Required Security for the Storage of Electronic Protected Health Information (EPHI) on Portable Devices
December 7, 2009
All employees in the ECU Division of Health Sciences and the Brody School of Medicine are required to adhere to the security standards for the storage of Electronic Protected Health Information (EPHI) on portable devices used to store, access or transmit EPHI, whether university-owned or individually-owned. Portable devices included, but are not limited to, flash drives, external USB drives, laptops, handheld computing devices, digital organizers, smart phones and wireless e-mail devices. Storage of EPHI on portable devices should be avoided, and storage on a secure server such as "PirateDrive" should be employed whenever possible. If it is necessary to store EPHI on a portable device, the following security measures must be implemented:
Appropriate physical security safeguards to prevent loss or theft of portable devices should be employed, including but not limited to, activating locking software when device is unattended, keeping the device with you at all time when traveling, keeping the device in a locked location when not in use.
Any loss, theft, or suspected unauthorized use of a portable device containing EPHI must be reported immediately to the ECU ITCS Help Desk and ECU Police.
For further information on meeting and implementing these safeguards, please contact the ECU ITCS Help Desk at (252)328-9866.