What you need to know

The following recommendations apply to all mobile devices, including both personally and UCSF-owned mobile devices, used for UCSF business.

Mobile devices include, but are not limited to:

• Smartphones and tablets
• Text pagers
• Cell phones
• Removable storage (e.g., USB memory sticks, CDs/DVDs/tapes)

Recommendations

1. Avoid storing confidential data on mobile devices entirely. Consider a more secure alternative method for storing confidential or protected health information. UCSF-protected servers should be the first option for storage of confidential or electronic protected health information (ePHI).
2. If you can't avoid using confidential data on a mobile device, store only the minimum amount of data necessary to do your work and remove it as quickly as possible.
3. Never leave mobile devices unattended or in vehicles. Maintain appropriate physical security for mobile devices. Use cable locks when possible.
4. Only use PIN/password-protected encrypted devices.   
5. Enable all the security features the device has.
6. Report the loss or theft of a mobile device as soon as possible to the UCSF Police at 415-476-1414.

We also recommend using only UCSF devices to perform UCSF business. If you must use a personally owned device for UCSF business, you MUST comply with the UCSF Minimum Security Standards (/policies/ucsf-minimum-security-standards-electronic-information-resources).

Device Encryption

Among other requirements, you must encrypt your personal device. For instructions on encrypting your personal device, visit Device Encryption.

If you have questions or need additional information, please contact IT Customer Support at 415-514-4100.