The UCSF secure email solution is designed to help faculty, learners and staff comply with the federal HIPAA regulations that went into effect April 21, 2005.HIPAA regulations stipulate that electronic communications containing Protected Health Information (PHI) must be transmitted in a manner that protects the confidentiality of patient information. When you send, receive or store any electronic document containing UCSF confidential or patient information, you are responsible for ensuring that the information is processed securely.

• Affiliate
• Faculty
• Staff
• Student
• Technical Partner
• Volunteer
• Email & Collaboration

Mailing lists can be sent using UCSF managed services or through a select number of popular third-party vendors.New listserv and Distribution List request: Go to help.ucsf.edu >> Accounts, Access & Email >> Electronic Mailing List Request.Do not use a mailing list when sending "protected data." including PHI, PII, FERPA. Use them when you need to:

• Affiliate
• Faculty
• Staff
• Student
• Technical Partner
• Volunteer
• Email & Collaboration

Chromebooks are unique devices that, considering their architecture from both a security and a service standpoint, warrant caution in using them for UCSF business. Chromebooks use local encryption by default (although it is system-level and not full-disk) and are architected against malware. However, there are challenges from a regulatory risk perspective.

Keeping on top of information security vulnerabilities is an essential component of information security. Attackers exploit existing security vulnerabilities on systems to gain unauthorized access to systems and data.

The Open Web Application Security Project (OWASP) is an open-source application security project. The OWASP community includes corporations, educational organizations and individuals from around the world.