UCSF IT Technology

The use of wireless networking provides a more versatile way to access the Internet, broadening the scope of mobile computing. With the added benefits of a wireless network, there comes additional responsibility and additional risk. Authorized Users must be aware of the inherent security issues that exist in a wireless environment. Caution must be exercised to ensure a safe, secure, and reliable computing environment and reduce the risk of a security incident.

The 18 Protected Health Information (PHI) Identifiers include:

By following application and website security best practices, application owners can take proactive steps to eliminate or significantly reduce vulnerabilities in software before deployment. These vulnerabilities potentially provide attackers with the ability to take control of a server or computer, which can result in the compromise of UCSF data and personal data, denial of service, loss of service or damage to a system used by thousands of users.

Standard has been moved to the UCSF IT Security Intranet Site.

An electronic communication holder's records may be inspected, monitored, or disclosed without the consent of the individual but with the approval of the authorizing Vice Chancellor (see Appendix A, Definitions) under the following conditions:

Many information security breaches do not occur through the Internet but because the device containing information is misplaced, lost or stolen.

UCSF complies with the provisions of the Digital Millennium Copyright Act (DMCA). If you have a concern regarding the use of copyrighted material on any site on the UCSF network, please contact the agent designated to respond to reports alleging copyright infringement.The current designated agent for the UCSF campus to receive notification of claimed infringement under Title II of the DMCA is on file with the U.S. Copyright Office.

The following recommendations apply to all mobile devices, including both personally and UCSF-owned mobile devices, used for UCSF business.Mobile devices include, but are not limited to:

The UC Electronic Communications Policy, Section IV, Privacy and Confidentiality, governs access to electronic communications records.  In most circumstances, it is better to obtain the consent from the record holder before accessing records.  However, consent is not required in every circumstance (See UCSF Implementation of the ECP - Access without Consent).

UCSF_Data_Classification_Standard_08-09-19 (PDF)Document Owner: Patrick PhelanDepartment Contact: UCSF IT SecurityIssue Date: 4/24/17Effective Date: 4/24/17Reviewed/Revised Date: 8/9/19