Encryption Requirements

Requirements and procedures are in support of governing Columbia University Information Technology Policies and CUIMC Information Security Procedures.

Encryption is the conversion of data into a format that is not readable or understandable without proper credentials. It provides extra security in cases where electronic information has been accidentally or purposely and maliciously disclosed. Most encryption software uses a strong password for credentials to authorize that data can be decrypted, or made readable again.

Encryption plays a very important role at CUIMC in providing adequate protection of data including PHI and PII. Not using encryption when required can lead to severe sanctions for the individual, department and institution.


Encryption of equipment and media

Encryption methods and use

The following requirements apply to any systems that transmit, store and process sensitive data (including PHI and PII). We also highly recommend that encryption be used to safeguard internal or official use only data, or on any systems connecting to University resources.