Did you know: Mobile devices are the single largest vector for breaches involving more than 500 individuals? Loss of laptops and other portable storage media, such as external hard drives and USB memory sticks, account for 26% of large breaches involving PHI. For this reason, OSU has very strict requirements for storing and transporting restricted data on portable electronic media:
- ePHI must never be placed on personally-owned devices.
- Storage of ePHI on mobile devices and laptops must have a written business justification approved by IT and the devices added to the college’s HIPAA PHI inventory.
- All ePHI stored on mobile devices or laptops must be encrypted at the device, file system, file, database or application level as appropriate.
- Transport of ePHI on mobile devices or laptops must be performed only by authorized personnel and chain of custody documentation must be maintained.
For more information, please reference the College of Optometry Data Transmission and Storage Procedure (I:\COLLEGE DOCUMENTS\POLICES_GUIDELINES) or contact IT.