Protecting Security of Research Data
Every device that holds PHI should be password protected and encrypted. This includes desktop and laptop computers, tablets, phones, and flash drives. BU and BMC will encrypt devices that they “own” (i.e., purchased with grant or departmental funds). If you are not sure if your institutionally-owned device is encrypted, then call the BU or BMC IT Service Desk at 617-353-HELP or 617-414-4500).
For devices that you purchased independently, it is your responsibility to password protect and encrypt them. Fortunately, this is easier than it sounds. For iPads and most phones, when you activate password protection, the device is automatically encrypted. Most Macs and PCs have encryption built in–you just have to activate it. BU and BMC IT have created a website that provides device-specific instructions for how you can secure your devices with password protection and encryption. Even if you don’t have PHI on your devices now, we suggest you password protect and encrypt them anyway. That way, you will be prepared in case you want to load a PHI file in the future. If you receive emails with patient identifiers, then those emails should be received on a secure device.
Flash drives can be encrypted either with the encryption software provided by BU or BMC or with other trusted encryption solutions such as TrueCrypt (also free).
Click on this link and secure all of your devices as soon as you can.
Secure Your Device