Use of Personal Device Volunteer Parameters
Definitions:
- "PHI": Protected Health Information (includes identifiable information that pertains to any patient or study participant)
Volunteers and/or UCLA SRP students who will be using their Personal Device (i.e. laptop, mobile device/phone, etc.) for their assignment as approved by their supervisors, must ensure that usage are within the following parameters:
COVID-19 UPDATE: In accordance and support with the campus and health sciences guidelines, all in-person and onsite volunteering are temporarily PAUSED.
- Remote Volunteering (restrictions and other approvals apply, see below) are optional for those eligible and have completed the clearance process. (VPN access are not permitted)
NOTE: VPN is not permitted to be granted to Volunteers or UCLA SRP students. You do NOT need VPN to perform any of the outlined appropriate remote volunteer duties as listed on this webpage.
Usage, Proof of Encryption, and Anti-Virus Software (SOPHOS) Installation of a personal Laptop must be indicated on your Volunteer Personal Device Form and sent to the designated program coordinator. Proof can be sent in the form of one of the following:
- Email Confirmation from UCLA Health IT
- Screenshot/Photos of Encryption and Anti-Virus Software installed and active
- Physical Confirmation from UCLA Health IT
To Encrypt you Personal Device (VPN is NOT PERMITTED): https://mednet.uclahealth.org/device-security-toolkit/
To Install Anti-Virus Software (SOPHOS): https://www.it.ucla.edu/bol/software-downloads/sophos-antivirus
HS 9453-C Device and Removable Media Encryption: https://www.uclahealth.org/compliance/guidance-policies
Airwatch (Intelligent Hub) installation is required for use of a personal Mobile Device to access Mednet Outlook:
- Departments must ensure Airwatch is properly installed before volunteer/student uses the device for Mednet access.
- NOTE: Airwatch does NOT permit volunteer/students to access identifiable information of patients or study participants.
- The UCLA Health Sciences Volunteer Office can provide Airwatch licenses for approved volunteers/students.
What are NOT permitted even if personal device is properly UCLA Health encrypted and anti-virus software (SOPHOS) installed:
- Volunteers/SRP Students are NOT permitted to access or store any clinical data or identifiable information (i.e. PHI, Care Connect/EPIC, UCLA Health BOX with PHI, information which can identify or trace back to the individual, etc.) on personal devices or remotely.
- Volunteers/SRP Students are NOT permitted to be granted VPN Access to Health System (Mednet) server.
- Volunteer/SRP Students are NOT permitted to share login information, passwords, or any restricted or UCLA-owned data/information to outsiders or each other. Sharing de-identified UCLA-owned research data requires PI's consent.
UCLA Health IT encrypted and anti-virus software (SOPHOS) installed personal devices (Airwatch for mobile devices) can be used for the following purposes:
- Non-Clinical (de-identified) data access and storage (data and information must be removed from device once your assignment officially ends).
- Access to non-PHI databases and systems which requires Mednet ADlogin such as Redcap, UCLA Health BOX, etc.
- Non-PHI university related business such as accessing Mednet through the web browser (https://mednet.uclahealth.org/), UCLA Health BOX documents and forms, etc.
UCLA Health IT Encryption is not required if the volunteer/student is using their personal device for non-UCLA Health Sciences related purposes such as:
- Browsing the internet
- Searching through public libraries
- Conducting publically accessible literature review
