Please see UCSF Policy 650-16 Addendum F, UCSF Data Classification Standard for more information regarding UCSF’s data classification standard:
If you don’t either don’t have a Wynton HPC account or if you already have a Wynton account, but it is not authorized to use PHI:
A link will be emailed to a Statement of Responsibility form that all users applying for PHI access must sign agreeing to the responsibilities of handling PII and/or PHI data, take the training in the handling of PII/PHI data, and keep the training up to date.
The Principal Investigator (PI) is responsible for all PHI data
Additionally, the following rules apply to PIs using PHI on Wynton or approving users that use PHI on Wynton:
The PI must notify Wynton of any approved users whose access needs to be removed or is no longer required
The PI must notify Wynton of any users who have transferred departments and no longer require access to study data
The PI must notify Wynton when departing UCSF and transfer to another UCSF owner or archive their projects and data
The PI is responsible for ensuring that any user added to a Wynton PHI project that requires IRB approval, is listed on the IRB
The PI is responsible for classifying and taking inventory of data within their Wynton PHI project
The PI must notify Wynton of any change in security requirements in research agreements to Wynton admins
Read and comply with the Wynton HPC User Agreement and Disclaimer
Abide by the statement of Wynton HPC Purpose, Principles and Governance
User end points (e.g. laptops and desktops) connecting to Wynton must meet UCSF Minimum Security Standards for Electronic Information Resources
PHI users must use PHI-specific nodes on Wynton;
PHI users must not use any of the non-PHI-compliant nodes on Wynton, including log1, log2, dev1, dev2, dev3, dt1, and dt2.
Data containing PHI must not be transferred to, mounted on, or processed with any Wynton HPC cluster resources outside of the PHI-designated
PHI users must use data-transfer nodes pdt1 and pdt2 for all file transfers to and from the cluster, including when using Globus
If you have questions regarding the security status of your data, please contact the UCSF Privacy Office
Q. What if I want to share data between
/wynton/protected/group (PHI) and
/wynton/group (non-PHI) directories?
A. Users with PHI access still have access to
/wynton/group, as do Wynton non-PHI users. However, PHI data should never be stored under
/wynton/group and PHI data should never be shared with a user who does not have PHI access.