BitLocker Encryption
Open Dental does not provide technical support for Encryption of Data at Rest and in Transit. For assistance, consult your IT professional. The information below is provided as a resource for your IT professional to help make encryption decisions. It is not for regular users.
BitLocker is a simple, powerful, encryption solution that will protect an entire hard drive. Users will not notice it because you do not specify protection by file or folder, but the entire drive. BitLocker Drive Encryption is only available for certain Microsoft Operating Systems. See Encryption of Data at Rest and in Transit for information on why encryption is important for health care organizations.
Before implementing BitLocker, see Microsoft's website for authorized information and instructions about BitLocker for your operating system. Each operating system may have different instructions.
At Open Dental, we have implemented BitLocker for data encryption. This page provides unofficial instructions to encrypt Open Dental data, and is also general enough to be useful for systems where Open Dental is not used. After installation, interaction is not required unless you are making hardware changes to your system.
Any Windows version that Open Dental supports includes BitLocker. See Computer Requirements for supported operating systems.
For details, see Microsoft BitLocker Overview.
Clarification on these requirements should be obtained from Microsoft.
If you do not have Trusted Platform Module (TPM), you will need to use a portable USB drive (like a thumb drive) in order to power cycle your computer. We do not recommend or cover that option. See Trusted Platform Module below for directions on how to check for and activate TPM on your computer.
Details about why you need the BitLocker Preparation Tool: BitLocker requires two partitions or volumes on the hard disk drive, and not partitions that you likely have. One is called the system volume and contains unencrypted system boot data. The other partition is the operating system volume. This is the partition which is encrypted and contains the operating system, user data and your patient data. Your system volume has to be at least 1.5GB in size and must be created before proceeding with the BitLocker Drive Encryption. This volume can be created one of three ways:
If you have multiple partitions on a single physical hard drive already, you may need to reinstall your operating system. Luckily, you do not need to understand the above completely because in order to ease the process of creating the system volume, Microsoft provides the BitLocker Driver Preparation Tool.
BitLocker status on your system may be viewed and controlled from the BitLocker Control Panel which is accessed from your system Control Panel.
Group Policy Settings for BitLocker: These policy settings allow BitLocker to be used without a TPM or to change BitLocker configuration if your system does have TPM. We do not cover this here and we did not use Group Policy Settings for BitLocker in our implementation.
Disabling BitLocker: Use BitLocker Control Panel from your system Control Panel to temporarily or permanently disable encryption.
You only need this section if you need to find out if your computer has TPM, or you wish activate TPM.
Alternate method of checking if you have TPM hardware: BitLocker may not be turned on. To check, enter tpm.msc in Run window.
Activate TPM in the BIOS: If TPM is not turned on in the BIOS, you may have to activate from BIOS. The BIOS interface may differ from the screen shot examples below depending on your computer.
Then go to Control Panel, Device Manager, Security Devices (newer Windows OS) or System Devices (older Windows OS) and look for it. It may look something like this:
Activate TPM in Dell Server's BIOS For Dell Server's BIOS, go to System BIOS, System Security.
For TPM Security, select On without Pre-Boot Measurements. For TPM Activation, select Activate. Click Save and restart Windows.
Activate TPM in Windows To activate TPM in Windows, or to just run the BitLocker wizard, enter tpm.msc in the Run window.
Click Initialize TPM in the Actions panel.
Enter your password and confirm. If you used a memory stick for your startup key, do not save the password on the same USB device as the startup key, but instead insert a different device. It is recommended that the password be printed out and kept safely on file. If you choose to just write it down, have someone check what you wrote.
Click Initialize to complete the initialization.