Endpoint Security Campaign FAQs
Please see the Endpoint Security Campaign page for general information.
What are file level encryption, full disk encryption, and pre-boot authentication, and how do they differ?
Please see How do different types of encryption work? on the general Encryption FAQs page.
Am I permitted to send files with PHI or PII through email?
Yes, as long as those files are encrypted and you are not providing the mechanism by which to open the encrypted file through an insecure mechanism. For example, if you attach an encrypted file in an email and put the password into the email, this is not considered 'secure'. You should provide the password to the file through another communication channel, such as calling them.
CUMC IT Exchange email accounts can send encrypted messages to outside addresses by putting #encrypt at the beginning of the email's Subject line, please click here for full instructions. Exchange will also automatically block positive matches of unencrypted PHI sourced from the CUMC Exchange server and send an automated response to notify the sender.
I use my phone to connect to CUMC email, does it need to be encrypted?
If you send or receive messages or attachments containing sensitive data it must be encrypted. Phones and tablets that are configured for CUMC IT Exchange email are automatically enforced to use encryption and a passcode with auto-lock. We highly recommend encryption of all computers and devices used to access CUMC email due the possibility of receiving institutional email with confidential or sensitive data; legislation and sanctions can apply to any release of this information whether accidental or not.
I host a departmental email server, am I going to have to go to the CUMC IT Exchange email server?
Yes. An enterprise risk assessment was conducted during 2012 to determine if the risk associated to the organization running multiple email systems outweighed the costs associated to using a central system. Additionally, CUIT will be decommissioning CubMail and moving to LionMail (a GMAIL supported email solution). Unfortunately, Google will not sign the appropriate legal documents that would allow the medical center to use those services under HIPAA, and as such we cannot use it. Departmental Administrators were polled to determine if they supported centralizing email and 75% of the responding DAs agreed this was a good idea.
Will the costs change for email services now that I'm being forced to use the central email server?
This is still being discussed. Further notification will be communicated on this issue.
Can my IT department inventory and encrypt all the devices for us, rather than CUMC IT doing it?
You can assist us in the process by providing the inventory as you know it, and encrypting devices ahead of time. Click here for an Encryption Asset Inventory Excel file that can be used to document devices and encryption.
| TOP |