Non-PHI High Risk Data Now Permitted in Private Slack Conversations
You can now use direct messages and private Slack channels to communicate High Risk data other than protected health information (PHI). PHI is explicitly not permitted in Slack conversations because of legal limitations imposed by our agreement with the company.
This means – for the first time since Slack rolled out at Stanford in 2017 – you can now use the collaboration tool in private conversations to share content such as donor contact information, and other information classified by Stanford's Data Risk Classifications as being High Risk, not including PHI.
“In response to community demand, we’ve spent the past year exploring ways to expand Slack’s usage to include High Risk data,” said Brad Immanuel, senior director of End User Experience in University IT, whose team manages the Stanford Slack Grid service.
“With more than 11,000 active Slack users and growing, allowing non-PHI High Risk data provides our community with greater flexibility to leverage the tool in broader ways.”
What are private conversations?
As defined by Slack, private conversations happen through the following three ways:
- Direct messages (DMs), which are one-to-one conversations between you and another Slack user
- Group direct messages (group DMs), which are smaller discussions that take place outside of channels between you and up and up to eight other members
- Private channels, which are channels limited to invited users, allowing those users to keep conversations out of public view
To learn about Stanford’s data and system risk classifications, visit this ISO webpage.
To learn more about Slack, visit these online resources:
For help with Slack, submit a Help ticket.