UCSF IT Technology
Search
Give to UCSF

Using ChromeOS or Chromebooks for UCSF Business

Questions? Get IT help

When (and why) NOT to use Chromebooks and ChromeOS

Chromebooks

Chromebooks are unique devices that, considering their architecture from both a security and a service standpoint, warrant caution in using them for UCSF business.

Chromebooks use local encryption by default (although it is system-level and not full-disk) and are architected against malware. However, there are challenges from a regulatory risk perspective.

The primary issue is that user-created data is stored at Google, with which UCSF does not have a BAA or Data Security Agreement. This presents the risk that UCSF data could be breached, and UCSF would have no legal recourse. 

Google apps and Gmail are not HIPAA-compliant for normal personal accounts. You should not use your Google/Gmail account for PHI, sensitive data or restricted data.

ChromeOS

We look at ChromeOS use on a case-by-case basis. In general, ChromeOS and almost all "cloud" storage services (e.g., Google Drive/Docs, Dropbox, iCloud) are not acceptable for use with restricted or confidential data.

However, there may be specific-use cases when it would be permissible to use ChromeOS with fully public, non-internal and protected confidential data. This would require an exception to the minimum security standard.  

Contact the IT Service Desk at 415-514-4100 for a consultation.

Service Category Security
Owner Team IT Security
Service
IT Security Outreach and Training

Get more guidance

Explore step-by-step how-to guides and tips to make the most of this IT service.