Title
Why is laptop encryption necessary?
New federal and state data protection laws mandate that all portable devices that access or allow access to Protected Health Information (PHI) or Personal Information (PI) be encrypted. It is essential that Partners safeguard its privileged information against this kind of loss. Partners’ policies mandate that all laptops that access the Partners network and internet-based resources or stores Partners Confidential Data be encrypted.
Are laptops the only computers that must be encrypted?
No. It is recommend to encrypt Desktops. Tablets, Smartphones and Netbooks must also be encrypted.
How do I know if I need to encrypt my laptop or desktop?
Laptops must be encrypted if they access Partners resources or store Partners Confidential Data. Examples of access to resources include:
- Partners VPN
- Email via Outlook Web Access
- Patient Gateway
- Access to LMR Over the Internet (LOTI)
- GoToMyPC
- Any other Partners applications or internet-based resources.
Do I need to encrypt my laptop if I don’t access PHI or PI?
Yes. Partners’ policies require all laptops that connect to Partners resources to have their entire hard drives encrypted with approved encryption software. All employees, contractors, or vendors who have laptops that connect to Partner resources, regardless of the data maintained on the device, must have hard drive encryption installed.
Do I need to encrypt my personal laptop?
If you use your personal laptop to store Partners Confidential Data or to access Partners resources, you must encrypt it.
Do I need to encrypt my non-laptop, home computer?
At this time, Partners does not require you to encrypt your non-laptop home computer if it is used to access Partners resources.
What operating systems support laptop/desktop encryption?
Encryption is supported on the following operating systems:
- Microsoft Windows 7
- Microsoft Windows 8
- Microsoft Windows 10
- Microsoft Vista 32bit and 64bit (all versions)
- Microsoft Windows XP through SP3 (32bit only)
- Microsoft Windows 2003 through SP2 (32bit only)
- Microsoft Pocket Windows 2002 and 2003
- Mac OSX 10.7 or greater
Partners does not currently offer encryption software for Linux laptops. Employees with Linux laptops should secure their devices with the encryption product of their choice.
What software does Partners use for laptop/desktop encryption?
For managed Partners Computers running Windows 7, we using built-in Bitlocker. For non-standard Windows Computers we are using McAfee Endpoint Encryption. For Mac OSX Computers we are using built-in FileVault 2 (MacOS X 10.7 or greater required)
Can I use a different brand of encryption software?
Bitlocker, McAfee Endpoint Encryption®, Safeboot, PGP Whole Disk Encryption and FileVault 2 are the only supported encryption programs. Non-standard Partners devices and personally-owned systems may use other commercially available whole disk encryption programs.
What are the encryption software minimum requirements?
- 256-bit key strength;
- Use of the Advanced Encryption Standard (AES) or other FIPS 140-2 validated algorithm;
- Full disk encryption for all files (the entire disk must be a private partition); and
- Support for strong password enforcement
What does “Full Disk Encryption” mean?
Full disk encryption means that the entire content of the hard drive is encrypted. This includes the operating system itself, program files, swap space, and temporary files. Full disk encryption is considerably more secure than file encryption solutions since it ensures that all data is encrypted, not just the files you remember to encrypt.
Are vendors required to encrypt laptops if they access Partners resources?
Yes. Partners’ vendors and contractors that access protected health information (PHI) and/or personal information (PI) on portable devices are required to use encryption. Going forward, PHS and entity Business Associate Agreements have been updated to reflect this requirement.
Do I have to provide a cost center to install the laptop encryption software?
No. Laptop encryption software is provided for free to Partners employees.
The Partners Help Desk is extremely helpful if you have any questions or issues regarding a standard Partner’s device; however, many of the devices in the CGM are not Partner’s devices. The Partner’s help desk is often not as helpful with research devices; therefore, we suggest reaching out to the CGM help desk (help@cgm.mgh.harvard.edu).
If you are ever in doubt or having issues, please loop David in and he can filter anything that needs help desk attention.
The Center for Genomic Medicine (CGM) comprises one of the largest and most vibrant hubs of genomic medicine research in the world. The CGM includes 46 faculty collaborating to define the ‘genomic medicine cycle’ – which envisages a genomics community seeking to advance research from basic genomics research to ultimately using genome information for diagnostics and targeted therapeutics. All of our investigators are faculty at Harvard Medical School, and many members of our community are also investigators at the Broad Institute of Harvard and MIT.
