In order to comply with federal and state laws and university requirements, it is the policy of the Department of Medicine that

• All faculty, staff, and trainees must undergo HIPAA training, and comply with all policies governing restricted information. This includes complying with minimum security standards (PDF) and assisting Department staff in documenting compliance.
• All laptops, mobile computing devices (e.g., mobile phones), and any computers that store restricted information must use encryption in compliance with Department of Medicine, School of Medicine, and other applicable standards (e.g., VA, DPH).
• Restricted information must not be stored on personal computers.

If you have any questions or concerns about this policy please contact your local IT service provider or the Director of IT Services.

For helpful security tips please see our Guide to Information Security.