Skip to Content
Stanford Medicine Technology & Digital Solutions

United for Better Health
Stanford Medicine

Explore Stanford Medicine

  • Health Care
    • Find a doctor

    • Adult-care doctor
    • Pediatrician or pediatric specialist
    • Obstetrician
    • Clinics & Services

    • Adult care
    • Pediatric care
    • Obstetrics
    • Clinical trials
    • Locations

    • Stanford Health Care
    • Stanford Children's Health
    • Emergency Department
    • Dial 911 in the event of a medical emergency

    Explore Health Care

    Learn how we are healing patients through science & compassion

    Back
  • Research
    • Basic science departments
    • Clinical science departments
    • Institutes
    • Research centers
    • See full directory
    • Research Resources

    • Research administration
    • Academic profiles
    • Clinical trials
    • Funding opportunities
    • See all
    • Professional Training

    • Postdoctoral scholars
    • Clinical research fellows

    Research News

    Neuroscientist Michelle Monje awarded MacArthur 'genius grant'

    Neuroscientist Michelle Monje awarded MacArthur 'genius grant'

    Explore Research

    Learn how we are fueling innovation

    Back
  • Education
    • MD program
    • PA Programs
    • PhD programs
    • Masters programs
    • Continuing Medical Education
    • Postdoctoral scholars
    • Residencies & fellowships
    • High School & Undergraduate Programs
    • See all
    • Education Resources

    • Academic profiles
    • School Administration
    • Basic science departments
    • Clinical science departments
    • Alumni services
    • Faculty resources
    • Diversity programs
    • Lane Library
    • Student resources

    Education News

    Alice L. Walton School of Medicine and Stanford Medicine host AI conference on community health

    Alice L. Walton School of Medicine and Stanford Medicine host AI conference on community health

    Explore Education

    Learn how we empower tomorrow's leaders

    Back
  • Give

    Support Stanford Medicine

    • Support teaching, research, and patient care.

    • Ways to give
    • Why giving matters
    • Make a gift online

    Support Children's Health

    • Support Lucile Packard Children's Hospital Stanford and child and maternal health

    • Ways to give
    • How your gift helps
    • Make an online gift
    Back
  • About
    • About us
    • News
    • Contacts
    • Maps & directions
    • Leadership
    • Vision
    • Diversity
    • Global health
    • Community engagement
    • Events
    • How you can help

    Stanford School of Medicine

    Stanford Health Care

    Stanford Children's Health

    Back
  • Site Search

Cloud Computing

Cloud Security Practices at Stanford School of Medicine

To help address the security risks involved with cloud computing, the School of Medicine has created a set of best practices. If you are interested in using cloud services, here's what you can do:

  1. Consult the University's Data Risk Classification page to confirm what level of information you're looking to use with cloud services.
  2. Check whether the company or product you're interested in using is already on the list of approved services. If not, submit a Data Risk Assessment (DRA) to request a review of the service.  Other items that will need to be reviewed include the Service Level Agreement (SLA) process for each cloud service vendor company you'd like to engage. We will help to ensure that the SLA addresses issues that could potentially affect you and your data, including the monitoring of your data and ensuring that the service provider performs regular vulnerability scans
  3. If you are using cloud services while meeting data handling requirements, make sure that your group clearly documents policies and procedures for using the service.
  4. Also look at the University's Cardinal Cloud service to see if this UIT supported service could meet your requirements.

Approved Cloud Services for Each Level of information

For the current chart of services approved for Stanford based on risk, visit the Stanford Risk Classification page.)

 

Cloud Computing: An Overview

Today, there are many services that let you store your files "in the cloud," and access them from anywhere. For example, Dropbox, Box.net, GoogleDocs, GoogleDrive, MobileMe and iCloud are popular and inexpensive cloud services used everywhere. Even Gmail is considered a cloud storage method. These services are very useful, but sometimes they can be about as secure as... storing something inside an actual cloud (i.e., not very secure). Cloud computing services have opened unlimited opportunities to users while creating unlimited risks to those users' data.

Today, an organization or even an individual can have the equivalent of an entire data center's infrastructure, just by using a cloud-based service. It can potentially save thousands of dollars and man-hours, and might even be completely free. But there are security issues that must be addressed before these services can be verified as truly secure.

Some of the Security Issues

Users of cloud-based services must be willing to give up control and visibility to cloud service providers. Specifically:

  • The user cannot know precisely who and what may be accessing their data, and has no way to monitor any of these actions.
  • The user cannot be sure that specific actions they think they are performing are in fact happening as expected. (For example: a user may attempt to delete his/her own data, but the cloud service provider may be keeping a secondary copy of the data that would still remain on the servers.)

Regulations

There are two specific legal issues that provide cloud security challenges for the School of Medicine:

  • HIPAA-protected information must reside within the United States and cannot be exported. By using a cloud service provider, the user of the data does not know specifically where his/her data is housed. Many cloud service providers have data centers throughout the world, and it is very possible that data stored with the cloud service provider may be housed outside the United States.
  • Any company handling HIPAA-protected information must sign a Business Associates Agreement (BAA), accepting responsibility for the protection of that information while in the company's care. Cloud service providers, particularly those that offer free services, are often unwilling to sign a BAA.

How CAN I use cloud storage properly?

You might use cloud-based services to store your own personal files that don't contain sensitive information, and files that only contain publicly available data (that is, data not classified as Moderate or High Risk).

For Stanford information, the University has created agreements with certain cloud services providers, and there is an approved list of services for information with different levels of risk. See above for a list of approved services, or check the Risk Classifications page's list.  Information Security Services and the University Information Security Office are working on finding additional secure cloud solutions, and some new services may soon be approved for University business. 

If you have more questions about handling sensitive information, see the Stanford Risk Classification page, and visit the UIT Information Security page. And remember, when in doubt, DON'T.

For Help:

For questions about how to handle your information, contact TDS Service Desk (call 725-8000 or visit tdshelp.stanford.edu. ).

Quick Links

On This Page

Resources

TDS Information Security Services:
File a HelpSU Request

University IT Website: uit.stanford.edu

TDS Service Desk: 5-8000 (7am - 6pm, M-F)

File a Help Ticket
United for Better Health
  • Desktop Computing
    • IT Support
      • Requesting IT Support
      • New Computer Setup
      • Printer Setup
      • Print Resources
      • Maintaining Your Computer
      • Hardware Support
      • Software Support
      • Server Support
    • Tech Bar
    • Recommended Software
    • Computer Recommendations
    • Mobile Devices: Apple
    • Printer Recommendations
    • Using Clinical Applications & Data
    • Network Access
      • Policies
      • Off-campus Access
      • Gaining Access to the Network
      • Guest Access
      • How to find the Hardware Address of Your Device
      • Wireless Access
    • Jamf Endpoint Management (12/1/2020)
      • Jamf at SoM FAQ
    • Computer Health
  • Research Technology
  • Web Services
    • Websites
  • Application Services
    • Internal
  • Business Analytics
  • Infrastructure Services & Communications
    • Firewalls
    • Desk & Mobile Phones
      • VoIP Transition
      • VoIP Deployment Schedule
    • Web Conference & Video
    • Networking
      • Network Details, Performance, & Testing
      • 802.11b Wireless Coverage
      • Off-Campus Network Access
    • Server Management
      • System Administration
      • Basic Hosting
      • Service Level Agreement
      • Facilities: Data Center
      • Customer Status Report
    • Cloud Infrastructure
    • Application & Database Management
    • TDS Infrastructure Security Services
  • Information Security Services
    • I Need Help!
      • FAQ: Information Security Services
      • I Have a Compliance Issue
      • New to Stanford?
      • Leaving Stanford?
    • Equipment and Device Security
      • Securing Other Devices
      • Backup My Data
      • USB External Drives and Encryption
      • Unsupported Systems
      • MDM (Mobile Device Management)
      • AMIE Attestation
    • Handling Stanford Information
      • Research & Security
      • Share, Send & Store
    • Connecting Securely: Secure Networks and VPN
      • Stanford LAN Extension (SLE)
      • VPN Service
      • Unsupported Systems
      • Protected Networks
      • Firewalls
    • Good Practices for Everyday Security
      • Passwords and Passphrases
      • Security Quick Reference Guide
    • FAQ: Information Security Services
  • About Us
    • The TDS Team
    • Maps & Directions
      • Porter Drive
    • Key Contacts
  • Help
  • Administrative Technology
    • Guide to Administrative Systems at Stanford
    • LPCH Admin Guide to Managing Stanford Calendars
    • School of Medicine Business Intelligence Program
    • Guide to Systems By Topic
    • Acquiring or Developing a New Administrative System
    • Request a Consultation for Administrative Systems
    • Scheduled Standard Reporting
    • Scheduled Standard Reporting: Fixed Schedul
  • Collaboration Tools
    • Collaboration Tools
  • Extended Operations

Technology & Digital Solutions

Stanford Medicine

News

Careers

Contact

Health Care

Stanford Health Care

Stanford Children's Health

Stanford School of Medicine

About

Contact

Maps & Directions

Careers

Basic Science Departments

Clinical Science Departments

Academic Programs

Vision

Find People
Visit Stanford
Search Clinical Trials
Give a Gift
©2025 Stanford University
  • Privacy Policy
  • Terms of Use
  • Accessibility
  • Non-Discrimination
  • See us on Facebook
  • See us on X (Twitter)

Non-Discrimination

Stanford complies with all applicable civil rights laws and does not engage in illegal preferences or discrimination.
Stanford's Non-Discrimination Policy

  • Stanford University
  • Stanford School of Medicine
  • Stanford Health Care
  • Stanford Children's Health
  • Stanford Health Care Tri-Valley
  • Stanford Medicine Partners