Tablet Encryption

One of the current computing trends is a move toward tablet computing devices and away from more traditional desktop and laptop systems. Examples of tablet computers include Apple’s iPad, Microsoft’s Surface, Motorola’s Xoom, and Dell’s Latitude tablet series. Securing the data on these devices can present some unique challenges. Emory’s Disk Encryption Policy and Smart Device Security Policy both mandate encryption* on mobile devices that store sensitive Emory data. On many devices encryption is widely supported. iPads and most Android tablets do support encryption, and if you have your tablet configured to check your Emory e-mail on these types of devices it will be encrypted automatically. 

Other tablets, such as those that run Microsoft Windows 8, can be more challenging. In order to successfully start up an encrypted tablet you must be able to enter your encryption passphrase. Some of these tablets do not have or do not support keyboards which prevents them from being started up once they’re encrypted.

If you are using a tablet and you are, or you are planning on, storing sensitive Emory data on that tablet it must be encrypted by policy. Please be aware of these issues if you or your department are planning to purchase tablet computers. You may also consult with your IT support personnel before making a purchase to ensure that encryption can successfully be supported.

Emory Healthcare Employees

If you are using a tablet and you are, or you are planning on, storing sensitive Emory data on that tablet it must be encrypted by policy. However, you should use the Virtual Desktop (VDT) for all your work files. The VDT is secure, backed up and accessible from anywhere you have an Internet connection. Do not download or copy patient information or other sensitive data from EHC servers to your electronic devices (e.g., desktop computers, laptops, USB drives, external hard drives), unless it is absolutely required and you have documented permission to do so. To obtain permission, staff should speak with their leader and physicians should speak with their CMO. (Directors of departments/units and CMOs are authorized to give permission. The employee and director or physician and CMO must call 8-HELP to obtain an approval form that outlines rules to securely maintain PHI/sensitive data. This measure should be rare and taken only as a last option.) Even with permission, you must ensure that the data are encrypted.

* - Encryption is the process in which data is converted from a readable format into an unreadable format. Example: “Hello, here is my data.” TO “(E^aQ)kB$!.z[)%.” You use encryption when you want to restrict access to the data you are storing and make it available only to those who have the “key” to unlock it. The key is usually a password or PIN. However, password protection does not necessarily ensure encryption.