All WashU community members who handle PHI are responsible for maintaining a secure environment and patient privacy. This includes faculty, staff, volunteers, trainees, and students. WashU’s core technology systems are designed to safely store and transmit PHI for safety and compliance with HIPAA. Before using external websites or cloud services to store, create, or transmit WashU Confidential or Protected information, please review our recommended IT services for Confidential or Protected Information.
If what you are looking for is not already listed, PHI storage may require a signed Business Associates Agreement (BAA). Please work with the HIPAA Privacy Office and Resource Management before storing information, purchasing a product, or signing any contracts.
When storing files on WashU Box, Microsoft 365, etc., here are a few pointers to make sure our secure systems don’t get cracks in the foundation:
- Restrict view/edit rights to the minimum necessary
- Delete files from cloud storage when no longer needed to prevent unauthorized access