Data Storage Guide - Where to store your data

This document provides guidance on data storage services available to Surgery faculty and staff. It defines basic characteristics of the services supported locally or through UW-Madison and will help you plan your data storage strategy. To stay current with changes in the storage services available to you, Surgery IT will review and update this document six times annually. To learn about UWHealth storage resources, please submit a Service Now request from Uconnect.

How to use this guide 

This guide defines the data sensitivity level in terms of color.  Match the color of the type of data with the service name that corresponds to the data sensitivity approved by the service.  If your project has multiple classifications of data, choose the service that supports your most restricted classification.  For example, Surgery’s network storage is approved for Restricted Data (PHI) and that approval extends to all other data classifications. 


Color Table: 

Restricted Data (Red) |  Sensitive Data (Yellow) | Internal and/or Public Data (Green) | Use with Extra Precautions (Blue) | Unsupported but In Development (Grey)


Service Name 

Description 

Recommended For 

Data Protection and Security 

Notes 

Surgery Network / LAN 

Internally hosted and controlled data volumes. Data is encrypted at rest and physically secure. 

 

Users access the data via lettered drives (F:\ etc.) on managed workstations and via our secure Citrix services for remote access. 

 

 

Fast storage and retrieval, internal sharing with other Dept. of Surgery employees, and long-term storage of all types of data including PHI. 

Data backed up daily and supplemental tape backups stored offsite for a minimum of 7 years.  

 

File salvage allows recovery of accidental deletions with the help of Surgery IT staff. 

 

Users have unique accounts that allow them to only access data for which they have been authorized.  

Access internally on Department of Surgery computer with Surgery credentials. 

 

Access externally using the campus VPN (Global Protect) on a Surgery supported computer. Requires additional configuration by Surgery IT staff. 

 

Alternate external access is Surgery Remote (https://remote.surgery.wisc.edu) or through a supported Remote Desktop connection. 

Restricted Drive 

5TBs of UW-Madison provided data storage for PIs. Managed by campus and permissions controlled by UW-Madison NetID 

 

This is the version of Research Drive that supports PHI. 

Long term bulk storage of data including PHI. 

 

Data stored on Research Drive is automatically backed up daily and replicated offsite for additional data protection. Snapshots are taken once a day and kept for 14 days and then weekly snapshots are kept for an additional five weeks. 

Please consult with Surgery IT prior to requesting the service. The request is a joint venture between the Requestor, Surgery IT, and the Office of Cybersecurity. 

 

For additional details, see Restricted Drive FAQ 

UW-Madison funded file storage and collaboration service to store PHI.  It is available for UW–Madison staff to share PHI data with collaborators when a departmental solution is not available.  The amount of data storage available is less than 50GB. 

Store and share small PHI data sets with approved internal and external collaborators. 

High security settings and tracking done by your local IT Department preventing outside entities from accessing your PHI. 

Please consult with Surgery IT prior to requesting the service. The request is a joint venture between the Requestor, their IT department, and the Office of Cybersecurity. 

Service Name 

Description 

Recommended For 

Data Protection and Security 

Notes 

ELN (Electronic Lab 

Notebook)* 

UW-Madison provided Lab Archives notebook. 

High-availability data across multiple devices via web-friendly interface. 

PHI compliant when secured through Office of Cybersecurity. 

Research Drive 

5TBs of UW Madison-provided data storage for PIs. Managed by campus and permissions controlled by UW Madison NetID 

It is suited for a variety of research purposes, including backup, archive, storage for data inputs/outputs of research computing.  

 

Share data with anyone on or off campus using campus-managed permissions. 

Security features based on the NIST Cybersecurity framework including off-site backups, encryption and monitoring by the Cybersecurity Operations Center.  

Please consult with Surgery IT prior to requesting the service. The request is a joint venture between the Requestor, Surgery IT, and the Office of Cybersecurity. 

 

For additional details, see Research Drive FAQ. 

Sharepoint* 

SharePoint is a web-based collaborative platform that integrates with Microsoft Office software.  Up to 2TBs of storage per site. 

For team and division file storage, collaborative file editing, lists, and document libraries. 

Data protected on Microsoft’s storage platform.  Deleted files remain in site Recycle Bin for up to 60 days.  

Accessible via browser, desktop client, tablet, and mobile devices with NetID login. 

OneDrive 

OneDrive is a cloud-based hosting service operated by Microsoft. It allows users to store up to 2TB of data in the cloud. Files can be synced to a PC and accessed from a web browser later.  

Users can share public data with other non-UW users. 

Files stored in OneDrive are only visible to you unless you decide to share them. 

Accessible via browser, desktop client, tablet, and mobile devices with NetID login. 



Service Name 

Description 

Recommended For 

Data Protection and Security 

Notes 

Box 

With Box users can store and share documents, photos, research materials and other files for collaboration. Box also allows users to simultaneously edit Microsoft Office documents. 

Share or store public data with a max capacity of 50 GB. Great for collaborating.   

 

Accessible via browser, desktop client, tablet, and mobile devices with NetID login. 

 

G Suite (Google) 

G Suite is a collection of cloud-based productivity apps and collaborative tools. These apps include Google Drive, Docs, Sheets, Hangouts Meet, Hangouts Chat, and more. 

Unlimited data storage for public data. 

Should not be used by users interacting with electronic PHI protected by HIPAA regulations. 

 

Accessible via browser, tablet, and mobile devices with NetID login. 

Portable Devices 

See Portable Devices section below. 

 

 

 

Affiliates (AWS, GCP, Azure, SSCC) 

These are in development and will appear in future iterations of this document. 

 

 

 

Not supported 

Dropbox, iCloud, Personal Cloud Storage services 

 

 

These services are not licensed through UW-Madison and Surgery IT is unable to support them. 

*  Additional security controls are required to make this service PHI compliant.  See the service’s notes section or contact Surgery IT for more details. 


STORING AND ENCRYPTING PHI ON A PORTABLE DEVICE 

 

  • Only use USB drives that provide built-in hardware encryptionContact Surgery Help for more information about encrypted portable drives and where to get one. 

  • Any portable device that will store PHI must be registered and managed by Surgery IT. 

  • Mobile Devices (e.g. iPhone, iPad) used to access any UW data (including Office365 email) must be secured with at least a PIN lock to encrypt the device. 

 

PORTABLE DEVICES – Laptops, tablets, smartphones 

Portable devices, such as laptops make it easy to conduct work outside of the UW-Madison, but it is important to observe the risks and consequences of using these devices. For this reason, please take the following precautions: 

  • All portable devices used for School of Medicine purposes must be approved and registered with Surgery IT and must be safeguarded from theft. 

  • Any loss or theft of a device must be reported immediately to Surgery IT or HIPAA Security Officer. 

  • All computers used for School of Medicine purposes must be managed and security-configured by Surgery IT. 

  • No portable devices used for School of Medicine business purposes may be shared with anyone unauthorized to access PHI, including family members. 

  • When you no longer need the portable device for work purposes, please contact Surgery IT for proper disposal or removal of data. 

 

PLEASE AVOID STORING DATA IN THESE LOCATIONS 

Technology makes accessing storage services very easy. And, as the data classification becomes more restricted, the data storage service for that data may require more steps to access. We understand that these extra steps add to workflows. However, to ensure our compliance with the data we are authorized to access and store, please avoid storing data in these locations: 

  • Local drive (C:\), Desktop or in the “MDocuments” folder – These locations are not regularly backed up and could result in data loss. 

  • Dropbox, iCloud, or any other third-party cloud-based service. 

  • Unsecured, unencrypted portable devices. 

 

REFERENCES 

 

 

SUPPORT 

 

Last Reviewed: 2/1/2021




KeywordsData Storage Guide   Doc ID112878
OwnerViviana P.GroupUW Surgery
Created2021-08-05 15:42:11Updated2021-08-06 14:15:50
SitesUW Department of Surgery
Feedback  0   0