System Security Standard Find out the standard ways to secure a system at UW Medicine
New Data Stewardship Training Know your Role and Responsibilities for Confidential Information
How to Encrypt Computing Devices and Electronic Data How do I encrypt?
Information Security Policies Home of the Information Security Policies
Departmental Training Materials Training materials for use in departmental education
Self Service Vulnerability Assessement Find your Vulnerabilities
Frequently Asked Questions Find Security related answers
Glossary of Terms Information Security Term Definitions
Contact the Information Security Team We are here to Help
Secure Remote Access UW Medicine Networks Team
UW Office of the CISO UW Chief Information Security Officers Website
The University of Washington has signed an agreement with Microsoft that satisfies the requirements for appropriate legal agreements. UW Medicine workforce may use UW-supported Office 365 including UW OneDrive for Business (not OneDrive), Lync, and Azure. No other institutional agreements satisfy UW Medicine's requirements for appropriate legal agreements. This includes Google apps.
More information about OneDrive for Business use at the University of Washington can be found here: UW OneDrive for Business
Internet based tools can perform common tasks and services like reviewing documents, sharing files and videos, email and calendaring, online storage, and social media. When these online tools or applications are provided to the general public as a utility, they make up the "cloud."
Some examples of cloud applications are:
|Approved Cloud Applications||Unapproved Cloud Applications|
|OneDrive for Business||OneDrive|
|Azure||iCloud||Amazon Web Services|
UW Medicine workforce members have access to many free Internet based tools and applications that serve a variety of business and personal purposes. While use of free Internet tools, often referred to as "cloud applications", can be useful, none of them are appropriate for use at UW Medicine or for patient care without the proper Legal Agreements in place.
Protecting patient data is of primary importance to UW Medicine. Cloud applications that are not designed to handle confidential data and do not comply with laws and regulations put patient data at risk.
Additionally, unauthorized or unmanaged software installed on workstations may contain security vulnerabilities or be incompatible with other software required for UW Medicine business including patient care.
Uncontracted cloud applications generally offer few guarantees. In the case of a security incident, UW Medicine may not have any opportunity to work with the vendor to understand what happened and take corrective action. If that data was regulated (such as PHI or other personally-identifiable information) UW Medicine could be legally required to report it to our patients and the Federal government as an incident.
This could result in significant fines for UW Medicine and possibly large scale reputational damage.
You should follow this guideline any time you use cloud applications at UW Medicine or to access UW Medicine data.
DO NOT ever send or store any University Business data, especially restricted or confidential information using a cloud service or application without establishing a contract with the vendor including appropriate legal agreements which may include a Business Associate Agreement (BAA) and a Data Security Agreement (DSA).
The only way to use any cloud application is to insure that the cloud application owner/vendor has signed a Business Associate and Data Security Agreement with the University prior to using it. All public cloud offerings are considered not suitable for UW Medicine business operations without these agreements in place.
To obtain information or help with cloud computing, contact IT Services Help Desk at firstname.lastname@example.org. If this is an urgent matter, please call them at 206-543-7012. Please reserve calling for truly urgent matters.