CON Research Data Security and Storage: Difference between revisions

Jump to navigation Jump to search
No edit summary
Line 59: Line 59:
<br />
<br />
===Purpose===
===Purpose===
<p style="margin-bottom:15px; max-width:70em !important;">In agreement with UNMC Human Research Protection Program (HRPP) Policies and Procedures, the purpose of the policy on data security and storage is to ensure the secure storage of research data on all five UNMC College of Nursing campuses to protect the privacy interests of research subjects; to maintain the confidentiality of data; and to prevent unauthorized access, intrusion, and theft of data.</p>
<p style="margin-bottom:15px; max-width:70em !important;">In agreement with UNMC Human Research Protection Program (HRPP) Policies and Procedures and University of Nebraska Executive Memoranda covering data security, the purpose of the policy on data security and storage is to ensure the secure storage of research data on all five UNMC College of Nursing campuses to protect the privacy interests of research subjects; to maintain the confidentiality of data; and to prevent unauthorized access, intrusion, and theft of data.</p>
<p style="margin-bottom:15px; max-width:70em !important;">Ensuring the security of stored data is governed by HRPP Policy 3.3, Privacy Interests and Confidentiality of Research/Registry Data.</p>
===Scope===
<p style="margin-bottom:15px; max-width:70em !important;">Data that are stored in hardcopy should be stored behind two locks (i.e., locked cabinet in a locked office). Double locks are necessary because not all personnel who have access to a researcher’s office should also have access to the researcher’s data. Thus, research data must always be stored in a locked cabinet. </p>
<p style="margin-bottom:15px; max-width:70em !important;">This policy applies to all CON faculty, staff, and students engaged in research.</p>
<p style="margin-bottom:15px; max-width:70em !important;">The Principal Investigator (PI) must verify on the IRB application that only those with a “need to know” have access to the research data. Anyone who accesses stored research data must have obtained prior permission from the PI.</p>
===Policy===
<p style="margin-bottom:15px; max-width:70em !important;">If the data are extracted and stored on an electronic device such as a hard drive or mobile device (e.g., flash drive, laptops, PDAs), it must be stored in a physically secured manner. The user must take additional security precautions such as encryption and password protection.</p>
<p style="margin-bottom:15px; max-width:70em !important;">Ensuring the security of stored data is governed by HRPP Policy 3.3, Privacy Interests and Confidentiality of Research/Registry Data. Data that are stored in hardcopy must be stored behind two locks (i.e., locked cabinet in a locked office) to ensure research data security. </p>
<p style="margin-bottom:15px; max-width:70em !important;">Per HRPP Policy 3.5, Retention of Research Records, all research records must be maintained and stored securely, in accordance with Nebraska State Law, for at least seven years beyond the termination of the study or longer as required by sponsors. At the end of the seven years, the data must be appropriately archived or destroyed.</p>
<p style="margin-bottom:15px; max-width:70em !important;">The Principal Investigator (PI) must verify on the IRB application that only those with a “need to know” have access to the research data. Anyone who accesses stored research data must have obtained prior permission from the PI. If accessing data with identifiable participant information, the person must also be listed on an approved IRB protocol. </p>
<p style="margin-bottom:15px; max-width:70em !important;">If the data are extracted and stored on an electronic device such as a hard drive or mobile device (e.g., flash drive, laptops, PDAs), the user must have an additional layer of security precaution such as encryption or password protection, as outlined in HRPP Policy 3.3. </p>
<p style="margin-bottom:15px; max-width:70em !important;">Per HRPP Policy 1.17, Retention of Research Records, all research records must be maintained and stored securely, in accordance with Nebraska State Law, for at least seven years beyond the termination of the study or longer as required by sponsors. At the end of the seven years, the data must be appropriately archived or destroyed. In accordance with University of Nebraska Executive Memorandum No. 42 – Policy on Risk Classification and Minimum Security Standards, parties must contact UNMC ITS for assistance with disposal of data that is confidential, restricted, sensitive, not legally available to the public, or where protection is required by law, regulation, or sponsor requirements. In the event that the responsible party departs UNMC and is unable to be reached after multiple contact attempts, the Associate Dean for Research may permit Niedfelt Nursing Research Center staff the authority to destroy or archive the data in accordance with Executive Memorandum No. 42. </p>
<p style="margin-bottom:15px; max-width:70em !important;">Prior to storing data for a new research purpose, the researcher must submit a plan for approval to the Associate Dean for Research that describes where the data will be housed and how it will be maintained upon separation from the University. Researchers in need of physical space to store research data must inform and request secure storage facilities from both the assistant dean of the researcher’s division and the Associate Dean for Research. The UNMC campus library should be contacted for assistance with locating appropriate data repositories for public dissemination of data.</p>
<p style="margin-bottom:15px; max-width:70em !important;">Per University of Nebraska Executive Memorandum No. 41, all research data and/or materials transferred to or from the University shall be shared or transferred in accordance with all applicable international, federal, state, University, or sponsor requirements. Transferring, moving, or sharing research data requires agreements such as the Data Use/Data Transfer Agreement (DUA/DTA) for confidential or sensitive research data or Material Transfer Agreements (MTAs) to protect intellectual property rights. UNMC Sponsored Programs Administration should be contacted to coordinate the sharing or transfer of data to or from another institution via a DUA, DTA, or MTA. </p>


===Policy===
===Policy===
<p style="margin-bottom:15px; max-width:70em !important;">Researchers in need of space to store research data must inform and request secure storage facilities from appropriate personnel at all five divisions, in order to meet UNMC and Nebraska State Law data security and storage policies.  The assistant deans from each of the divisions and the Associate Dean for Research are responsible for identifying suitable storage facilities for research data at each of the sites.</p>
<p style="margin-bottom:15px; max-width:70em !important;">Researchers in need of space to store research data must inform and request secure storage facilities from appropriate personnel at all five divisions, in order to meet UNMC and Nebraska State Law data security and storage policies.  The assistant deans from each of the divisions and the Associate Dean for Research are responsible for identifying suitable storage facilities for research data at each of the sites.</p>

Navigation menu