Recommended IT Services for Confidential or Protected Information | Office of Information Security | Washington University in S

Recommended IT Services for Confidential or Protected Information | Office of Information Security | Washington University in St. Louis
Skip to content
Skip to search
Skip to footer
Before using external websites or cloud services to store, create or transmit
WashU Confidential or Protected information
please review the tables below for approved services. If what you are looking for is not listed, the following reviews are needed.
Contact the data owner to verify
data classification
and inquire about intellectual property
All of the following services have been released by public affairs unless otherwise noted
Please request an Information Security Risk review.
FaceTime and other similar communication tools for clinical patient care have been evaluated by Washington University School of Medicine.  These “on demand” video tools are not appropriate for clinical use or patient care.
Storage of PHI may require a signed Business Associates Agreement (BAA). Please work with the HIPAA Privacy Office and
Resource Management
to discuss prior to storing information, purchasing a product, or signing any contracts (Please note this is not the original record).
Collaboration
Reference the tables below to determine which collaboration service is best for storing and sharing your data. We have divided these services into four subcategories: storage, teamwork, cloud, and services that are not approved for confidential or protected data.
Storage
PHI
PII
HR
Legal
Financial
WashU Research Data Storage
WUSTL Box
WURN (public)
WURN (private)
OneDrive (WashU instance)
Lab Archives
SharePoint
Files and Storage Service
Footnotes
1. Files and Storage Service also has the ITAR protection
Teamwork
PHI
PII
HR
Legal
Financial
Teams(WashU)
Zoom (WashU HIPAA instance)
Footnotes
1. Teams chat is not acceptable for clinical communications or patient care. Some administrative matters are acceptable if they are not related to individual patient care. PHI should be avoided.
For more details, visit
Clinical Communications Best Practices | Faculty Practice Plan | Washington University in St. Louis (wustl.edu)
Cloud
PHI
PII
HR
Legal
Financial
WashU Cloud Computing Service
Amazon Web Services (WashU) (DLT)
Azure (WashU instance)
ServiceNow
Google Cloud Platform (WashU)
Services not approved for confidential or protected data
PCI Certified Storage
Amazon Web Services (AWS)
Azure – Government (FEDRAMP)
Google Drive
Drop Box
iCloud
Footnotes
1. As the name implies, PCI Certifies Storage also has the PCI protection
2. Amazon Web Services – Government (FEDRAMP) is a separate service that has FISMA protections, but it has no other protections and is not confidential.
3. This service also has FISMA protections, but it has not been released by public affairs
Communication
Type 1
Type 1 communication services has some protection and confidentiality tools. Reference the table below to determine if the communication service you are using is appropriate.
PHI
PII
HR
Legal
Financial
EPIC – Haiku, Canto
Teams (WashU) Internal
Epharmix
AMS Connect – Encrypted Pager
Footnotes
1. Teams chat is not acceptable for clinical communications or patient care. Some administrative matters are acceptable if they are not related to individual patient care. PHI should be avoided.
For more details, visit
Clinical Communications Best Practices | Faculty Practice Plan | Washington University in St. Louis (wustl.edu)
Type 2
Type 2 Communication services are not approved for protected or confidential data.
List of Services
WashU Sites
Commercial Email (i.e, Gmail, Yahoo)
Slack
SMS text
Social Media Direct Message (i.e. Facebook, Twitter)
iMessage (Apple)
Android Message
Basic Pager
Facetime
Google Voice
Calendly
Survey
PHI
PII
HR
Legal
Financial
RedCap
RedCap Cloud
JotForm
Qualtrics for General Use
Qualtrics for Sensitive Data
Microsoft Forms
Footnotes
1. Not for research use with research or clinical data
Transcription
PHI
PII
HR
Legal
Financial
Landmark Associates
Qualtranscribe
All of these transcription services have BAA’s with WashU.
Guidance
Confidentiality, Integrity, and Availability: The CIA Triad
Data Classification
Data Loss Prevention
Email Safety
Encryption
Information Security Glossary
KnowBe4 Training and Awareness Program
Lost Device
Microlearning Approach
Phish Alert Button (PAB)
Recommended IT Services for Confidential or Protected Information
Remote Work
Travel
QR Code Safety