====== Encryption ======

===== Applicable University of Colorado Denver Policies =====

==== University of Colorado IT Security Program Policy ====

All data and information resources of the SEHD are subject to University of Colorado's IT Security Program policy, [[https://www.cu.edu/ope/aps/6005|APS-6005]]. The policy states:

> If Highly Confidential informationis stored on a workstation or mobile computing device or transmitted to an external network or organization, IT resource usersshall encrypt or adequately protect that information from disclosure.

> Highly Confidential information stored on portable electronic media shall be encrypted or otherwise adequately protected based on security standards and guidance from the campus Information Security Officers.

==== University of Colorado Denver HIPPA Policy ====

The most secure SEHD data are subject to the [[http://www.ucdenver.edu/research/Research Administration Documents/7.1 Safeguards.pdf|UCD Safeguards HIPPA policy]]. The policy states the following areas require encryption:

  * If e-mail must be sent across the Internet to either a patient or another entity covered by HIPAA, encryption should be applied to the e-mail message.
  * Portable devices should be password protected and, where possible, the PHI data on the devices encrypted.
  * Data transmitted over the internet.
  * UCD owned laptops must be encrypted