Summary
UT Health Science Center will only sanction the storage of FERPA-protected information, Protected Health Information (PHI), or other materials and information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in the Microsoft 365 environment if the account(s) storing and accessing the information are enabled with two-factor authentication (DUO).
Body
Summary
Microsoft 365 for Education — including OneDrive for Business and SharePoint Online — is approved for storing institutional data at UTHSC. Sensitive and protected data such as FERPA‑protected information, PHI, and HIPAA‑regulated materials may be stored in these services only when the account is protected with DUO two‑factor authentication and all applicable policies are followed.
Prerequisites
Instructions
- Use OneDrive for Business or SharePoint Online to store institutional data, including FERPA‑protected information and PHI.
- Ensure your UTHSC account is protected with DUO two‑factor authentication before storing or accessing sensitive/protected data.
- Follow all applicable policies:
- UT Acceptable Use of Information Technology Resources: http://policy.tennessee.edu/it_policy/it0110/
- Microsoft 365 Privacy Notice and Acceptable Use Policy (available in the Microsoft 365 Help menu)
- Be aware that Microsoft 365 is not a Covered Program under UT Safety Policy SA0575 - Programs for Minors.
- For guidance on storing sensitive/protected data, contact Cybersecurity at itsecurity@uthsc.edu or 901.448.1880.
Troubleshooting
- If you are unable to access OneDrive or SharePoint, verify DUO is functioning correctly.
- If you are unsure whether specific data qualifies as sensitive/protected, please contact Cybersecurity at itsecurity@uthsc.edu or 901.448.1880 for clarification.
- If you encounter permission issues in SharePoint, consult your site administrator or the Service Desk.
Additional Notes
Related Articles