Secure Storage and Communication Services | Office of Information Security

Before using external websites or cloud services to store, create or transmit WashU confidential or Protected information the following reviews are needed.

Contact the data owner to verify data classification.
Please request an Information Security Risk review.
Facetime, Skype, and other similar communication tools for clinical patient care have been evaluated by Washington University School of Medicine. These “on demand” video tools are not appropriate for clinical use or patient care.
Storage of ePHI may require a signed Business Associates Agreement (BAA). Please work with the HIPAA Privacy Office and Resource Management to discuss prior to storing information, purchasing a product, or signing any contracts.
- Please note this is not the original record

	Protected					Confidential				Public
	ePHI	ITAR	FISMA (CUI)	PCI	PII	HR	Legal	Financial	Intellectual Property	Released by Public Affairs
Wash U Research Data Storage	✔				✔	✔	✔	✔	Data Owner	✔
LabArchives					✔	✔	✔	✔	Data Owner	✔
WUSTL Box	✔				✔	✔	✔	✔	Data Owner	✔
WURN (public)									Data Owner	✔
WURN (private)	✔					✔	✔	✔	Data Owner	✔
WashU Cloud Computing Service	✔				✔	✔	✔	✔	Data Owner	✔
SharePoint	✔				✔	✔	✔	✔	Data Owner	✔
Files and Storage Service	✔	✔			✔	✔	✔	✔	Data Owner	✔
PCI Certified Storage				✔					Data Owner	✔
Skype for Business (WashU) Internal	✔				✔	✔	✔	✔	Data Owner	✔
Teams (WashU)	Teams is prohibited for patient visits. Teams can be used among our team members to collaborate internally on patient care issues, but is not meant for direct patient care.				✔	✔	✔	✔	Data Owner	✔
Amazon Web Services (AWS)									Data Owner	✔
Amazon Web Services (WashU) (DLT)	✔				✔	✔	✔	✔	Data Owner	✔
Amazon Web Services - Government (FEDRAMP)			✔						Data Owner	✔
Azure (WashU Instance)	✔				✔	✔	✔	✔	Data Owner	✔
Azure - Government (FEDRAMP)			✔						Data Owner
Google Cloud Platform									Data Owner	✔
Google Drive									Data Owner	✔
DropBox									Data Owner	✔
iCloud									Data Owner	✔
OneDrive (WashU Instance)	✔				✔	✔	✔	✔	Data Owner	✔
ServiceNow						✔	✔	✔	Data Owner	✔
Zoom (WashU)	Zoom is prohibited for patient visits. Zoom can be used among our team members to collaborate internally on patient care issues, but is not meant for direct patient care.				✔	✔	✔	✔	Data Owner	✔

	Protected					Confidential				Public
	ePHI	ITAR	FISMA (CUI)	PCI	PII	HR	Legal	Financial	Intellectual Property	Released by Public Affairs
EPIC - Haiku, Canto	✔				✔				Contact Data Owner	✔
WashU Sites									Contact Data Owner	✔
Commercial Email (i.e, Gmail, Yahoo)									Contact Data Owner	✔
Skype for Business (WashU Instance) Internal	✔				✔	✔	✔	✔	Contact Data Owner	✔
Skype - Commercial									Contact Data Owner	✔
Slack									Contact Data Owner	✔
Teams (WashU) Internal	✔				✔	✔	✔	✔	Contact Data Owner	✔
Epharmix	✔				✔	✔	✔	✔	Contact Data Owner	✔
Twillo									Contact Data Owner	✔
SMS Text									Contact Data Owner	✔
Social Media Direct Message (i.e. Facebook, Twitter)									Contact Data Owner	✔
iMessage (Apple)									Contact Data Owner	✔
Android Message									Contact Data Owner	✔
Basic Pager									Contact Data Owner	✔
AMS Connect -Encrypted Pager	✔					✔	✔	✔	Contact Data Owner	✔
Facetime									Contact Data Owner	✔

	Protected					Confidential				Public
	ePHI	ITAR	FISMA (CUI)	PCI	PII	HR	Legal	Financial	Intellectual Property	Released by Public Affairs
RedCap	✔				✔	✔	✔	✔	Contact Data Owner	✔
RedCap Cloud	✔				✔	✔	✔	✔	Contact Data Owner	✔
Qualtrics	Research use only. Not for clinical care.					✔	✔	✔	Contact Data Owner	✔