Data Security

Microsoft Teams is an effective and convenient tool for communication (i.e., calling, texting, video conferencing, and file sharing) and comes with free HIPAA compliant transcription. Please look at our New Policies to ensure professional relationships with Patients and Research Participants. 

Follow our guidance on securing your devices and use approved Data Storage and Research Apps


HIPAA Limited Data Sets or anonymized data (BU Data Classification – Confidential) can be processed on our Shared Computing Cluster (SCC4).  SCC staff or the data provider (e.g., BMC Clinical Data Warehouse) can help you limit the data to that allowed by law: dates (e.g., DOB, dates of treatment), city, and zip code.  All other identifiers, including email, phone, pic/video of face, medical record # must be removed or left on Restricted Use network drive (e.g., BUMC Y Drive, RU-NAS).     

A completely de-identified data set requires removal of all identifiers.  See U.S. Department of Health and Human Services, Office for Civil Rights guidance on de-identification.

  • If data is completely de-identified it is classified as Public Data.


Reminders and Updates

Jul 2022 Security Reminder – Teams

May 2022 Security Reminder – Sending Patient Data Electronically

Mar 2022 Security Reminder – Reporting An Incident

Oct 2021 Security Reminder – Email Best Practices

Sep 2021 Security Reminder – Phishing

Jun 2021 Security Reminder for HIPAA Contacts – Inventory

May 2021 Security Reminder – Communications with Patients and Research Subjects

Mar 2021 Security Reminder – HIPAA Policies for Healthcare Providers

Feb 2021 Security Reminder-Patient Authorized Services

Nov 2020 Security Reminder – Removing Access Immediately

Jul 2020 Security Reminder – HIPAA Compliant Services