What you need to know
The following recommendations apply to all mobile devices, including both personally and UCSF-owned mobile devices, used for UCSF business.
Mobile devices include, but are not limited to:
- Smartphones and tablets
- Text pagers
- Cell phones
- Removable storage (e.g., USB memory sticks, CDs/DVDs/tapes)
Recommendations
- Avoid storing confidential data on mobile devices entirely. Consider a more secure alternative method for storing confidential or protected health information. UCSF-protected servers should be the first option for storage of confidential or electronic protected health information (ePHI).
- If you can't avoid using confidential data on a mobile device, store only the minimum amount of data necessary to do your work and remove it as quickly as possible.
- Never leave mobile devices unattended or in vehicles. Maintain appropriate physical security for mobile devices. Use cable locks when possible.
- Only use PIN/password-protected encrypted devices.
- Enable all the security features the device has.
- Report the loss or theft of a mobile device as soon as possible to the UCSF Police at 415-476-1414.
We also recommend using only UCSF devices to perform UCSF business. If you must use a personally owned device for UCSF business, you MUST comply with the UCSF Minimum Security Standards (/policies/ucsf-minimum-security-standards-electronic-information-resources).
Among other requirements, you must encrypt your personal device. For instructions on encrypting your personal device, visit this page: /how_do/encrypt-my-personal-laptopdesktop-installation-guidelines.
If you have questions or need additional information, please contact IT Customer Support at 415-514-4100.