In a Fog about the Cloud?
Recently, a UCSF patient discovered their protected health information on the internet for all to see. A former UCSF resident used an online presentation tool called Prezi and inadvertently made the presentation publicly available.
We understand that Prezi and other online tools offer attractive features that visually enhance your presentations. UCSF has a sanctioned suite of services and software including Box, PowerPoint, or Keynote for you to use. Additionally, PowerPoint has added two features, “Zoom and “Morph,” that will enable you to make more interactive, compelling presentations. This tutorialwill show you how to use the supported tool, PowerPoint to achieve comparable results.
If you are using Prezi or a similar service, discontinue its use and remove any UCSF data from the service immediately. When dealing with patient health information, follow HIPAA’s “minimum necessary” requirement. Minimum necessary means limiting the use or disclosure of, and requests for, protected health information to the minimum necessary to accomplish the intended purpose (i.e. remove names, MRNs, and other identifiers that are not needed).
We understand the appeal of free and low-cost cloud services, but the risks to UCSF data and the privacy of our student and patients’ health information outweigh the perceived benefits of such services.
Written by: Tom Poon, Interim Chief Privacy Officer
Patrick Phelan, Chief Information Security Officer