/policies/,/policies/administrative/,/policies/administrative/uw-health-administrative/,/policies/administrative/uw-health-administrative/administration/,

/policies/administrative/uw-health-administrative/administration/161.policy

201609274

page

100

UWHC,UWMF,

Policies,Administrative,UW Health Administrative,Administration

Lost, Stolen, or Found Electronic Device Policy (1.61)

Lost, Stolen, or Found Electronic Device Policy (1.61) - Policies, Administrative, UW Health Administrative, Administration

1.61

Page 1 of 4


Administrative (Non-Clinical) Policy
This administrative policy applies to the operations and staff of the University of Wisconsin Hospitals and
Clinics Authority (UWHCA) as integrated effective July 1, 2015, including the legacy operations and
staff of University of Wisconsin Hospital and Clinics (UWHC) and University of Wisconsin Medical
Foundation (UWMF).
Policy Title: Lost, Stolen, or Found Electronic Device Policy
Policy Number: 1.61
Effective Date: October 1, 2016
Chapter: Administration
Version: Original
I. PURPOSE
This policy defines a process for reporting, tracking, and securing lost, stolen, or found portable electronic
devices such as mobile phones, laptop computers, and portable electronic media. Security controls are
required to protect sensitive corporate data such as protected health information (PHI), per regulatory
requirements for privacy and the Payment Card Industry Data Security Standard (PCI DSS).
In addition to standard lost and found procedures, such as those described in Administrative Policy 1.11-
Lost & Found Articles, lost and found electronic devices require additional attention to determine if PHI
or other sensitive data is contained on the electronic device, and if the loss or theft of the device may be
considered a security incident requiring further follow-up.
II. DEFINITIONS
Mobile device: Any device running a mobile device operating system (OS), including, but not limited to,
mobile phones, music players, and tablets. Common mobile device operating systems include Apple
Computer iOS, Google Android, Microsoft Windows Mobile, and Research In Motion Blackberry OS.
Laptop: Any portable computer workstation.
Portable electronic media: Any electronic media storage device that can be moved from place to place
or carried on someone’s person.
MDM: Mobile Device Management system, a software and hardware platform for managing the
configuration and security of mobile devices.
Notification group: The group of individuals who must be notified when a mobile device is reported lost
or stolen. This varies based on the employer of the person that the lost or stolen device was assigned to:
• CIO and CTO (in all cases)
• UW Health Privacy Officer
• Director of Risk Management
• Operational Vice President of the employee who reports a missing device.
• UW Health Security (608-263-7065) if the missing device is owned by UW Health

AirWatch: AirWatch is a mobile device management system that is designed to improve the security and
support of mobile devices that are permitted to connect to UW Health’s electronic corporate data systems.

Page 2 of 4

Security controls are required to protect the privacy of protected health information (PHI), as required by
the HIPAA security rule, as well as sensitive corporate information.

CompuTrace: CompuTrace provides computer theft recovery and secure asset tracking. This product is
centrally managed by IT departments, and meant for customers with large populations of remote and
mobile users. This product deters theft, minimizes computer drift, and helps recover lost or stolen laptop
computers.

III. POLICY ELEMENTS

A. To protect PHI and other sensitive business data, UW Health Information Services (IS) enforces
security controls on all devices that are authorized to connect to corporate resources. Security
controls may change over time to account for changing security threats.
B. Any lost, stolen, or found mobile electronic device must be reported to the Help Desk
immediately.
C. The notification group appropriate to the person who reports a lost, stolen, or found mobile
device must be notified.
D. Lost or stolen mobile devices are remotely wiped of corporate data immediately, when possible.

IV. PROCEDURE

A. Security
1. Immediately contact the Help Desk if an electronic device is lost, stolen, or found. If
reported lost or stolen, the device is remotely erased the next time it connects to any UW
Health data network to ensure patient and sensitive business data are not accessible to
unauthorized persons.
2. UW Health IS monitors connections from mobile devices to the MDM system. Users
with registered mobile devices that have not connected to the MDM system in more than
14 days may be disconnected from the MDM system after all corporate data and software
on the device is remotely deleted.
B. Lost or Stolen Mobile Devices
1. Devices running a mobile operating system, such as Google Android or Apple Computer
iOS, and accessing corporate data are registered with the UW Health AirWatch mobile
device management system. Corporate laptops are equipped with CompuTrace.
2. Follow the appropriate procedure below depending on the type of device that is missing.
a. AirWatch for Devices Running Android or Apple iOS
i. Contact the Help Desk to report the missing device and provide all
necessary information.
ii. The Help Desk opens a support ticket and assigns it to the IS Security
team with a group of Systems Security – UWH IS.
iii. IS Security:
ξ Remotely runs a device wipe to remove all corporate data stored
on the device
ξ Notifies the IS Security Officer (or IS Director on call, if after
hours or the IS Security Officer is unavailable) whether the
device was encrypted and if the device has been wiped of
corporate data
iv. If the device was encrypted and successfully wiped of corporate data, the
IS Security Officer (or IS Director on call) sends a Resolved Issue
notification to the Notification Group. -or-
v. If the device was not encrypted or wiped, the IS Security Officer (or IS

Page 3 of 4

Director on call):
ξ Contacts the end user to determine if PHI or sensitive business
data was on the device
ξ Opens additional tasks for investigation of the possible data on
the device
ξ IS Security Consultants lead the additional investigation
ξ The IS Server Team searches for a file of emails available on the
device at the time of the incident
ξ If the device was lost in a UW Health building, the IS Network
Team investigates the last time and place the device checked in
on a UW Health Network
ξ IS End User Technical Support (EUTS) attempts to recover the
device based on the last check in on a UW Health Network
vi. After investigation is complete, notification is sent to the Notification
Group with details of the incident.
b. CompuTrace for Corporate Laptops [Note: All corporate laptops are encrypted.]
i. Contact the Help Desk to report the missing device and provide all
necessary information.
ii. The Help Desk opens a support ticket and assigns it to the IS Manager of
EUTS.
iii. EUTS:
ξ Confirms the device was encrypted and notifies the IS Security
Officer (or IS Director on call, if after hours or the IS Security
Officer is unavailable)
ξ Notifies UW Health Security (608-263-7065) to get a case
number from the police department
ξ Contacts CompuTrace to request a trace on the device
iv. If the device was encrypted, the IS Security Officer (or IS Director on
call) sends a Resolved Issue notification to the Notification Group.
v. UW Health Security and/or the applicable law enforcement agency
conducts an initial investigation within eight hours after notification to
determine if external authorities (e.g., UW or Madison Police) should be
notified.
vi. If external authorities are notified, UW Health Security obtains a case
number and communicates it to EUTS management so that CompuTrace
can begin the process of searching for the device.
vii. Computrace provides regular updates of progress for the lifecycle of the
incident to EUTS Management.
viii. EUTS Management keeps the Notification Group informed of progress.
ix. UW Health Security leadership:
ξ Coordinates communication with law enforcement investigators
ξ Sends updates regarding police progress and Security
investigation progress to the Notification Group
C. Found Electronic Devices or Portable Electronic Media
1. Contact the Help Desk immediately to report finding an electronic device or portable
electronic media and provide all requested information.
2. Found devices or electronic media are delivered to the UW Health Information Services
Security Consultant team for review and further investigation, as applicable.
D. Portable Electronic Media
1. Also refer to UW Health Administrative Policy 1.06-Electronic Media Handling,

Page 4 of 4

Destruction, and Disposal for specific measures used to secure portable electronic media
and prevent unauthorized access.

V. REFERENCES

UW Hospitals and Clinics Administrative Policy 1.06-Electronic Media Handling, Destruction, and
Disposal
UW Hospitals and Clinics Administrative Policy 1.11-Lost & Found Articles
UW Health Administrative Policy 1.46-UW Health Mobile Device
UW Health Administrative Policy 1.54-UW Health Secure Text Messaging Via the Paging and
Messaging Center

VI. COORDINATION

Sr. Management Sponsor: VP, Chief Technology Officer
Author: UW Health Information Services Systems Security Director

Approval committee: UW Health Administrative Policy and Procedure Committee

SIGNED BY

Elizabeth Bolt
UW Health Chief Administrative Officer


Revision Detail

Previous revision:
Next revision: 102019