All data and information resources of the SEHD are subject to University of Colorado's IT Security Program policy, APS-6005. The policy states:

If Highly Confidential informationis stored on a workstation or mobile computing device or transmitted to an external network or organization, IT resource usersshall encrypt or adequately protect that information from disclosure.

Highly Confidential information stored on portable electronic media shall be encrypted or otherwise adequately protected based on security standards and guidance from the campus Information Security Officers.

The most secure SEHD data are subject to the UCD Safeguards HIPPA policy. The policy states the following areas require encryption:

• If e-mail must be sent across the Internet to either a patient or another entity covered by HIPAA, encryption should be applied to the e-mail message.
• Portable devices should be password protected and, where possible, the PHI data on the devices encrypted.
• Data transmitted over the internet.
• UCD owned laptops must be encrypted