Protecting research data collections

Every researcher must address the issue of data protection.  In a world where most of the data we maintain is moving from paper to digital form -- and our dependence on this information pervades every activity -- it is critical to store electronic data in a secure and reliable manner.

Electronic systems provide convenience and cost savings, but also raise the stakes for and complexity of data protection.  A single system failure can compromise your entire data collection.  That can happen in an instant, even if you've taken every reasonable precaution.

Tools to manage your data securely, including secure backup and restoration as needed, are available if you are a Medical Center affiliate.  These are centrally funded to support your research, at no cost to your program.  However, these utilities and services are only effective if you use them routinely.

Data Confidentiality

Both the Common Rule and FDA regulations require attention to the privacy of research subjects, including the confidentiality of data about them.  HIPAA adds its appropriate safeguards requirements for most research data derived from health care records. 

Data confidentiality requires a secure computing platform.  If you keep your research data on a personal computer, it is essential to follow basic security steps like keeping it physically secured, updating your software to keep it current (particularly the operating system and anti-virus and/or anti-spyware), using access protections like individual (not shared) passwords, and generally following secure computing practices.  This is particularly critical for systems that are maintained off-campus, where you generally have less physical security and also lack the technical protections provided for devices managed on the medical campus network.

As an alternative to storing data locally on a PC, you can use your personal Home Directory (which everyone receives by default) or, for department or group projects, Shared File Directories.  Both are accessible from anywhere on the medical campus network, and access-protected by your Medical ID and associated password. 

Secure remote access (off campus) to these network directories is provided by way of virtual private network (VPN) services or the Citrix Applications Portal.

Data Integrity and Availability

While protection from illegitimate access must always be a concern, the greater risk for most data collections is that they will become unavailable to legitimate users.  Everyday risks like fire, water or other environmental damage, or simple technical failures like hard disk crashes, must be considered.  Insurance claims data and warranty repair information show that these events are common.

It’s an essential practice to make frequent, periodic backup copies of a data collection, and store these copies in a secure off-site location that is protected both from intruders and environmental threats.  Many of us don’t have the necessary equipment, time or even knowledge on how to do this.

Use of your personal Home Directories and department Shared File Directories can help solve this problem.  The directories are backed-up nightly.  Storage tapes are routinely taken off site to secure vaults.  The storage hardware for these directories is in a physically secure, environmentally protected datacenter, monitored constantly to ensure 24/7 availability. 

More information

If you have any questions regarding these or other services which are available to you and your colleagues at the Medical Center, please contact the  IT Help Desk at your earliest convenience.  We’re here to support you.

We also have other on-line resources that explain more about the following topics:

• Computer security at home
• Computer security at work
• Computer security on the move
• Confidentiality, integrity and availability of data