Before using external websites or cloud services to store, create or transmit WashU confidential or Protected information the following reviews are needed.
- Contact the data owner to verify data classification.
- Please request an Information Security Risk review.
- Facetime, Skype, and other similar communication tools for clinical patient care have been evaluated by Washington University School of Medicine. These “on demand” video tools are not appropriate for clinical use or patient care.
- Storage of ePHI may require a signed Business Associates Agreement (BAA). Please work with the HIPAA Privacy Office and Resource Management to discuss prior to storing information, purchasing a product, or signing any contracts.
- Please note this is not the original record
Collaboration
| Protected | Confidential | Public | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| ePHI | ITAR | FISMA (CUI) | PCI | PII | HR | Legal | Financial | Intellectual Property | Released by Public Affairs | |
| Wash U Research Data Storage | ✔ | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ | |||
| LabArchives | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ | ||||
| WUSTL Box | ✔ | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ | |||
| WURN (public) | Data Owner | ✔ | ||||||||
| WURN (private) | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ | ||||
| WashU Cloud Computing Service | ✔ | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ | |||
| SharePoint | ✔ | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ | |||
| Files and Storage Service | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ | ||
| PCI Certified Storage | ✔ | Data Owner | ✔ | |||||||
| Skype for Business (WashU) Internal | ✔ | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ | |||
| Teams (WashU) | ✔ | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ | |||
| Amazon Web Services (AWS) | Data Owner | ✔ | ||||||||
| Amazon Web Services (WashU) (DLT) | ✔ | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ | |||
| Amazon Web Services - Government (FEDRAMP) | ✔ | Data Owner | ✔ | |||||||
| Azure (WashU Instance) | ✔ | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ | |||
| Azure - Government (FEDRAMP) | ✔ | Data Owner | ||||||||
| Google Cloud Platform | Data Owner | ✔ | ||||||||
| Google Drive | Data Owner | ✔ | ||||||||
| DropBox | Data Owner | ✔ | ||||||||
| iCloud | Data Owner | ✔ | ||||||||
| OneDrive (WashU Instance) | ✔ | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ | |||
| ServiceNow | ✔ | ✔ | ✔ | Data Owner | ✔ |
Communication
| Protected | Confidential | Public | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| ePHI | ITAR | FISMA (CUI) | PCI | PII | HR | Legal | Financial | Intellectual Property | Released by Public Affairs | |
| EPIC - Haiku, Canto | ✔ | ✔ | Contact Data Owner | ✔ | ||||||
| WashU Sites | Contact Data Owner | ✔ | ||||||||
| Commercial Email (i.e, Gmail, Yahoo) | Contact Data Owner | ✔ | ||||||||
| Skype for Business (WashU Instance) Internal | ✔ | ✔ | ✔ | ✔ | ✔ | Contact Data Owner | ✔ | |||
| Skype - Commercial | Contact Data Owner | ✔ | ||||||||
| Slack | Contact Data Owner | ✔ | ||||||||
| Teams (WashU) Internal | ✔ | ✔ | ✔ | ✔ | ✔ | Contact Data Owner | ✔ | |||
| Epharmix | ✔ | ✔ | ✔ | ✔ | ✔ | Contact Data Owner | ✔ | |||
| Twillo | Contact Data Owner | ✔ | ||||||||
| SMS Text | Contact Data Owner | ✔ | ||||||||
| Social Media Direct Message (i.e. Facebook, Twitter) | Contact Data Owner | ✔ | ||||||||
| iMessage (Apple) | Contact Data Owner | ✔ | ||||||||
| Android Message | Contact Data Owner | ✔ | ||||||||
| Basic Pager | Contact Data Owner | ✔ | ||||||||
| AMS Connect -Encrypted Pager | ✔ | ✔ | ✔ | ✔ | Contact Data Owner | ✔ | ||||
| Facetime | Contact Data Owner | ✔ |
Survey
| Protected | Confidential | Public | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| ePHI | ITAR | FISMA (CUI) | PCI | PII | HR | Legal | Financial | Intellectual Property | Released by Public Affairs | |
| RedCap | ✔ | ✔ | ✔ | ✔ | ✔ | Contact Data Owner | ✔ | |||
| RedCap Cloud | ✔ | ✔ | ✔ | ✔ | ✔ | Contact Data Owner | ✔ | |||
| Qualtrics | ✔ | ✔ | ✔ | Contact Data Owner | ✔ |