Safeguarding ePHI

Recommendations to safeguard ePHI (Electronic Patient Health Information)

  • Use your H: (home drive)

    • Instead of using laptops or other portable devices to store ePHI (Electronic Patient Health Information), use your Mass General Brigham H: drive, which is securely maintained by Mass General Brigham IS and available and accessible to users of PC's and Macs.
    • If you need access to the data from a computer outside the Mass General Brigham computer network, connect to the network via VPN and access the data on your H: drive.
    • While connected via VPN, do not save ePHI to your home computer’s drive or any non-Mass General Brigham drive.

  • Use a USB drive such as Ironkey with encryption and password protection

    • If you must transport identifiable data to another computer outside the Mass General Brigham network, do so via a password protected portable drive that encrypts the data such as Ironkey.

  • Clear your browser cache

    • If you are viewing data in a web browser, clear the web browser cache when you are done; click here to learn how.

  • Code HIPAA identifiers

    • If using a laptop or portable device, code HIPAA identifiers and keep the key to the codes in a separate spreadsheet, database, Word document, or paper copy.
    • If all identifiers are coded or are not included in the data that are transmitted/copied to other computers or portable drives, the HIPAA Security Rule doesn’t apply.

  • Employ secure password practices
    • Password protect all devices: servers, desktops, portables, removable media; consider using a USB drive like Ironkey.
    • Create secure passwords, 6-8 characters with at least one capital letter and one digit.
    • Protect your passwords; don’t share them or post them next to the machines to which they belong.
    • Use a unique password for each machine and for each user.

  • Encrypt your hard drive

    • In order to comply with federal and state regulations, Mass General Brigham requires that all laptop, tablet, and netbook computers that connect to the Mass General Brigham computer network through OWA, VPN, GoToMyPC, or by other channels must be registered and encrypted.
      • Windows 2007 - 2008 Enterprise, or Windows 8 or 10 Pro via BitLocker
      • Windows 7, via McAfee EEPC. Please call the help desk for an appointment
      • Mac OS X 10.10 and later - built-in FileVault 2 encryption.

  • Keep current with patches

    • Secure new devices before connecting to the Network by applying all security patches using Windows and Apple Software Update.
    • Do the same to keep existing desktops, laptops, and servers secure. Call the Help Desk and request that a tech stop by to assist you:
    • Request Information Security to do a vulnerability scan on your servers; this is quick, free and will identify potential security risks and how to patch them.

  • Install and update anti-virus and anti-spyware software
    • Install anti-virus software, set it for auto-update, and for scheduled scans. Visit Mass General Brigham Research Computing website HERE (internal link) for information.
    • Install and run anti-spyware software regularly as you would anti-virus software. Visit Mass General Brigham Research Computing website HERE (internal link) for information.

  • Password enable your screensaver

    • Non-Mass General Brigham build PC’s and Macs do not have the built-in screensaver timeout feature that Mass General Brigham PC’s have. Always logout and clear the browser cache before walking away from a non-Mass General Brigham build PC or Mac after viewing ePHI.
    • Configure a password enabled screensaver on non-Mass General Brigham build PC’s and Macs that host or are used to view ePHI; this may not be possible in all instances.
    • For directions on how to configure a password enabled screensaver for the Mac, go HERE (see last paragraph for password information). For a PC with Windows XP, go to point #6 HERE.

  • Hardware disposal

    • Securely dispose of all devices that housed ePHI (PC’s, Macs, servers, hard drives, other removable media).
Go to KB0027869 in the IS Service Desk

Related articles