Murphy - PowerPoint PPT Presentation

About This Presentation
Title:

Murphy

Description:

VA sensitive information is defined in VA Directive 6504 as all ... Three-legged stool. Technical safeguards (e.g., passwords, encryption, antivirus protection) ... – PowerPoint PPT presentation

Number of Views:1092
Avg rating:3.0/5.0
Slides: 14
Provided by: marisuec
Category:
Tags: legged | murphy

less

Transcript and Presenter's Notes

Title: Murphy


1
Murphys Law
  • If anything can go wrong,
  • it will.

2
Data Security and Confidentiality
  • a firm belief in Murphys Law and in the
    necessity to try and circumvent it.

3
What is VA Sensitive Information?
  • VA sensitive information is defined in VA
    Directive 6504 as all Department data, on any
    storage media or in any form or format, which
    requires protection due to the risk of harm that
    could result from inadvertent or deliberate
    disclosure, alteration, or destruction of the
    information.

4
What is Sensitive VA Research Information?
  • Sensitive VA research data consist of
    information that has been collected for, used in
    or derived from the conduct of VA research that
    fits the definition of VA sensitive information.
  • Always err on the side of caution. Unless you
    are certain that specific research data are NOT
    sensitive, you should treat them as if they ARE.

5
How Can You Protect VA Research Data?
  • Three-legged stool
  • Technical safeguards (e.g., passwords,
    encryption, antivirus protection)
  • Physical safeguards (e.g., locking up portable
    media)
  • Good work practices (e.g., knowing all the
    requirements, using common sense)

6
Best Practices to Help Ensure Security
  • Whenever possible, store VA research data on
    network drives with restricted access, not on
    your desktop computer
  • Keep data in one file location for ease in making
    backups
  • Better yet, simply backup all your VA research
    data in one location on a VA server

7
File Sharing
  • Must not be on a device that you use for remote
    computing
  • Only through authorized VA servers

8
Data Storage and Security Outside the VA
  • Only on specifically designated systems and
    approved in advance
  • Only where the non-VA systems or devices conform
    to, or exceed, applicable VA requirements

9
Non-VA System Requirements
  • Must meet all requirements set forth in Federal
    Information Security Act (FISMA)
  • Includes Federal Information Processing Standards
    (FIPS) 140-2 certification of all
    hardware/software
  • Contact your local Information Security Officer
    (ISO) on how to obtain verification of this
    requirement

10
Principal Investigator Responsibilities
  • Storage provisions
  • Security measures
  • Transportation or transmission methods
  • Provisions for controlling access to the data
  • Plans for how long identifiable information or
    linkages will be kept
  • Provisions for disposition of the data at the end
    of the study

11
Certifying Each Protocol
  • For all new research protocols, the principal
    investigator (PI) must certify that
  • Use, storage and security of all information
    collected for, derived from, or used during the
    conduct of the research will be in compliance
    with all VA and VHA requirements.
  • This will require that the PI complete two forms
  • Data Security Checklist
  • Principal Investigators Certification Storage
    Security of VA Research

12
De-identified Data
  • Must meet both HIPAA and Common Rule requirements
  • Remove all 18 HIPAA identifiers
  • Removal of all information that alone or in
    combination could reveal identity of the
    individual

13
Submit questions through your local research
office to ResearchData_at_va.gov
Write a Comment
User Comments (0)
About PowerShow.com