Department of Medicine IT

Cloud Computing

Being Secure in the Cloud

Cloud computing and storage services can be very useful, but can also pose unique threats to the confidentiality of university data. The convenience of cloud resources can sometimes make them very attractive tools, however regardless of what tools are used, all university data must be adequately protected.

All Department of Medicine workforce members must follow both University and UW Medicine security policies for data classifications, access, and protections. At its most basic, these security requirements are defined by legal agreements between organizations. Those legal agreements establish how partner organizations will protect stored data and how the data can be accessed in the event of a public records audit or investigation of a potential security breach. Failure to adequately report incidents and corrective actions by the University or UW Medicine could result in significant fines for UW Medicine as well as large scale reputational damage.

UW Medicine is very specific regarding the appropriate access, use, and disclosure in regard to cloud resources. Their cloud computing guidance webpage lists approved cloud resources and the following statement:

“DO NOT ever send or store any University Business data, especially restricted or confidential information using a cloud service or application without establishing a contract with the vendor including appropriate legal agreements which may include a Business Associate Agreement (BAA) and a Data Security Agreement (DSA).
[…]
The only way to use any cloud application is to insure that the cloud application owner/vendor has signed a Business Associate and Data Security Agreement with the University prior to using it. All public cloud offerings are considered not suitable for UW Medicine business operations without these agreements in place.”

If you need more specific guidance regarding the appropriate use a cloud resource feel free to directly contact UW Medicine IT Security via UW Medicine ITS – Security Contacts.

For additional guidance regarding data security please see our Data Stewardship webpage, which provides helpful summarization of University and UW Medicine polices and provides additional information and resources.

Catalyst Web Tools

The University of Washington’s Catalyst Web Tools are used throughout UW Medicine for a variety of purposes including quality assurance activities. However the Catalyst Web Tools are not HIPAA compliant. Since this web-based tool is not compliant with the regulation that helps protect electronic Protected Health Information (ePHI) that information may not be gathered, transmitted or stored on the Catalyst computing system.

If you need to gather information for patient or family care activities, please contact the UW Medicine IT Services Help Desk at mcsos@uw.edu for help finding a secure tool to meet your needs.