The WMU Sensitive Data Guide shows the various WMU-managed data storage or application solutions that could be used to store data elements as outlined in the University's Data Classification Policy. These tables shall be used to determine the best possible and most secure solution when storing classified university data. Please note that many information systems and applications exist throughout the University that are not listed here that have been approved for the various classifications of university data through the Technology Compliance Review process.
- For research data and compliance, please see Research Policies and Procedures.
- If you are unsure about the collection, storage, and use of data, please submit an Information and Data Security Inquiry.
Legend
| Code | Permission | Instructions |
|---|---|---|
Y | Permitted | Review the University Data Classification Policy. |
N | Not Permitted | Take no action. |
HCE | Permitted for HIPAA-covered entities | Review the University Data Classification Policy. Review University HIPAA policy. |
WMU-Managed Applications and Data Storage
| Application/data storage | HIPAA/PHI | Restricted | Confidential | Internal | Public |
|---|---|---|---|---|---|
| Adobe Creative Cloud (WMU) | N | N | N | Y | Y |
| Banner Student Information System (SIS) | N | Y | Y | Y | Y |
| Cognos | N | Y | Y | Y | Y |
| Departmental file shares | HCE | Y | Y | Y | Y |
| Elearning | N | N | Y | Y | Y |
| Google Workspace (WMU) | N | N | N | Y | Y |
| ImageNow/Perceptive Content | N | Y | Y | Y | Y |
Kronos | N | N | Y | Y | Y |
Microsoft 365 (W-Exchange) including Outlook, OneDrive, Teams, etc Desktop applications with full disk encryption | HCE | N | Y | Y | Y |
| PeopleSoft | N | Y | Y | Y | Y |
| Individually owned computers, devices, and cloud storage | N | N | N | N | N |
| Qualtrics (WMU) | HCE | N | N | Y | Y |
| Salesforce (WMU instances) | N | Y | Y | Y | Y |
| Webex (WMU) | HCE | N | N | Y | Y |
| Websites (University CMS) | N | N | N | Y | Y |
| Websites (Externally hosted) | N | N | N | Y | Y |
| University Owned Devices (I.e. Phone, laptop, flash drive, hard drive) *with full disk encryption | HCE | N | N | Y | Y |
Supporting Documentation
- CISCO Webex HIPAA Business Associate Agreement with Western Michigan University
- Google Workspace Acceptable use policy
- Microsoft 365/W-Exchange Acceptable Use Policy
- Microsoft HIPAA Business Associate Agreement with Western Michigan University
- Microsoft HIPAA/HITECH Act Implementation Guidance
- Qualtrics HIPAA Business Associate Agreement with Western Michigan University
- Qualtrics HITRUST Letter of Certification