Murphys Law If anything can go wrong it

  • Slides: 13
Download presentation
Murphy’s Law If anything can go wrong, it will.

Murphy’s Law If anything can go wrong, it will.

Data Security and Confidentiality “… a firm belief in Murphy’s Law and in the

Data Security and Confidentiality “… a firm belief in Murphy’s Law and in the necessity to try and circumvent it. ” 2

What is VA Sensitive Information? VA sensitive information is defined in VA Directive 6504

What is VA Sensitive Information? VA sensitive information is defined in VA Directive 6504 as all Department data, on any storage media or in any form or format, which requires protection due to the risk of harm that could result from inadvertent or deliberate disclosure, alteration, or destruction of the information. 3

What is Sensitive VA Research Information? Sensitive VA research data consist of information that

What is Sensitive VA Research Information? Sensitive VA research data consist of information that has been collected for, used in or derived from the conduct of VA research that fits the definition of VA sensitive information. Always err on the side of caution. Unless you are certain that specific research data are NOT sensitive, you should treat them as if they ARE. 4

How Can You Protect VA Research Data? Three-legged stool 1. 2. 3. Technical safeguards

How Can You Protect VA Research Data? Three-legged stool 1. 2. 3. Technical safeguards (e. g. , passwords, encryption, antivirus protection) Physical safeguards (e. g. , locking up portable media) Good work practices (e. g. , knowing all the requirements, using common sense) 5

Best Practices to Help Ensure Security • Whenever possible, store VA research data on

Best Practices to Help Ensure Security • Whenever possible, store VA research data on network drives with restricted access, not on your desktop computer • Keep data in one file location for ease in making backups • Better yet, simply backup all your VA research data in one location on a VA server 6

File Sharing • • Must not be on a device that you use for

File Sharing • • Must not be on a device that you use for remote computing Only through authorized VA servers 7

Data Storage and Security Outside the VA • Only on specifically designated systems and

Data Storage and Security Outside the VA • Only on specifically designated systems and approved in advance • Only where the non-VA systems or devices conform to, or exceed, applicable VA requirements 8

Non-VA System Requirements • Must meet all requirements set forth in Federal Information Security

Non-VA System Requirements • Must meet all requirements set forth in Federal Information Security Act (FISMA) • Includes Federal Information Processing Standards (FIPS) 140 -2 certification of all hardware/software • Contact your local Information Security Officer (ISO) on how to obtain verification of this requirement 9

Principal Investigator Responsibilities • • • Storage provisions Security measures Transportation or transmission methods

Principal Investigator Responsibilities • • • Storage provisions Security measures Transportation or transmission methods Provisions for controlling access to the data Plans for how long identifiable information or linkages will be kept Provisions for disposition of the data at the end of the study 10

Certifying Each Protocol For all new research protocols, the principal investigator (PI) must certify

Certifying Each Protocol For all new research protocols, the principal investigator (PI) must certify that: • Use, storage and security of all information collected for, derived from, or used during the conduct of the research will be in compliance with all VA and VHA requirements. This will require that the PI complete two forms: • • Data Security Checklist Principal Investigator’s Certification: Storage & Security of VA Research 11

De-identified Data • Must meet both HIPAA and Common Rule requirements • • Remove

De-identified Data • Must meet both HIPAA and Common Rule requirements • • Remove all 18 HIPAA identifiers Removal of all information that alone or in combination could reveal identity of the individual 12

Submit questions through your local research office to Research. Data@va. gov

Submit questions through your local research office to Research. Data@va. gov

Murphys Law Anything that can go wrong willMurphys Law Anything that can go wrong will
Introduction to Murphys Law 1 Murphys Law29 IfIntroduction to Murphys Law 1 Murphys Law29 If
Wrong Patient Wrong Procedure Wrong Site Preventing WrongWrong Patient Wrong Procedure Wrong Site Preventing Wrong
Murphys Law What can go wrong will goMurphys Law What can go wrong will go
The wrong time wrong place wrong shore CycloneThe wrong time wrong place wrong shore Cyclone
Murphys Law Lubarskys Law of Cybernetic Entomology TheresMurphys Law Lubarskys Law of Cybernetic Entomology Theres
You Can Be Anything You Can Be AnythingYou Can Be Anything You Can Be Anything
The scope of local variables Murphys Law TheThe scope of local variables Murphys Law The
Murphys Computer Laws Law 1 The remaining workMurphys Computer Laws Law 1 The remaining work
Addressing the Challenges of Murphys Law of FractionsAddressing the Challenges of Murphys Law of Fractions
Murphys Law Captain Edward A Murphy Jr wasMurphys Law Captain Edward A Murphy Jr was
Murphys Law Clausewitzian Friction on the Modern BattlefieldMurphys Law Clausewitzian Friction on the Modern Battlefield