ICPSR and the Data Seal of Approval: A Case Study Mary Vardigan Assistant Director, ICPSR October 8, 2013.

Slides:

Advertisements

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Advertisements

The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.

ICPSR and the Data Seal of Approval Mary Vardigan Assistant Director, ICPSR December 10, 2012.

Is it Research?. Is It Research? 2 Elements –The project involves a systematic investigation –The design (meaning goal, purpose, or intent) of the investigation.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

SOP Melody Lin, Ph.D. Deputy Director, Office for Human Research Protections Director, International Activities Santiago, Chile August.

Ethical Considerations when Developing Human Research Protocols A discipline “born in scandal and reared in protectionism” Carol Levine, 1988.

FERPA and IRB: Implications for Testing Centers Judith W. Grant, Ph.D.,CIP NCTA Conference San Antonio, Texas August 6, 2009.

5/21/2015 (1) Complying with P2P Mandates in the HEOA of 2008 EDUCAUSE Live! 23 November 2009

By Eileen Clegg Digital Preservation at Columbia in the Old Days (2009)

Security Controls – What Works

Developing a Records & Information Retention & Disposition Program:

Columbia University IRB IRB 101 September 21, 2005 George Gasparis, Executive Director, CU IRB Asst. V.P. and Sr. Asst. Dean for Research Ethics.

Data Seal of Approval Overview Lightning Talk RDA Plenary 5 – San Diego March 11, 2015 Mary Vardigan University of Michigan Inter-university Consortium.

IRB Monthly Investigator Meeting Columbia University Medical Center IRB October 11, 2005.

WHS Management Plans.

Health Insurance Portability and Accountability Act (HIPAA)

Internal Auditing and Outsourcing

CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.

Cornell Evaluation Network The Use of Human Participants in Research Office of Research Integrity and Assurance ~ May 14, 2007.

Sharing Low-Income Customer Information Water & Energy Utilities LIOB Meeting - January 2009 Seaneen M Wilson Division of Water & Audits.

Service Organization Control (SOC) Reporting Options and Information

International Research & Research Involving Children K. Lynn Cates, MD Assistant Chief Research & Development Officer Office of Research & Development.

Maintain Ethical Conduct

Responsible Conduct of Research (RCR) Farida Lada October 16, 2013

Repository Requirements and Assessment August 1, 2013 Data Curation Course.

Data Archiving and Networked Services DANS is an institute of KNAW en NWO Trusted Digital Archives and the Data Seal of Approval Peter Doorn Data Archiving.

Data Archiving and Networked Services DANS is an institute of KNAW en NWO and the Peter Doorn Data Archiving and Networked Services EUDAT Conference Trust.

Developing an Effective Ethics Program

Future Use of Stored Samples & Data and the NIH Policy on GWAS and dbGaP NIAID/DAIDS Dione Washington, M.S. -- ProPEP Sudha Srinivasan, Ph.D.-- TRP Tanisha.

Responsible Data Use: Data restrictions Robert R. Downs, PhD NASA Socioeconomic Data and Applications Center (SEDAC) Center for International Earth Science.

Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.

RESPONSIBLE CONDUCT IN HUMAN SUBJECTS RESEARCH MARGARITA M. CARDONA DIRECTOR OF SPONSORED RESEARCH Institutional Review Board.

H I P A A T R A I N I N G Self Directed Module 7 Research Disclosures For Data Custodians START Click to begin…

Privacy and Confidentiality. Definitions n Privacy - having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally,

Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.

Name Position Organisation Date. What is data integration? Dataset A Dataset B Integrated dataset Education data + EMPLOYMENT data = understanding education.

Safeguarding Research Data Policy and Implementation Challenges Miguel Soldi February 24, 2006 THE UNIVERSITY OF TEXAS SYSTEM.

Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.

Office of Research & Development (ORD) Local Accountability of Research 2009 Baltimore, Maryland January 13-14, 2009 “Meeting the Current Challenges of.

Responsible Data Use: Data Restrictions Robert R. Downs, PhD NASA Socioeconomic Data and Applications Center (SEDAC) Center for International Earth Science.

Institutional Review Board Issues for Classroom Research Sharon McWhorter IRB Administrator, The University of Akron (With assistance from Phil Allen,

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

Peter Granda Archival Assistant Director / Data Archives and Data Producers: A Cooperative Partnership.

Yadvindera (Bobby) Bains MD Director of Radiation Oncology, Laredo Medical Center Adjunct Associate Professor, Dept of Radiation Oncology, University of.

FORUM GUIDE TO SUPPORTING DATA ACCESS FOR RESEARCHERS A STATE EDUCATION AGENCY PERSPECTIVE Kathy Gosa, Kansas State Department of Education.

1 PARCC Data Privacy & Security Policy December 2013.

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

Privacy/Confidentiality – Principles and Regulations in the Social Sciences and Behavioral Research Moira Keane, MA, CIP University of Minnesota May 4,

SEDAC Long-Term Archive Development Robert R. Downs Socioeconomic Data and Applications Center Center for International Earth Science Information Network.

Data Seal of Approval (DSA) SEEDS Kick-off meeting May 5, Lausanne Renate Kunz.

Human Subjects Update E. Wethington, Chair, UCHS.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

Quality Metrics of Performance of Research Ethics Committees Cristina E. Torres, PhD FERCAP Coordinator.

FERPA Family Educational Rights and Privacy Act

CESSDA SaW Training on Trust, Identifying Demand & Networking

Digital Repository Certification Schema A Pathway for Implementing the GEO Data Sharing and Data Management Principles Robert R. Downs, PhD Sr. Digital.

Certification of Trusted Repositories

Providing Access to Your Data: Handling sensitive data

Trustworthiness of Preservation Systems

Internal and Governmental Financial Auditing and Operational Auditing

AAHRPP Accreditation Welcome to the University of Georgia’s presentation for accreditation of the human research protection program (HRPP). This presentation.

Making Your IRBs and Clinical Investigators HIPAA-Ready

HIPAA Privacy and Security Update - 5 Years After Implementation

Data Repository Assessment & Certification: Experiences and Lessons Learned Thank you for inviting me to present at the Network of Asian Social Science.

Presentation transcript:

ICPSR and the Data Seal of Approval: A Case Study Mary Vardigan Assistant Director, ICPSR October 8, 2013

Outline of Presentation What is ICPSR? Why repository assessment/certification is important Assessment options and assessments undertaken at ICPSR ICPSR’s experience with Data Seal of Approval Conclusions

What is ICPSR? Repository of social and behavioral science data established in 1962 for data sharing and preservation Membership-based organization -- over 700 institutional members (colleges and universities) from around the world Source for training in methodology and data stewardship

Why Assessment is Important Promote trust and confidence -- funding agencies, data producers, and data users need to know that data will available for the long term Provide transparent view into the repository Improve processes and procedures Measure against a community standard Show the benefits of domain repositories

Assessment Options Basic Certification –Data Seal of Approval (DSA)Data Seal of Approval –World Data System (WDS)World Data System “Formal” Certification –Trustworthy Repositories Audit and Certification (TRAC)/ISO (includes site visit)Trustworthy Repositories Audit and CertificationISO Other alternatives –Self-audits against TRAC, peer reviews –Digital Repository Audit Method Based On Risk Assessment (DRAMBORA)Digital Repository Audit Method Based On Risk Assessment –Nestor Seal for Trustworthy Digital ArchivesNestor Seal for Trustworthy Digital Archives –DIN Criteria for Trustworthy Digital ArchivesDIN Criteria for Trustworthy Digital Archives

ICPSR Assessments Undertaken CRL test audit (TRAC checklist) Data Seal of Approval certification TRAC/ISO self-assessment 2013World Data System certification

DSA Self-Assessment,

Procedures Followed Digital Preservation Officer and Director of Collection Delivery conducted the self- assessment, assembled the evidence, and wrote response Provided a URL to evidence for meeting each guideline Peer review – first was done offline with no manual to clarify intent of guidelines; second done using online tool – assessment modified

Effort and Resources Required Mainly time of the Digital Preservation Officer and Director of Collection Delivery Would estimate two days at most Had created policies prior to DSA application

Self-Assessment Ratings Using the manual and guiding questions: Rated ICPSR as having achieved 4 stars for all but Guideline 13, full OAIS compliance: The technical infrastructure explicitly supports the tasks and functions described in internationally accepted archival standards like OAIS.

Example of Evidence – Guideline 5 Reviewer stated: “I would like to stipulate that this description addresses well the extended criteria of Guideline 5“ Guideline Text: The data repository uses due diligence to ensure compliance with legal regulations and contracts including, when applicable, regulations governing the protection of human subjects.

Evidence ICPSR is legally considered a part of the University of Michigan. The primary legal contracts/regulations that ICPSR handles are the Membership Form, Deposit Form, Terms of Use, and Restricted-Use Contracts. The Membership Form specifies responsible use of ICPSR data resources and prohibits the redistribution of data. The ICPSR Deposit Form stipulates that the depositor must have copyright in order to transfer to ICPSR the right to disseminate the data and obtains permission from the depositor for ICPSR to manage the data for purposes of distribution and preservation. ICPSR Terms of Use specify that data may not be redistributed and that users must not disclose the identities of research participants. The Terms of Use include information on penalties for noncompliance. ICPSR’s Restricted-use Contracts are agreements governing the use and protection of data that carry a risk of disclosure. These contracts use model language and are reviewed by legal counsel.

Evidence (continued) ICPSR offers three levels of access to data: public-use, restricted-use available via contract, and restricted-use available only onsite at ICPSR under secure conditions. All data are reviewed for disclosure risk and, when necessary, modified in consultation with the investigator. ICPSR is in the process of implementing software that will provide a secure virtual data enclave for individuals using confidential data to ensure that they are in compliance with disclosure risk protocols. ICPSR staff are trained and certified in handling restricted-use data. Data are deposited and processed in a secure non- networked environment. Confidential data are stored in encrypted form in multiple locations.

Evidence (continued) With respect to compliance with national laws under which ICPSR operates, in the United States there are several statutes and codes related to the privacy and protection of research participants. Of particular note is the federal regulation on Protection of Human Subjects (45 CFR 46). Institutions bear the responsibility for compliance with 45 CFR 46. Every university must file an “assurance of compliance” with the Office for Human Research Protections which includes “a statement of ethical principles to be followed in protecting human subjects of research.” University Institutional Review Boards (IRBs) review research to address these issues. Other relevant U.S. laws include the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act (HIPAA). ICPSR requests from depositors copies of IRB approval, approved protocols, privacy certificates, and blank consent forms.

Findings and Changes Made Recognized need to make policies more public – e.g., static and linkable Terms of Use (previously only dynamic) Reinforced work on succession planning – now integrated into Data-PASS partnership agreement Underscored need to comply with OAIS – now building a new system based on it

Other Observations about DSA Assessment is a static document -- URLs may change and links may break (this happened to ICPSR!) Best not to integrate details about technology that may change Organizations may want to establish a schedule to review their assessments (in addition to DSA prompts)

Conclusions: Benefits of DSA Approach Lower bar, less “threatening“ Less labor- and time-intensive, less costly Emphasis on raising awareness and transparency is great More community- and peer-based rather than top down Interaction with peer reviewer is meaningful Seal carries meaning that is easily recognized

Thank you! Questions?