Service Description
The MiStorage shared service provides scalable storage solutions to U-M students, faculty and staff. It is intended to provide cost-effective, easy-to-use storage for administrative and research data. MiStorage is available using the Common Internet File System (CIFS) protocol. MiStorage CIFS enables U-M system administrators to manage storage provisioning and access for their departments.
Compliance
MiStorage CIFS provides a secure environment to store most types of sensitive data. However, you still must exercise caution when storing sensitive data in MiStorage CIFS, which is not encrypted by default. Data is backed up for disaster recovery. MiStorage CIFS data may be moved to secure US-based AWS S3 cloud storage. Use of cloud storage in this way provides the same level of security as on-premise MiStorage CIFS.
In addition, MiStorage CIFS includes other safeguards required by HIPAA. Accordingly, you may use it to maintain Protected Health Information. Complying with HIPAA requirements is a shared responsibility. Users sharing and storing PHI in MiStorage CIFS are responsible for complying with HIPAA safeguards, including:
- Using and disclosing only the minimum necessary PHI for the intended purpose.
- Obtaining all required authorizations for using and disclosing PHI.
- Ensuring that PHI is seen only by those who are authorized to see it.
- Following any additional steps required by your unit to comply with HIPAA.
Social Security numbers (SSNs) should only be used where required by law or where they are essential for university business processes. If you must use SSNs, it is preferred that you use institutional resources designed to house this data, such as the Data Warehouse. Information Assurance (IA) can help you explore appropriate storage locations or work with you to appropriately encrypt the data if those alternatives will not work for you. (Contact IA via the ITS Service Center.)