SOM Laptop Encryption Project

The University of California at San Francisco School of Medicine (SOM) would like to secure sensitive data (i.e. ePHI, financial, etc) on all SOM laptop computers, along with identified high risk SOM desktops as outlined by U.S. HIPAA (Health Insurance Portability and Accountability Act of August 1996), California Assembly Bill 211 (AB-211), California Senate Bill 541 (SB-541) and UCSF 650-16 Information Security and Confidentiality Policy. HIPAA requires UCSF School of Medicine as well as all other healthcare organizations to protect the privacy of “individually identifiable and therefore protected health information.”

The UCSF School of Medicine Information Services Unit (ISU) selected Check Point Full Disk Encryption primarily due to its availability, low-overhead operating model, fast-deployment strategy, and pre-existing statewide contract with the University of California Office of the President. Check Point has been successfully implemented at UCSF Medical Center and OAAIS. Adopting this campus best practice will ensure interoperability between SOM and the rest of UCSF; it meets HIPAA security requirements, and it provides our customers with a supportable, maintainable, and well-documented encryption solution. It is reasonably efficient, easily scalable, and interacts well with SOM ISU supported applications.

The SOM Dean’s Office is providing funding for the FY 09-10 licensing costs for up to 2500 UCSF owned laptops and high-risk desktops.

ISU, as the Security Control Point for SOM, will perform a Quality Assurance (QA) Assessment post-encryption to review the success of encryption on each device to better position each department for compliance for endpoint audits. The security risks of a compromise in medical, financial, and other personnel information could result in severe legal and financial implications to the School of Medicine if not secured via encryption.

Project Approach PDF

DOM Newsletter: SOM Encryption Project