Ohio University

Sensitive Data: Microsoft Groups

Microsoft Groups are the only University approved way to store sensitive data within OneDrive, including Protected Health Information (PHI) or data subject to the Health Insurance Portability and Accountability Act (HIPAA).

How to Store: Restricted File Library Only

A Microsoft Group that has been configured for use with sensitive data will include a special Document Library called "Restricted." This is the only space that is approved for storing sensitive data. Your Group will come with other default document libraries, including Department Document Library, Public Document Library, Projects Document Library, and Microsoft Teams Document Library. You are welcome to use these other folders for non-sensitive data.

How to Edit: Office Online

The OneDrive space associated with a Microsoft Group works seamlessly with Office 365 tools like Word Online and Excel Online to allow document editing without saving to a local device. Please use this capability when editing HIPAA protected content or other sensitive materials.

Security Benefits of a Group

By default, all document libraries in a Group are visible only to Group members.

Using a Group allows files to stay with the department or unit, even when individual Group members move on. Even if all members of a Group leave, the Group itself and any associated files can remain, and new members can be added as needed. This reduces the risk of files or folders being lost when the owner leaves the University.

A Group appears in each member's OneDrive for Business folder list, so there are no extra logins to remember. Each individual logs into OneDrive with his or her own credentials.