University of California policy and standards require sensitive data to be encrypted. Sensitive data is data classified as needing Protection Level 3 or 4 (P3 or P4). See the
University of California data classification page
for details. Protected Health Information (PHI) is always classified as P4.
Use Microsoft Teams as a secure platform for sharing information.
Once you’ve created an encrypted file, you need to provide the password to the recipients. The passwords and credentials need to be in different communication channels. For example, if the files are emailed, either text or call the recipient to share a password. Or, if files are shared in Microsoft Teams, share the password using another application, (do not use Teams Chat).
Data files need to have retention requirements defined. Once a file with protected information is processed and no longer needed, the file should be deleted. That applies to the source files, including messages in the Sent Items folder, and to received files in the Inbox or Downloads folder. If an archive is required, a department share, or SharePoint site are the preferred locations. Purging files with protected information reduces the risk to UC San Diego Health in the event of unauthorized access.