UK University Hospital Manages Portable Data with Encrypted Drives

A university hospital in Britain has mandated the use of removable media from IronKey for staff and consultants who carry patient data with them. Based in California, IronKey sells encrypted USB drives that can be managed remotely by IT administrators through IronKey Enterprise, a Web-based application. If a device goes missing, IT can remotely disable it and wipe the data.

The Norfolk and Norwich University Hospitals NHS Foundation Trust began issuing the portable drives in summer 2010. At that time the organization told staff, "Users will no longer be able to use their own removable storage devices on the network and will have to submit a request for a Trust Iron Key." The Trust purchased 500 keys and informed users that once that stock was depleted, each department would be responsible for funding replacements. The design of the device makes it waterproof; because it has a rubberized cap, it can be disinfected, a consideration for a hospital setting.

In the United Kingdom the 1998 Data Protection Act sets out guidelines to allow individuals to control information about themselves. Although it doesn't reference privacy per se, the Act does stipulate that organizations holding personal information need adequate security measures in place.

The UK's National Health Service developed an Information Governance Toolkit, which lays out how its agencies process or handle information, including patient data. The Toolkit offers assessment guidance to help organizations understand and report on what level of maturity they're at in their data security processes. The assessment is done annually.

"When data losses in other public sector areas hit the news headlines, the Department of Health issued a mandate via the IG toolkit, which meant our IT team took the required steps to not only protect all data stored on USB drives, but also to ensure we achieved Level 2 of the toolkit," said Ben Everitt, acting head of IT at the Trust.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • student reading a book with a brain, a protective hand, a computer monitor showing education icons, gears, and leaves

    4 Steps to Responsible AI Implementation

    Researchers at the University of Kansas Center for Innovation, Design & Digital Learning (CIDDL) have published a new framework for the responsible implementation of artificial intelligence at all levels of education.

  • glowing digital brain interacts with an open book, with stacks of books beside it

    Federal Court Rules AI Training with Copyrighted Books Fair Use

    A federal judge ruled this week that artificial intelligence company Anthropic did not violate copyright law when it used copyrighted books to train its Claude chatbot without author consent, but ordered the company to face trial on allegations it used pirated versions of the books.

  • server racks, a human head with a microchip, data pipes, cloud storage, and analytical symbols

    OpenAI, Oracle Expand AI Infrastructure Partnership

    OpenAI and Oracle have announced they will develop an additional 4.5 gigawatts of data center capacity, expanding their artificial intelligence infrastructure partnership as part of the Stargate Project, a joint venture among OpenAI, Oracle, and Japan's SoftBank Group that aims to deploy 10 gigawatts of computing capacity over four years.

  • laptop displaying a phishing email icon inside a browser window on the screen

    Phishing Campaign Targets ED Grant Portal

    Threat researchers at cybersecurity company BforeAI have identified a phishing campaign spoofing the U.S. Department of Education's G5 grant management portal.