it.ucsf.edu

Apple iCloud

Sarah Mays's picture

Policy Type

Guideline

Apple offers a cloud storage solution called iCloud with additional features that integrate into Apple's operating systems such as backup and automatic syncing. This enables the storing of data on remote non-UCSF servers in addition, or in lieu of, storing data on your local device or hard drive. These features were first introduced with macOS 10.7 (Lion) and iOS 5.

As exciting as these new technologies are, we must consider the ramifications of these features in a healthcare and health sciences environment, which is subject to many federal and state regulations, including HIPAA. The ability to take data from your computer and store it on iCloud can create potential security breaches that we are all by law responsible to prevent. Restricted, confidential and proprietary information must be confined to an environment that is access controlled and protected. Since UCSF (nor any other organization) has no contractual agreements in place that addresses this liability, it is UCSF’s guidance that no restricted information be stored on the iCloud service.

Some examples of restricted information include, but are not limited to, identifiable patient information data or images, social security numbers, and other restricted data. For more information about security and confidentiality, please visit http://policies.ucsf.edu/policy/650-16.

Apple makes it very easy to sync data to iCloud and all your Apple devices, and in some cases, you may be unaware this is happening. We recommend that you check the iCloud configuration on your devices to ensure that UCSF data is not being synced to the cloud. iCloud features such as iCloud Drive with Desktop and Document Syncing, Photos, and Notes must be disabled on all devices used for UCSF business to prevent UCSF data from being synced to the cloud. Apple has additional information on how to disable iCloud features here: https://support.apple.com/en-us/HT207689.