UCSF Data Classification Standard & Restricted Data Types
First step: Wynton accounts
- If you either don’t have a Wynton HPC account or if you already have a Wynton account, but it is not authorized to use PHI:
- A link will be emailed to a Statement of Responsibility form that all users applying for PHI access must sign agreeing to the responsibilities of handling PII and/or PHI data, take the training in the handling of PII/PHI data, and keep the training up to date.
- Important: The email address associated with a new Statement of Responsibility must exactly match the user’s original email address.
Wynton PHI PI responsibilities
- The PI is responsible for all PHI data
- Additionally, the following rules apply to PIs using PHI on Wynton or approving users that use PHI on Wynton:
- The PI must notify Wynton of any approved users whose access needs to be removed or is no longer required
- The PI must notify Wynton of any users who have transferred departments and no longer require access to study data
- The PI must notify Wynton when departing UCSF and transfer to another UCSF owner or archive their projects and data
- The PI is responsible for ensuring that any user added to a Wynton PHI project that requires IRB approval, is listed on the IRB
- The PI is responsible for classifying and taking inventory of data within their Wynton PHI project
- The PI must notify Wynton of any change in security requirements in research agreements to Wynton admins
Wynton PHI user responsibilities
- Read and comply with the Wynton HPC User Agreement and Disclaimer
- Abide by the statement of Wynton HPC Purpose, Principles and Governance
- User end points (laptops/desktops) connecting to Wynton must meet UCSF minimum security standards
- PHI users must use PHI-specific nodes to connect to Wynton
- login/data transfer:
- Data containing PHI must not be transferred to, mounted on, or processed with any Wynton HPC cluster resources outside of the PHI-designated
- If you have questions regarding the security status of your data, please contact the UCSF Privacy Office
Frequently Asked Questions (FAQ)
Q.. Is data on Wynton backed up?
A.. Data on Wynton is not backed up, users and labs are responsible to back up their own data outside of Wynton HPC.
Q.. What is I want to share data between
/wynton/protected/group (PHI) and
/wynton/group (non-PHI) directories?
A.. Users with PHI access still have access to
/wynton/group, as do Wynton non-PHI users. However, PHI data should never be stored under
/wynton/group and PHI data should never be shared with a user who does not have PHI access.