Portable data device policy
Department of Anesthesiology
Information Security Administrator (ISA): Mike Nyland
Information Security Manager (ISM): Bob Owen
IT Support Manager: Hans van Oostrom
Last modified on: Feb 7, 2007
Introduction
This policy is to augment the HSC security group policies
regarding portable data devices. These include, but are not
limited to: laptops, USB ‘thumb’ drives, portable hard drives,
etc.
If restricted data (not just limited to Patient Health
Information) is to be stored on a portable device, this device
must encrypt the data and use a strong password.
Departmental implementation
Laptops
All laptops that connect to the HSC/UF/Shands computer network
must have whole disk data encryption installed. The department
will provide the software and will install. Contact the ISM if
you have a laptop that needs to remain on the network.
Other portable devices
You are only allowed to store restricted data on devices that
can be encrypted. Please contact IT support for questions or
suggestions
Policy for taking restricted data off-site
If restricted data is removed from the HSC (for example to home
or travel), it must be done on a device that is registered and
approved by the department ISM.
