Data Security

Need to send PHI electronically? 

• Share the file from BU SharePoint/OneDrive
• Share the file from BU Teams or BU Zoom using the chat function
• Use a BU HIPAA Compliant Outlook Account (has extra controls, including one-year auto deletion of all emails)
  • Submit a ticket to ithelp@bu.edu to make a BU Outlook account HIPAA-compliant

Need to contact patients? 

To maintain a professional relationship with our patients, we never use personal phone numbers or accounts.  This ensures provider safety and compliance with HIPAA and state law.

• BU Desk Phone
  • BU desk phone extended to personal cell phones/devices using BU Cisco Webex or purchase a Cisco phone #
• BU Cell Phone
  • Used to call patients—can never text patients
  • Not encrypted and cell phone companies don’t sign HIPAA Business Associate Agreements
• BU Zoom
  • Meeting, chat feature, or call with Zoom phone number purchased through ithelp@bu.edu
• BU Microsoft Teams
  • Call, chat/text, video conference (free transcription), and share files

If you are using Teams, Zoom, or another app containing HIPAA data on a phone, you must have password or passcode protection and disable cloud sync to Google or Apple 

• For Apple Phones:
  • Disable Apple Cloud Sync for each HIPAA app
  • https://support.apple.com/en-us/108922#:~:text=iPhone%20or%20iPad-,Go%20to%20Settings%20%3E%20%5Byour%20name%5D%20%3E%20iCloud.,t%20want%20to%20back%20up
• For Google Phones:
  • Turn off auto-sync for each HIPAA app
  • https://support.google.com/pixelphone/answer/2840875?hl=en&ref_topic=7084099&sjid=14861714513012524468-NA