Google Workspace: Protected Data Usage Guidelines
Last Updated: April 7, 2024 2:06:54 PM PDT
Give feedback
Find guidelines for using protected data in Google Workspace.
Information for Health Sciences Personnel
In adherence to HIPAA regulations, the use of Google Workspace for storing PHI is not supported. Review information on GSuite for Health personnel on Pulse (AD login required) or direct any questions to 3help@ucsd.edu.
Please visit the ITSS page to learn about the G Suite for Education acquisition process.
Useful Resources:
- Office of Information Assurance
- Health Sciences Security Office
- Research Integrity Office (within the Office of the Vice Chancellor for Research)
| Data type | Data use guidance | Additional information | Contact |
|---|---|---|---|
| Credit card (PCI-DSS) | Not permitted | Credit card data may not be collected or stored at UCSD. See: | merchantservices |
| Export control | Not permitted | Export Control Office | |
| Electronic Protected Health Information (ePHI) subject to HIPAA | Not permitted | HIPAA requirements are quite complex. Please consult with the Health Sciences Security Office or the campus Office of Information Assurance | Office of Information Assurance, Health Sciences Security Office |
| Human subject research | Consult | Consult with the Human Research Protections Program. Additional consulting is available from the campus and Health Sciences security offices | Human Research Protections Program; Office of Information Assurance, Health Sciences Security Office |
| Intellectual property | Consult | Consult with appropriate UC location authority (e.g., Office of Innovation and Commercialization, Office of Research Affairs, campus counsel) | Office of Innovation and Commercialization |
| IT security information (e.g., administrative passwords, network diagrams) | Permitted | Note that passwords may never be stored. If you need to share a credential, use the free campus LastPass service |
|
| Other sensitive institutional info (e.g., fundraising, attorney/ client privileges) | Permitted | Certain types of information may not be appropriate for storage in GSuite, consult with data proprietor and appropriate UC location authority (e.g., privacy official, development office, campus counsel, information security officer) if you are unsure | Office of Information Assurance |
| Personally Identifiable Information (PII) | Permitted | Note that data can be inappropriately shared in GSuite. If you are unfamiliar with securing data in GSuite, consult with the Office of Information Assurance. | Office of Information Assurance |
| Public information | Permitted | ||
| Research data | Permitted | GSuite is appropriate for most research data. However certain classes of data require additional protections in order to meet Federal security requirements. Consult with the Office of Information Assurance or the Health Sciences Security Office &/or the Research Integrity Office if you believe your data may fall into this category | Office of Information Assurance, Health Sciences Security Office. |
| Animal general (non-humanoid subject research) | Not permitted | Consult with data proprietor and UC location office of research | IACUC |
| Student education records (FERPA) | Permitted | Excluding student health records. Consult with data proprietor and UC location authority | Registrar's Office |
Need help? Contact your departmental technical support or the Support Portal, (858) 246-4357 or ext. 6-HELP.