What you need to know

The following recommendations apply to all mobile devices, including both personally and UCSF-owned mobile devices, used for UCSF business.

Mobile devices include, but are not limited to:

• Smartphones and tablets
• Text pagers
• Cell phones
• Removable storage (e.g., USB memory sticks, CDs/DVDs/tapes)

Recommendations

1. Avoid storing P-3 or P-4 data on mobile devices entirely. However, never store PHI on a personal device.  Access UCSF PHI from personal devices only with approved tools such as Haiku and Canto.
2. Never leave mobile devices unattended or in vehicles. Maintain appropriate physical security for mobile devices. Use cable locks when possible.
3. Only use PIN/password-protected encrypted devices.   
4. Enable all the security features the device has.
5. Report the loss or theft of a mobile device as soon as possible to the UCSF Police at 415-476-1414.

We also recommend using only UCSF devices to perform UCSF business. If you must use a personally owned device for UCSF business, you MUST comply with the UCSF Minimum Security Standards (/policies/ucsf-minimum-security-standards-electronic-information-resources).

Device Encryption

Among other requirements, you must encrypt your personal device. For instructions on encrypting your personal device, visit Device Encryption.

If you have questions or need additional information, please contact IT Customer Support at 415-514-4100.