Information Security Program
Home >> Guidance >> Guidance >> Cloud Computing

System Security Standard  Find out the standard ways to secure at system at UW Medicine

New Data Stewardship Training  Know your Role and Responsibilities for Confidential Information

How to Encrypt Computing Devices and Electronic Data  How do I encrypt?

Information Security Policies  Home of the Information Security Policies

Departmental Training Materials  Training materials for use in departmental education

Self Service Vulnerability Assessement  Find your Vulnerabilities

Frequently Asked Questions  Find Security related answers

Glossary of Terms  Information Security Term Definitions

Contact the Information Security Team  We are here to Help

Secure Remote Access  UW Medicine Networks Team

UW Office of the CISO  UW Chief Information Security Officers Website

Being Secure in "the cloud"

University of Washington Agreements in place

The University of Washington has signed an agreement with Microsoft that satisfies the requirements for appropriate legal agreements. UW Medicine workforce may use UW-supported Office 365 including UW OneDrive for Business (not OneDrive), Lync, and Azure. No other institutional agreements satisfy UW Medicine's requirements for appropriate legal agreements. This includes Google apps.

More information about OneDrive for Business use at the University of Washington can be found here: UW OneDrive for Business

What are cloud applications?

Internet based tools can perform common tasks and services like reviewing documents, sharing files and videos, email and calendaring, online storage, and social media. When these online tools or applications are provided to the general public as a utility, they make up the "cloud."

Some examples of cloud applications are:

Approved Cloud Applications Unapproved Cloud Applications
OneDrive for Business OneDrive
Lync Google Apps
Azure iCloud

Amazon Web Services

UW Medicine workforce members have access to many free Internet based tools and applications that serve a variety of business and personal purposes. While use of free Internet tools, often referred to as "cloud applications", can be useful, none of them are appropriate for use at UW Medicine or for patient care without the proper Legal Agreements in place.

Why is it important to understand how to use cloud computing services securely?

Protecting patient data is of primary importance to UW Medicine. Cloud applications that are not designed to handle confidential data and do not comply with laws and regulations put patient data at risk.

Additionally, unauthorized or unmanaged software installed on workstations may contain security vulnerabilities or be incompatible with other software required for UW Medicine business including patient care.

Uncontracted cloud applications generally offer few guarantees. In the case of a security incident, UW Medicine may not have any opportunity to work with the vendor to understand what happened and take corrective action. If that data was regulated (such as PHI or other personally-identifiable information) UW Medicine could be legally required to report it to our patients and the Federal government as an incident.

This could result in significant fines for UW Medicine and possibly large scale reputational damage.

When should i follow this guidance?

You should follow this guideline any time you use cloud applications at UW Medicine or to access UW Medicine data.

DO NOT ever send or store any University Business data, especially restricted or confidential information using a cloud service or application without establishing a contract with the vendor including appropriate legal agreements which may include a Business Associate Agreement (BAA) and a Data Security Agreement (DSA).

How can I use public cloud applications appropriately?

The only way to use any cloud application is to insure that the cloud application owner/vendor has signed a Business Associate and Data Security Agreement with the University prior to using it. All public cloud offerings are considered not suitable for UW Medicine business operations without these agreements in place.

Support

To obtain information or help with cloud computing, contact IT Services Help Desk at mcsos@uw.edu. If this is an urgent matter, please call them at 206-543-7012. Please reserve calling for truly urgent matters.