1 / 13

Murphy’s Law

Murphy’s Law. If anything can go wrong, it will. Data Security and Confidentiality. “… a firm belief in Murphy’s Law and in the necessity to try and circumvent it .”. What is VA Sensitive Information?.

janett
Download Presentation

Murphy’s Law

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Murphy’s Law If anything can go wrong, it will.

  2. Data Security and Confidentiality “… a firm belief in Murphy’s Law and in the necessity to try and circumvent it.”

  3. What is VA Sensitive Information? VA sensitive information is defined in VA Directive 6504 as all Department data, on any storage media or in any form or format, which requires protection due to the risk of harm that could result from inadvertent or deliberate disclosure, alteration, or destruction of the information.

  4. What is Sensitive VA Research Information? Sensitive VA research data consist of information that has been collected for, used in or derived from the conduct of VA research that fits the definition of VA sensitive information. Always err on the side of caution. Unless you are certain that specific research data are NOT sensitive, you should treat them as if they ARE.

  5. How Can You Protect VA Research Data? Three-legged stool • Technical safeguards (e.g., passwords, encryption, antivirus protection) • Physical safeguards (e.g., locking up portable media) • Good work practices (e.g., knowing all the requirements, using common sense)

  6. Best Practices to Help Ensure Security • Whenever possible, store VA research data on network drives with restricted access, not on your desktop computer • Keep data in one file location for ease in making backups • Better yet, simply backup all your VA research data in one location on a VA server

  7. File Sharing • Must not be on a device that you use for remote computing • Only through authorized VA servers

  8. Data Storage and Security Outside the VA • Only on specifically designated systems and approved inadvance • Only where the non-VA systems or devices conform to, or exceed, applicable VA requirements

  9. Non-VA System Requirements • Must meet all requirements set forth in Federal Information Security Act (FISMA) • Includes Federal Information Processing Standards (FIPS) 140-2 certification of all hardware/software • Contact your local Information Security Officer (ISO) on how to obtain verification of this requirement

  10. Principal Investigator Responsibilities • Storage provisions • Security measures • Transportation or transmission methods • Provisions for controlling access to the data • Plans for how long identifiable information or linkages will be kept • Provisions for disposition of the data at the end of the study

  11. Certifying Each Protocol For all new research protocols, the principal investigator (PI) must certify that: • Use, storage and security of all information collected for, derived from, or used during the conduct of the research will be in compliance with all VA and VHA requirements. This will require that the PI complete two forms: • Data Security Checklist • Principal Investigator’s Certification: Storage & Security of VA Research

  12. De-identified Data • Must meet both HIPAA and Common Rule requirements • Remove all 18 HIPAA identifiers • Removal of all information that alone or in combination could reveal identity of the individual

  13. Submit questions through your local research office to ResearchData@va.gov

More Related