Before using external websites or cloud services to store, create or transmit WashU confidential or Protected information the following reviews are needed.
- Contact the data owner to verify data classification.
- Please request an Information Security Risk review.
- Storage of ePHI may require a signed Business Associates Agreement (BAA). Please work with the HIPAA Privacy Office and Resource Management to discuss prior to storing information, purchasing a product or signing any contracts.
- Please note this is not the original record.
WashU Collaboration
| | Protected | | | | | Confidential | | | | Public |
| ePHI | ITAR | FISMA (CUI) | PCI | PII | HR | Legal | Financial | Intellectual Property | Released by Public Affairs |
| Wash U Research Data Storage | ✔ | | | | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ |
| WUSTL Box | ✔ | | | | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ |
| WURN (public) | | | | | | | | | Data Owner | ✔ |
| WURN (private) | ✔ | | | | | ✔ | ✔ | ✔ | Data Owner | ✔ |
| WashU Cloud Computing Service | ✔ | | | | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ |
| SharePoint | ✔ | | | | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ |
| Files and Storage Service | ✔ | ✔ | | | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ |
| PCI Certified Storage | | | | ✔ | | | | | Data Owner | ✔ |
| Skype for Business (WashU) Internal | ✔ | | | | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ |
| Teams (WashU) | ✔ | | | | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ |
| Amazon Web Services (AWS) | | | | | | | | | Data Owner | ✔ |
| Amazon Web Services (WashU) (DLT) | ✔ | | | | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ |
| Amazon Web Services - Government (FEDRAMP) | | | ✔ | | | | | | Data Owner | ✔ |
| Azure (WashU Instance) | ✔ | | | | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ |
| Azure - Government (FEDRAMP) | | | ✔ | | | | | | Data Owner | |
| Google Cloud Platform | | | | | | | | | Data Owner | ✔ |
| Google Drive | | | | | | | | | Data Owner | ✔ |
| DropBox | | | | | | | | | Data Owner | ✔ |
| iCloud | | | | | | | | | Data Owner | ✔ |
| OneDrive (WashU Instance) | ✔ | | | | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ |
Communication
| | Protected | | | | | Confidential | | | | Public |
| ePHI | ITAR | FISMA (CUI) | PCI | PII | HR | Legal | Financial | Intellectual Property | Released by Public Affairs |
| EPIC - Haiku, Canto | ✔ | | | | ✔ | | | | Contact Data Owner | ✔ |
| WashU Sites | | | | | | | | | Contact Data Owner | ✔ |
| Commercial Email (i.e, Gmail, Yahoo) | | | | | | | | | Contact Data Owner | ✔ |
| Skype for Business (WashU Instance) Internal | ✔ | | | | ✔ | ✔ | ✔ | ✔ | Contact Data Owner | ✔ |
| Skype - Commercial | | | | | | | | | Contact Data Owner | ✔ |
| Slack | | | | | | | | | Contact Data Owner | ✔ |
| Teams (WashU) Internal | ✔ | | | | ✔ | ✔ | ✔ | ✔ | Contact Data Owner | ✔ |
| Epharmix | ✔ | | | | ✔ | ✔ | ✔ | ✔ | Contact Data Owner | ✔ |
| Twillo | | | | | | | | | Contact Data Owner | ✔ |
| SMS Text | | | | | | | | | Contact Data Owner | ✔ |
| Social Media Direct Message (i.e. Facebook, Twitter) | | | | | | | | | Contact Data Owner | ✔ |
| iMessage (Apple) | | | | | | | | | Contact Data Owner | ✔ |
| Android Message | | | | | | | | | Contact Data Owner | ✔ |
| Basic Pager | | | | | | | | | Contact Data Owner | ✔ |
| AMS Connect -Encrypted Pager | ✔ | | | | | ✔ | ✔ | ✔ | Contact Data Owner | ✔ |
Surveys
| | Protected | | | | | Confidential | | | | Public |
| ePHI | ITAR | FISMA (CUI) | PCI | PII | HR | Legal | Financial | Intellectual Property | Released by Public Affairs |
| RedCap | ✔ | | | | ✔ | ✔ | ✔ | ✔ | Contact Data Owner | ✔ |
| RedCap Cloud | ✔ | | | | ✔ | ✔ | ✔ | ✔ | Contact Data Owner | ✔ |
| Qualtrics | | | | | | ✔ | ✔ | ✔ | Contact Data Owner | ✔ |
Collaboration
| | Protected | | | | | Confidential | | | | Public |
| ePHI | ITAR | FISMA (CUI) | PCI | PII | HR | Legal | Financial | Intellectual Property | Released by Public Affairs |
| Wash U Research Data Storage | ✔ | | | | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ |
| WUSTL Box | ✔ | | | | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ |
| WURN (public) | | | | | | | | | Data Owner | ✔ |
| WURN (private) | ✔ | | | | | ✔ | ✔ | ✔ | Data Owner | ✔ |
| WashU Cloud Computing Service | ✔ | | | | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ |
| SharePoint | ✔ | | | | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ |
| Files and Storage Service | ✔ | ✔ | | | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ |
| PCI Certified Storage | | | | ✔ | | | | | Data Owner | ✔ |
| Skype for Business (WashU) Internal | ✔ | | | | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ |
| Teams (WashU) | ✔ | | | | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ |
| Amazon Web Services (AWS) | | | | | | | | | Data Owner | ✔ |
| Amazon Web Services (WashU) (DLT) | ✔ | | | | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ |
| Amazon Web Services - Government (FEDRAMP) | | | ✔ | | | | | | Data Owner | ✔ |
| Azure (WashU Instance) | ✔ | | | | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ |
| Azure - Government (FEDRAMP) | | | ✔ | | | | | | Data Owner | |
| Google Cloud Platform | | | | | | | | | Data Owner | ✔ |
| Google Drive | | | | | | | | | Data Owner | ✔ |
| DropBox | | | | | | | | | Data Owner | ✔ |
| iCloud | | | | | | | | | Data Owner | ✔ |
| OneDrive (WashU Instance) | ✔ | | | | ✔ | ✔ | ✔ | ✔ | Data Owner | ✔ |