HIPAA and High-Risk Data Restrictions
Systems containing, accessing, or interacting with HIPAA or High-Risk data have limited capabilities when using Dynatrace.
- Monitoring of only infrastructure components (Disk, CPU, Memory) is permitted.
- All other features such as Log, User Session, Session Replay, Synthetics, and Application monitoring are not permitted due to Dynatrace being a SaaS solution hosted on AWS servers.
The Enterprise Monitoring team will continue to research a solution in this space and discuss them with Yale legal teams.
FERPA Restrictions
The Dynatrace contract has been updated and approved by Yale to allow for limited monitoring of FERPA restricted applications.
- Monitoring of Infrastructure is permitted.
- Monitoring of Logs is permitted but careful attention must be taken to ensure logs do not contain personal data.
- Application Performance Monitoring is permitted for User Sessions, Real User Monitoring and Transactions. Guidlines and Security configuration requirements will soon be posted.
- Synthetic Monitoring is permitted. Guidlines and Security configuration requirements will soon be posted.
- Session Replay monitoring is not permitted