Jump to main content

HIPAA and Personal Devices

The University of Northern Colorado (UNC) recognizes that university employees, and Graduate students, at times utilize their Personal Devices when conducting University business. In response to an increase in Personal Devices being used in the work environment and remotely, UNC has established an official Bring Your Own Device (BYOD) policy.

Any Employee or Graduate Student using personal devices are required to follow the UNC BYOD policy

All Employees and Graduate Students should complete HIPAA training in Cornerstone and Canvas yearly. In addition, anyone using personal devices should follow guidelines from HealthIT.gov


Risks vary based on the mobile device and its use. Some risks include:

  • A lost mobile device
  • A stolen mobile device
  • Inadvertently downloading viruses or other malware
  • Unintentional disclosure to unauthorized users
  • Using an unsecured Wi-Fi network

Protect and secure health information when using mobile devices:

  • In a public space
  • On site
  • At a remote location

Regardless of whether the mobile device is:  

  • Personally owned, bring their own device (BYOD)
  • Provided by an organization.

Install and enable encryption and install firewall

Install and enable security software and update software when recommended

Maintain control of your device

Delete stored health information before discarding device

Disable file-sharing apps

What to Avoid

  • Sharing your mobile device password or user authentication
  • Allowing the use of your mobile device by unauthorized users
  • Storing or sending unencrypted health information with your mobile device
  • Ignoring mobile device security software updates  
  • Downloading applications (apps) without verifying they are from a trusted source
  • Leaving your mobile device unattended
  • Using an unsecured Wi-Fi network
  • Discarding your mobile device without first deleting all stored information
  • Ignoring your organization’s mobile device policies and procedures