Information Technology Standard - Encryption Policy
The purpose of this standard is to define approved methods for using encryption technology to ensure the integrity and confidentiality of electronic protected health information (ePHI) and other ºÚÁÏÍø±¬³Ô¹Ï confidential information while at rest and during transmission. This standard applies to all data that is considered ºÚÁÏÍø±¬³Ô¹Ï confidential information, including ePHI when it is at rest, being processed, or transmitted between information technology resources.
Data encryption technology and mechanisms exist to help ensure the confidentiality and integrity of data. This standard is designed to help ºÚÁÏÍø±¬³Ô¹Ï’s UIS Department determine when it is necessary to utilize encryption, and what type and/or level of encryption to employ. ºÚÁÏÍø±¬³Ô¹Ï security standards for Encryption Technology are based upon industry standards, HIPAA, National Institute of Standards & Technologies (NIST) security guidelines, and existing ºÚÁÏÍø±¬³Ô¹Ï policies on Information Security.
PUNet ID required to review
Revised June 2025