Planned Change

HIPAA Device Security Update for HCC

Variety of devices and hands on a keyboard

Upcoming changes to increase security will affect users in the UMN Health Care Component (HCC)

577 gradient

At the University of Minnesota, we are committed to helping keep our users and data as secure as possible.

In an effort to comply with security requirements of both University-owned and personally-owned mobile devices that may access protected health information (PHI), an upcoming change will affect all users working within the UMN Health Sciences who potentially has access to PHI or HIPAA data, otherwise known as Health Care Component (HCC).

The HIPAA Device Security Update for HCC project includes two primary changes that will ensure that the University stays current and in compliance with HIPAA guidelines.

What to do

Before making these changes, review these recommendations and make sure your data and device(s) are ready for the update, especially if you have an older phone or are running an old version of your operating system.

Use Gmail

  • Install and use the Gmail and Google Calendar applications to access University email and calendars on your University and personal devices

  • Alternatively, use your web browser to access University email using Gmail at mail.umn.edu or calendar at calendar.umn.edu

  • Access to University mail or calendars via other channels (such as Apple Mail, iPhone calendar, Samsung calendar, Outlook, Thunderbird, Samsung mail, or other email or calendar clients) will be disabled on personal and University devices (smartphones, tablets, laptops, desktop computers)

Install the Google Device Policy app on personal and University mobile devices and tablets

iOS

Setup instructions for iOS devices

  1. Install Google Device Policy application via the App Store

  2. Use managed applications to access University information

Android

Setup instructions for general Android devices and setup instructions for Samsung Android devices

  1. Install the Google Apps Device Policy application via the Play store

  2. Set up a “work profile” when prompted and use managed applications in the work profile to access University information

More details

What is the University using the policy for?

In order to maintain compliance with HIPAA, these policies prevent data from being shared between University and personal apps. These policies will only allow you to copy or back up any work-related data in the Work Profile to a work-related storage solution (Google Drive or Box). This will prevent the leak of PHI (Protected Health Information) to any personal storage. The University is requiring personal devices to have a PIN or password, a screen lock, and be encrypted in order to have access to University resources. Automatically syncing Google Calendar to any calendar app on devices has been disabled to prevent calendar invites with PHI from showing with personal use.

What can the Google Apps Device Policy application access or restrict?

  • Enforce policies
    
- Separation of data, enforce security settings
  • Configure settings
    
- Enforce device PIN or password and encryption
  • Remotely wipe data
    
- Limited to University data
  • Collect personal data, but only the following: 
    
- Names of apps installed on the device
    
- Where those apps were installed from (Google/Apple app store, or unknown)
    
- Device owner name and primary email address
    
- Phone technical data, including make/model, OS/firmware version, and serial number
  • Add/remove accounts and restrictions
    
- The University will not be adding or removing accounts 
  • Install, manage, and list apps
    - The University will only install or manage applications that download University data, like Gmail, Calendar, Docs, etc. 

Please note: These changes are for personal mobile devices that download University data. Browser-based access from personal mobile devices is not affected by any of these changes.

Proposed rollout schedule

Please note: This schedule is subject to change.

Frequently Asked Questions

More Information

Contact Us

If you have questions regarding these changes or need an exception, please contact Technology Help.

Opt-In Early

If you would like accept the new device policies and install the Google Device Policy application before your unit's scheduled time, select the link for your campus below to opt in early and complete the form.

Setup Instructions

University Mobile Device Policies

Google Resources