1 / 13

Protecting Research Data and Information

Protecting Research Data and Information. Safekeeping Essentials. Lucy M. Fleming Facility Information Security Officer. Required Practices. Study staff accessing VA data must meet all user requirements Store data on a network Written agreement if storing at alternate site

yvon
Télécharger la présentation

Protecting Research Data and Information

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Protecting Research Data and Information Safekeeping Essentials Lucy M. Fleming Facility Information Security Officer 4/2/2014

  2. Required Practices • Study staff accessing VA data must meet all user requirements • Store data on a network • Written agreement if storing at alternate site (DUA, MOU/ISA, HIPAA Authorization) • Restricted access

  3. Required Practices (cont’d) • Secure transmittals • Encryption • Authorization to transport • Remove access when study team members leave • Do not destroy the data • Report any data protection incidents

  4. Best Practices • Backup data: mobile devices, hard drives • Do not store data at alternate sites, if avoidable • VPN: RESCUE or Citrix Access Gateway • Software review • Web site approval • SharePoint • Network Drive

  5. References • VA Directive and Handbook 6500 (and 6500.x) • HIPAA Security Rule • Local Policy • NIST 800 Series • (National Institute of Standards and Technology) • RCS 10-1 and 005-1 (Records Control Schedule)

  6. What If? A 5/8’s VA investigator collects VA data that is personally identifiable and stores it on a VA research server. The study staff are involved in other studies and are employed by the University’s research department. May the study staff have access to the study data in order to analyze it?

  7. Response • The study staff should have an appointment with the VA, e.g. WOC. • They must have a personnel security clearance. • They must complete VA Privacy and Information Security Awareness Training and Rules of Behavior; VHA Privacy Awareness Training. • Then, then study staff may have access to the VA network and VA data.

  8. What If? A study calls for interviewing subjects at malls and senior centers around the area. No sensitive data is collected. The survey results are stored on an encrypted laptop until the study team member returns to the VA to upload the data. The study team member stops for lunch and the laptop is stolen from the car. Is the subjects’ data protected?

  9. Response • The subjects are protected as no identifiable data was collected. • The data is protected in that it is on an encrypted laptop. • But…the study data is lost and irretrievable. It would have been better to connect to the VA via VPN and save the data directly on the VA network rather than put it on a laptop and upload.

  10. What If? A VA investigator wants to gather data by having the subject complete surveys at the beginning, midpoint and end of their involvement in the study. She decides to use a Survey Monkey web site as it is a tool she has seen being used a number of times in the VA. May she use Survey Monkey?

  11. Response • Actually, the response at this point is “maybe.” • Web Communications should be contacted to obtain approval for each study that involves using a web site to collect data until such time as official guidance is published on the use of web sites and survey tools in Research.

  12. Questions Refer questions to: Joseph Holston Senior ISO for Research Joseph.holston@va.gov Phone: 202-443-5622

  13. Questions Or alternatively to: Lucy Fleming ISO, VA Maryland Health Care System lucy.fleming@va.gov Phone: 410-605-7141

More Related