Skip to main content

System Status: 

Google Workspace: Protected Data Usage Guidelines

Find guidelines for using protected data in Google Workspace.

Information for Health Sciences Personnel

In adherence to HIPAA regulations, the use of Google Workspace for storing PHI is not supported. Review information on GSuite for Health personnel on Pulse (AD login required) or direct any questions to

Please visit the ITSS page to learn about the G Suite for Education acquisition process.

Useful Resources:

Data type Data use guidance Additional information Contact
Credit card (PCI-DSS) Not permitted Credit card data may not be collected or stored at UCSD. See: merchantservices
Export control Not permitted   Export Control Office
Electronic Protected Health Information (ePHI) subject to HIPAA Not permitted HIPAA requirements are quite complex. Please consult with the Health Sciences Security Office or the campus Office of Information Assurance Office of Information Assurance, Health Sciences Security Office
Human subject research Consult Consult with the Human Research Protections Program. Additional consulting is available from the campus and Health Sciences security offices Human Research Protections Program; Office of Information Assurance, Health Sciences Security Office
Intellectual property Consult Consult with appropriate UC location authority (e.g., Office of Innovation and Commercialization, Office of Research Affairs, campus counsel) Office of Innovation and Commercialization
IT security information (e.g., administrative passwords, network diagrams) Permitted Note that passwords may never be stored. If you need to share a credential, use the free campus LastPass service
Other sensitive institutional info (e.g., fundraising, attorney/ client privileges) Permitted Certain types of information may not be appropriate for storage in GSuite, consult with data proprietor and appropriate UC location authority (e.g., privacy official, development office, campus counsel, information security officer) if you are unsure Office of Information Assurance
Personally Identifiable Information (PII) Permitted Note that data can be inappropriately shared in GSuite. If you are unfamiliar with securing data in GSuite, consult with the Office of Information Assurance. Office of Information Assurance
Public information Permitted
Research data Permitted GSuite is appropriate for most research data. However certain classes of data require additional protections in order to meet Federal security requirements. Consult with the Office of Information Assurance or the Health Sciences Security Office &/or the Research Integrity Office if you believe your data may fall into this category Office of Information Assurance, Health Sciences Security Office.
Animal general (non-humanoid subject research) Not permitted Consult with data proprietor and UC location office of research IACUC
Student education records (FERPA) Permitted Excluding student health records. Consult with data proprietor and UC location authority Registrar's Office
Need help? Contact your departmental technical support or the Support Portal, (858) 246-4357 or ext. 6-HELP.