Protecting the university’s sensitive data is an ongoing initiative at Rockefeller. Part of the process involves properly identifying sensitive data within the university labs and the Rockefeller Hospital and creating procedures to protect it. Sensitive data, such as patient records and social security numbers, may need to be accessed by hospital researchers and staff. With the increased focus in recent years of legally mandated compliance standards for the security of Personally Identifiable Information (PII) private data, implementing a systematic approach for securing this information is a high priority. The pressing information security focus for the Hospital and its associated labs is on securing sensitive data stored on portable devices, such as laptops and USB flash drives.
Hospital researchers and staff commonly use laptops, as well as newer technologies such as Smartphones, PDAs and USB flash drives to store and access sensitive and records. Portable devices are a common weak spot in information security initiatives. They are a leading source of accidental data leaks because they are portable and are easily lost or stolen. Moreover, the sensitive data on these devices are not commonly encrypted.
“Unintentionally exposed data due to lost or stolen portable devices containing unencrypted information has been the stuff of numerous news headlines for years,” says Chief Information Security Officer, Marty Leidner. “Preventing such costly and damaging incidents is our main concern. The Hospital and its associated labs and departments can achieve this by following two simple guidelines for securing sensitive data on portable devices.”
1. Avoid storing sensitive data on portable devices.
While it may be convenient to save patient or other sensitive data records onto a laptop or USB flash drive, given the legal and financial risk of transporting these data, it’s important to consider the necessity of working in such a manner. It is best to leave such data in one central and more secure location on campus, and access it over a secure connection only if and when it is needed.
2. Encrypt any portable device containing sensitive data.
If there is a need to store sensitive information on a portable device, encrypt the entire device, not just the sensitive data files. In the case of USB flash drives, consider using a fully encrypted model, such as IronKey, that encrypts data automatically. In the case of laptops, Information Technology recommends “Full Disk Encryption” which safeguards the whole laptop at once. For encryption assistance, visit the Information Security section on the Rockefeller University IT web site (www.rockefeller.edu/InfoSec) or contact the Help Desk at ext. 8940.
Following these critically important guidelines will help significantly in our efforts to meet legally mandated compliance standards and protect our research participants’ sensitive data.
- About
- Training Programs
- The Rockefeller University Hospital
- Research Resources
- Community Engagement
- Collaborating Institutions
- Faculty
- Research Protocols
- e-Newsletter
- IRB
-
The Rockefeller University Center for Clinical and Translational Science is supported, in part, by a Clinical and Translational Science Award (CTSA) from the National Center for Research Resources and the National Center for Advancing Translational Sciences (NCATS), part of the National Institutes of Health.
January 26, 2010
Securing Sensitive Hospital Data on Portable Devices
By Marty Leidner, Antonia Martinez, and Angela Slattery
The Rockefeller University | 1230 York Avenue, New York, NY 10065 | 212-327-8000
Copyright © 2004–2026
The Rockefeller University. All rights reserved.
Contact |
Comments |
Site Map |
Copyright Complaints