Institutional Data Use by Service and Activity
The table below outlines the highest-level classifications of data that can be utilized for core technical services and activities at the university and Wexner Medical Center. This resource replaces the "Permitted Data Usage By Activity" and "Permitted Data Usage By Service" documents, providing you with up-to-date and comprehensive information in one location.
More information about data classificiation levels can be found on the Institutional Data Policy webpage. If you have questions or need further assistance, please reach out to the Data Governance team at DataGovernance@osu.edu.
| Service / Activity | University | Wexner Medical center |
|---|---|---|
| Amazon Web Services (AWS) | S4 | S4 |
| Azure | S4 | S4 |
| BuckeyeLearn | S3 | S3 |
| Carmen Canvas | S3 | S3 |
| DocuSign | S4 | S2 Note: Medical Center staff should contact Risk Assessment if your use case necessitates sharing S3 and/or S4 data |
| Epic | S4 | S4 |
| OnBase | S4 | S4 |
| OneDrive | S4 | S4 Note: Can only be used for internal file sharing |
Ohio State-Managed Network Storage (Includes any storage managed by departments, such as a K drive) | S4 | S4 Note: S3 and S4 data should be stored in a password-protected or restricted folder |
| Outlook | S4 | Internal Use: S4 External Use: S4. Medical Center staff should follow the approved data sharing methods at this link for S3 and S4 data (a Medical Center username and password is required to access the linked document). |
| PowerBI | S4 | S4 Note: It is preferred to use Tab for the Medical Center |
| Qualtrics | S4 | S4 Note: Not approved for HIPAA data, only RHI (i.e., research data). It is suggested to use REDCap instead. |
| REDCap | S4 | Grey: S3 Scarlet: S4 Black: Specific Use Cases Only (This application is 21 CFR Part 11 capable) |
| Salesforce | S4 | S4 |
| SharePoint | S4 | S4 |
| Tableau | Public Host: S1 Tab: S4 | S4 |
| Teams | S4 | S4 Note: External collaborators for Medical Center work can be added by following the process outlined at this link (a Medical Center username and password is required to access the linked document). |
| Workday | S4 | S4 |
| Zoom | S3 Note: Not approved for HIPAA data | S2 Note: Medical Center staff should contact Risk Assessment if your use case necessitates sharing S3 and/or S4 data. |