Planned Change

HIPAA Device Security Update Project

Variety of devices and hands on a keyboard

Upcoming changes to increase security will affect users in the UMN Health Care Component (HCC) and the University of Minnesota Foundation (UMF) 

577 gradient

At the University of Minnesota, we are committed to helping keep our users and data as secure as possible.

In an effort to comply with security requirements of both University-owned and personally-owned mobile devices that may access protected health information (PHI) and donor information, an upcoming change will affect all users working within the UMN Health Sciences who potentially has access to PHI or HIPAA data, otherwise known as Health Care Component (HCC), and the University of Minnesota Foundation (UMF).

The HIPAA Device Security Update project includes two primary changes that will ensure that the University stays current and in compliance with HIPAA guidelines.

What to do

Before making these changes, review these recommendations and make sure your data and device(s) are ready for the update, especially if you have an older phone or are running an old version of your operating system.

Use Gmail

  • Install and use the Gmail and Google Calendar applications to access University email and calendars on your University and personal devices

  • Alternatively, use your web browser to access University email using Gmail at mail.umn.edu or calendar at calendar.umn.edu

  • Access to University mail or calendars via other channels (such as Apple Mail, Mac Mail, iPhone calendar, Samsung calendar, Outlook, Thunderbird, Samsung mail, or other email or calendar clients) will be disabled on personal and University devices (smartphones, tablets, laptops, desktop computers)

Install the Google Device Policy app on personal and University mobile devices and tablets

iOS

Setup instructions for iOS devices

  1. Install Google Device Policy application via the App Store

  2. Use managed applications to access University information

Android

Setup instructions for general Android devices and setup instructions for Samsung Android devices

  1. Install the Google Apps Device Policy application via the Play store

  2. Set up a “work profile” when prompted and use managed applications in the work profile to access University information

More details

What is the Google Device Policy app for?

In order to maintain compliance with HIPAA, the University must ensure that University data is protected when downloaded to or accessed from personal devices. Apple iPhones/iPads and Android devices are both capable of creating an isolated "work container" that separates University applications from personal apps and data on your device. IT has no access to personal apps or data on your device.

Upon installation, the Google Device Policy app sets the minimum security requirements to enable the "work container." Your phone checks the minimum security requirements and asks you to make any necessary updates. When your device meets the minimum security requirements, the "work container" will be created, and you can install Gmail, Google Calendar, and Google G-Suite applications. The Google Policy App does not affect your personal apps.

For example, the “work container” requires that devices be encrypted. If your device is not encrypted, the device prompts you to enable encryption. Once your device is encrypted, your device creates the “work container” and you can install your applications. Regardless of encryption status, your personal apps are not affected and will continue to operate. 

If University policy or process requires (i.e. an employee leaves the University), IT can remove the "work container.” Uninstalling the Google Device Policy app from your phone will automatically remove the “work container” and you will still be able to access University email and calendar via your browser

Note: On Android devices, the “work container” is called a “Work Profile.” On Apple iPhone/iPad devices, the “work container” is called “Managed Apps.”

What can the Google Apps Device Policy application access or restrict?

The Google Device Policy app sets the minimum security requirements for the "work container" that your phone creates to isolate work apps from personal apps and shield your personal information.  Some of the minimum security requirements apply to your entire device, including that devices must have a PIN or password, a screen lock, and use encryption. You can uninstall the Google Device Policy app at any time and you will still be able to access University email and calendar via your browser.

For support and troubleshooting, Apple and Google share limited technical details about your device through the Google Device Policy app. The technical details consist of hardware type (such as iPhone X or Galaxy S9), iOS or Android hardware versions, iOS or Android software versions, and the names of apps in the "work container."  No personal data is shared, collected, or accessible to anyone but you.

Frequently Asked Questions

More Information

Contact Us

If you have questions regarding these changes or need an exception, please contact Technology Help.

Opt-In Early

If you would like accept the new device policies and install the Google Device Policy application before your unit's scheduled time, select the link for your campus below to opt in early and complete the form.

Setup Instructions

University Mobile Device Policies

Google Resources