square brackets) to the subject line.
Don't save Skype for Business call logs
Make sure Skype for Business is not saving your call logs (this applies to Windows computers only). To do so:
- In Skype for Business, in the upper right corner, click the (gear) icon.
- From the menu on the left, select .
- Make sure the box next to "Save call logs in my email Conversation History folder" is unchecked.
- Click .
Learn more about HIPAA and computer security
For more about best practices when handling sensitive data, see Protecting Data & Privacy. For more about computer security in general, see Tips for staying safe online.
This is document bcvy in the Knowledge Base.
Last modified on 2024-06-14 14:47:28.