Report a New Application

UCSF employee responsible for business purpose of application, typically a senior manager or faculty member.
Used to describe the application
UCSF employee responsible for routine management of application, may also perform application administrator functions, such as adding/deleting users.
Individual responsible for administration of the application.
The company that makes the application.
The manufacturer's name of the application (this might not be the same name used by UCSF).
Version installed.
Business includes finance, HR, IT, etc.
Identifies where the application is hosted. 3rd Party includes vendor, cloud, or partner institution.
Defines the number of people using the application.
Protected Health Information (PHI) is health information, paired with anything that identifies a patient (e.g., name, MRN, SSN, photo, phone number, address). The 18 personal identifiers (defined by HIPAA) are listed on https://it.ucsf.edu/policies/18-protected-health-information-identifiers.
Personally Identifiable Information (PII) is an individual's first name or first initial and last name in combination with any one or more of the following data elements: 1) Social security number, 2) Driver's license number or California Identification Card number, 3) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account, 4) Medical information, 5) Health insurance information, 6) Email address.
Student records include, but are not limited to, academic evaluations, including student examination papers, transcripts, test scores and other academic records; general counseling and advising records; disciplinary records; and financial aid records, including student loan collection records.
Payment Card Industry Data Security Standard (PCI-DSS) applies to any application or infrastructure that stores, processes, or transmits Cardholder Data and/or Sensitive Authentication Data. Cardholder Data is defined as the full Primary Account Number (PAN) or the full PAN along with any of the following elements: Cardholder Name, Expiration Date, or Service Code. Sensitive Authentication Data includes: Full track data (magnetic-stripe data or equivalent on a chip), CAV2/CVC2/CVV2/CID, PINs/PIN blocks.