Request device encryption waiver
Federal and state laws and regulations require that confidential electronic data, such as, protected health information, personnel information, financial information, and personally identifiable information be protected when stored on a computer, in order to reduce the impact of a computer loss or security breach.
Such regulations include but are not limited to:
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- Health Information Technology for Economic and Clinical Health (HITECH) Act
- Family Education Rights and Privacy Act (FERPA)
- California Health and Safety Code Section 1280.1
- California Information Practices Act (Civil Code Section 1978)
- Confidentiality of Medical Information Act (CMIA)
UCSF 650-16 Information Security and Confidentiality Policy requires UCSF compliance with federal and state laws and regulations as well as University policy, and sets forth the minimum security standards for electronic information resources. In order to comply with University policy and the federal and state laws and regulations, the University of California, San Francisco requires that all laptops used for UCSF work, be they UCSF-owned or non-UCSF-owned, be encrypted.
The computer encryption waiver is for laptop and desktop computers that do not have protected health information (PHI) or personal identifiable information (PII). The computer cannot be encrypted because of a software incompatibility with encryption, or hardware incompatibility with encryption or encryption would interfere with research activities. This does not apply for mobile devices such as a phone or tablet.
Click here for the Computer Encryption Waiver form.
Computer encryption waiver form will require the following information:
- Computer Name, Serial Number, MAC Address
- Specifying if you use PHI or PII
- Selecting which Exemption you are requesting (Encryption)
- Providing a Business Justification
Departments that have a large number of computers that need to have encryption exceptions, please use the security exception request form.
Mobile Device Encryption Exceptions
For mobile device encryption waivers, please use the generic security exception request form.