Google Apps: Setting up Mobile Devices for Accounts with Access to HIPAA or Other Sensitive Data
In May 2019, in an effort to comply with security requirements of devices with access to Protected Health Information (PHI) the University started restricting users with access toPHI from using certain applications that use IMAP or POP3. This policy change has a projected completion in September 2019. The change is being staggered by unit to allow for better support for users having difficulties with the transition. Further information about this project can be found at z.umn.edu/hcc-device-security
This change means employees in the BAA are no longer allowed to use third party applications to access their University accounts. Instead, employees that fall into the BAA category need to use officially supported Google Apps and Google Apps Websites.
There are three ways you can access your University email account and other Google Apps:
- On your desktop, using the web interface (calendar.umn.edu, mail.umn.edu, etc).
- On your mobile device, using the web interface (mail.umn.edu).
- On your mobile device, using the official Google provided app from the Android Play Store or the iTunes App Store (Gmail App, Google Calendar App, Google Drive App, etc) with the Google Device Policy app installed and configured on your device.
Note: Third party Desktop and mobile email apps (such as AppleMail, Thunderbird, Outlook and SamsungMail) are not authorized for use with BAA Accounts.
In this article:
- Exceptions to This Policy
- Early Opt-In
- Setting up Your Email on Your Mobile Device
- Information Collected by the Google Device Policy Application
The Office of Information Technology understands that some people may need an exception to this policy for a variety of reasons. Examples of possible exceptions include but are not limited to:
- Older devices that cannot use the apps
- Apps that fulfill a business need that haven't been documented
- There is Mobile Device Management (MDM) software from another institution that conflicts with the Google Device Policy App on your device.
To request an exception to this policy, please fill out this Google Form (per campus):
- Twin Cities:z.umn.edu/mdm-exception-umn
- Duluth: z.umn.edu/mdm-exception-umd
- Crookston: z.umn.edu/mdm-exception-umc
- Morris: z.umn.edu/mdm-exception-umm
- Rochester: z.umn.edu/mdm-exception-umr
If you would like to opt-in to this change early, you can visit our early opt-in form (per campus):
- Twin Cities: z.umn.edu/opt-in-tc
- Duluth: z.umn.edu/opt-in-umd
- Crookston: z.umn.edu/opt-in-umc
- Morris: z.umn.edu/opt-in-umm
- Rochester: z.umn.edu/opt-in-umr
Follow these steps to prepare and setup your mobile device for Google Apps use:
- Review the Minimum Security Requirements for Setting up The Google Device Policy App
- Review Accounts from Other Institutions
- Backing Up Your Data
- Updating Your Devices Software
- Encrypting and Setting a Passcode on Your Device
- Setting up Your Device
- Basic Screenlock (at least one type listed below)
- 4 digit pin (required for encryption)
- 6+ Letter Password
- Device is Encrypted
- This also requires a 4 digit PIN to be set up in the device. This PIN would only be required to sign in to the device when it is initially powered up or rebooted. Afterwards, any of the above screen unlock methods may be used instead.
- Able to install the certificate
- Device is not rooted (Android) or Jailbroken (iOS, iPad OS)
- Versions of iOS and Android Supported
- Refer to Work profiles section for Android devices and Advanced Management section for iOS devices
- No other Mobile Device Management (MDM) applications installed on the device, including other instances of the Google Device Policy App
Other institutions you work with may already have Mobile Device Management (MDM) software that they require you to use to access their systems. Some of this MDM software may conflict with The University's Google Device Policy App and wherever possible, we would like to limit the disruption to your daily work.
- If you believe you have MDM software for another institution on your device, please request an exception to this policy.
- Important Note: Include the name of the other institution that has this software and, if known, any details of the software they use.
We highly recommend you back-up your device's data and contacts before you encrypt your device.
Note: Technology Help does not do data recovery for personal devices.
- Check your Android device's version
- Some older versions of Android require a Factory Reset when encrypting the device so backing up your data is especially important if your device version is older than Android 7.0
- Check your iOS device's version
- Backing up your data is especially important if your device version is older than iOS 9.0.
Note: Backing up the data on your device can take some time depending on your device and network. You should do this process when you don't need to use your device for a while.
- Be sure your device is plugged in and charged before beginning. If your device powers off during the process, you will likely be unable to use it without professional assistance.
The Google Device Policy App requires iOS 9.0 on iPhones/iPads or Android Version 4.0 on Android devices. Previous versions are not supported.
If your device needs to be updated, follow the steps below:
Note: Updating your device can take some time depending on your device and network. You should do this process when you don't need to use your device for a while.
- Be sure your device is plugged in and charged before beginning the update process. If your device powers off during the process, you will likely be unable to use it without professional assistance.
Required: Phones must be encrypted and configured to have a passcode. This is to ensure that anyone attempting to access your device using unapproved means cannot read the data on it.
Note: By setting up encryption on your device, the passcode you set up will be required each time you power the device off and turn it back on. After this initial passcode entry, any further unlocks of the device can be accomplished through other means if applicable (fingerprint, PIN, etc).
- Encrypt your device:
- Please note that menu titles may differ based on your version of Android and device.
- Android instructions
- iOS devices are encrypted by default and will only need to have a passcode set up
- Set a passcode on your device:
The Google Device Policy App collects some information about the status of your device. This information is only available to University of Minnesota Google Apps administrators and will only be used in the context of supporting access to your Google Apps Account.
In case your device is lost or stolen, the Google Device Policy App also allows UMN Google Apps Administrators to remotely wipe either your devices Work Profile or all data on your device.
The information collected includes:
- What apps are installed on the device.
- Which apps are installed from sources other than the Play/iTunes stores
- Whether the camera is active or not.
- Device Security Information (listed in table below)
- Device Information (listed in table below)
- User Information (listed in table below)
- Installed Apps (listed in table below)
Note: This does not include content displayed on the screen, or the video/audio that cameras/microphones may be capturing, nor what apps are in use.
Device Security Information Collected
Device Information Collected
User Information Collected
Please contact Technology Help. You can call 612-301-4357 (1-HELP from any campus landline phone) Chat with, or email us 24 hours a day, 7 days a week.