ICPSR and the Data Seal of Approval Mary Vardigan Assistant Director, ICPSR December 10, 2012.

Slides:



Advertisements
Similar presentations
Board Governance: A Key to Quality Organizations
Advertisements

The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.
What FDA Looks for When Inspecting IRBs and Sponsors Marian J. Serge Nurse Consultant Division of Bioresearch Monitoring Office of Compliance Center for.
MONITORING OF SUBGRANTEES
DSA and the Certification Framework Ingrid Dillo Data Archiving and Networked Services DSA Conference, Florence 10 December 2012.
PPI Strategy and delivery for the Research Capability Programme Maria von Hildebrand Patient and Public Stakeholder Engagement Manager.
Digital Preservation and Trusted Digital Repositories Priscilla Caplan Florida Center for Library Automation ALA 2005 Chicago IL.
PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
Peer-Reviewer Guidance Data Seal of Approval Hervé L’Hours DSA Conference Amsterdam. 24 September, 2014.
Is it Research?. Is It Research? 2 Elements –The project involves a systematic investigation –The design (meaning goal, purpose, or intent) of the investigation.
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
Introduction to Human Subjects Research at the University of Michigan – Dearborn. Debra Schneider IRB Administrator (313)
Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.
OVERVIEW & LIBRARY SUPPORT FOR DATA MANAGEMENT/SHARING Jim Van Loon, MSME/MLIS Science Librarian.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
SOP Melody Lin, Ph.D. Deputy Director, Office for Human Research Protections Director, International Activities Santiago, Chile August.
The Institutional Review Board. What is an IRB? An IRB is committee set up by an institution to review, approve, and regulate research conducted under.
ICPSR and the Data Seal of Approval: A Case Study Mary Vardigan Assistant Director, ICPSR October 8, 2013.
TRAC / TDR ICPSR Trustworthy Digital Repositories.
Security Controls – What Works
Developing a Records & Information Retention & Disposition Program:
Columbia University IRB IRB 101 September 21, 2005 George Gasparis, Executive Director, CU IRB Asst. V.P. and Sr. Asst. Dean for Research Ethics.
IS Audit Function Knowledge
Data Seal of Approval Overview Lightning Talk RDA Plenary 5 – San Diego March 11, 2015 Mary Vardigan University of Michigan Inter-university Consortium.
Health Insurance Portability and Accountability Act (HIPAA)
April 2, 2013 Longitudinal Data system Governance: Status Report Alan Phillips Deputy Director, Fiscal Affairs, Budgeting and IT Illinois Board of Higher.
Internal Auditing and Outsourcing
CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.
Cornell Evaluation Network The Use of Human Participants in Research Office of Research Integrity and Assurance ~ May 14, 2007.
International Research & Research Involving Children K. Lynn Cates, MD Assistant Chief Research & Development Officer Office of Research & Development.
Repository Requirements and Assessment August 1, 2013 Data Curation Course.
Data Archiving and Networked Services DANS is an institute of KNAW en NWO Trusted Digital Archives and the Data Seal of Approval Peter Doorn Data Archiving.
HIPAA – How Will the Regulations Impact Research?.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
OAIS in the Library Environment Managing and Preserving Electronic Resources FLICC/CENDI Washington DC, December 11,2001 Anne Van Camp RLG, Member Initiatives.
H I P A A T R A I N I N G Self Directed Module 7 Research Disclosures For Data Custodians START Click to begin…
Name Position Organisation Date. What is data integration? Dataset A Dataset B Integrated dataset Education data + EMPLOYMENT data = understanding education.
Safeguarding Research Data Policy and Implementation Challenges Miguel Soldi February 24, 2006 THE UNIVERSITY OF TEXAS SYSTEM.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
Chapter 21 Internal, Operational, and Compliance Auditing McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.
Office of Research & Development (ORD) Local Accountability of Research 2009 Baltimore, Maryland January 13-14, 2009 “Meeting the Current Challenges of.
Responsible Data Use: Data Restrictions Robert R. Downs, PhD NASA Socioeconomic Data and Applications Center (SEDAC) Center for International Earth Science.
Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.
Yadvindera (Bobby) Bains MD Director of Radiation Oncology, Laredo Medical Center Adjunct Associate Professor, Dept of Radiation Oncology, University of.
U.S. Department of Education Safeguarding Student Privacy Melanie Muenzer U.S. Department of Education Chief of Staff Office of Planning, Evaluation, and.
FORUM GUIDE TO SUPPORTING DATA ACCESS FOR RESEARCHERS A STATE EDUCATION AGENCY PERSPECTIVE Kathy Gosa, Kansas State Department of Education.
1 PARCC Data Privacy & Security Policy December 2013.
©2002 by the National Committee for Quality Assurance NCQA: HIPAA Business Associate Presentation to the 6th National HIPAA Summit March 28, 2003 Patricia.
Aligning Digital Preservation Policies with Community Standards Nancy McGovern Digital Preservation Officer.
SEDAC Long-Term Archive Development Robert R. Downs Socioeconomic Data and Applications Center Center for International Earth Science Information Network.
Human Subjects Update E. Wethington, Chair, UCHS.
Office of Research & Development (ORD) Local Accountability of Research 2009 Baltimore, Maryland January 13-14, 2009 “Meeting the Current Challenges of.
FDIC Perspective on Environmental Risk Presented by: Gordon Stoner Legal Division Federal Deposit Insurance Corporation May 6, 2008.
Department of Computer Science Introduction to Information Security Chapter 8 ISO/IEC Semester 1.
First Things First Grantee Overview.
CESSDA SaW Training on Trust, Identifying Demand & Networking
Certification of Trusted Repositories
Privacy principles Individual written policies
Providing Access to Your Data: Handling sensitive data
Trustworthiness of Preservation Systems
Internal and Governmental Financial Auditing and Operational Auditing
Peer-Reviewer Perspective Data Seal of Approval
General Data Protection Regulation
AAHRPP Accreditation Welcome to the University of Georgia’s presentation for accreditation of the human research protection program (HRPP). This presentation.
Investigator of Record – Definition
Student Data Privacy: National Trends and Wyoming’s Role
Data Repository Assessment & Certification: Experiences and Lessons Learned Thank you for inviting me to present at the Network of Asian Social Science.
Fundamental Science Practices (FSP) of the U.S. Geological Survey
Presentation transcript:

ICPSR and the Data Seal of Approval Mary Vardigan Assistant Director, ICPSR December 10, 2012

Outline of Presentation What is ICPSR? Repository assessments undertaken at ICPSR –Test audit –TRAC self-assessment –Data Seal of Approval Process, effort, findings for each Conclusions

What is ICPSR? Repository of social science data established in 1962 for data sharing and preservation Membership-based organization -- over 700 institutional members (colleges and universities) from around the world Source for training in statistics and data curation through the Summer Program

Mission ICPSR provides leadership and training in data access, curation, and methods of analysis for a diverse and expanding social science research community.

First Assessment Effort, Center for Research Libraries proposed a test audit of ICPSR, along with Koninklijke Bibliotheek National Library of the Netherlands, Portico, and LOCKSS Purpose: To test a methodology based on the RLG-NARA Checklist for the Certification of Trusted Digital Repositories Precursor to current TRAC audit/certification processes ICPSR Test Audit Report: /ICPSR_final.pdf /ICPSR_final.pdf

Evaluation Criteria Characteristics of the organization that might affect performance, accountability, business continuity Technologies and infrastructure employed Preservation processes and procedures

Effort and Resources Required Completion of Audit Checklist Gathering of large amounts of data about the organization – staffing, finances, digital assets, process, technology, security, redundancy, etc. Hosting of audit group for two and a half days with interviews and meetings Remediation of problems discovered

Findings Taken as a whole, ICPSR appears to provide responsible stewardship of the valuable research resources in its custody. Depositors of data to the ICPSR data archives and users of those archives can be confident about the state of its operation, and the processes, procedures, technologies, and technical infrastructure employed by the organization.

Findings (continued) Succession and disaster plans needed Funding uncertainty (grants) Acquisition of preservation rights from depositors Need for more process and procedural documentation related to preservation Machine-room issues noted

Changes Made Hired a Digital Preservation Officer Created policies, including Digital Preservation Policy Framework, Access Policy Framework, and Disaster Plan Changed deposit process to be explicit about ICPSRs right to preserve content Continued to diversify funding (ongoing) Made changes to machine room

TRAC Self-Assessment, 2010-present Parceled out the 80+ TRAC requirements to committees across the organization Gathered evidence demonstrating compliance for each guideline Rated compliance on 0-4 scale Digital Preservation Officer and Director of Curation Services reviewing evidence Goal is to provide a report

Effort and Resources Required Time of many individuals across the organization Technology – Developed Drupal site for data entry Time for high-level review and summarization Time/technology most likely required to address areas for improvement

DSA Self-Assessment,

Procedures Followed Digital Preservation Officer and Director of Collection Delivery conducted the self- assessment, assembled the evidence, and wrote response Attempted to provide a URL for each guideline First peer review done offline with no manual to clarify intent of guidelines; second done using online tool – assessment modified

Effort and Resources Required Mainly time of the Digital Preservation Officer and Director of Collection Delivery Would estimate two days at most Note: Next self-assessment should be more robust with greater amount of detail

Self-Assessment Ratings Using the manual and guiding questions: Rated ICPSR as having achieved 4 stars for all but Guideline 13, full OAIS compliance

Example of Evidence – Guideline 5 Reviewer stated: I would like to stipulate that this description addresses well the extended criteria of Guideline 5 Guideline Text: The data repository uses due diligence to ensure compliance with legal regulations and contracts including, when applicable, regulations governing the protection of human subjects.

Evidence ICPSR is legally considered a part of the University of Michigan. The primary legal contracts/regulations that ICPSR handles are the Membership Form, Deposit Form, Terms of Use, and Restricted-Use Contracts. The Membership Form specifies responsible use of ICPSR data resources and prohibits the redistribution of data. The ICPSR Deposit Form stipulates that the depositor must have copyright in order to transfer to ICPSR the right to disseminate the data and obtains permission from the depositor for ICPSR to manage the data for purposes of distribution and preservation. ICPSR Terms of Use specify that data may not be redistributed and that users must not disclose the identities of research participants. The Terms of Use include information on penalties for noncompliance. ICPSRs Restricted-use Contracts are agreements governing the use and protection of data that carry a risk of disclosure. These contracts use model language and are reviewed by legal counsel.

Evidence (continued) ICPSR offers three levels of access to data: public-use, restricted-use available via contract, and restricted-use available only onsite at ICPSR under secure conditions. All data are reviewed for disclosure risk and, when necessary, modified in consultation with the investigator. ICPSR is in the process of implementing software that will provide a secure virtual data enclave for individuals using confidential data to ensure that they are in compliance with disclosure risk protocols. ICPSR staff are trained and certified in handling restricted-use data. Data are deposited and processed in a secure non- networked environment. Confidential data are stored in encrypted form in multiple locations.

Evidence (continued) With respect to compliance with national laws under which ICPSR operates, in the United States there are several statutes and codes related to the privacy and protection of research participants. Of particular note is the federal regulation on Protection of Human Subjects (45 CFR 46). Institutions bear the responsibility for compliance with 45 CFR 46. Every university must file an assurance of compliance with the Office for Human Research Protections which includes a statement of ethical principles to be followed in protecting human subjects of research. University Institutional Review Boards (IRBs) review research to address these issues. Other relevant U.S. laws include the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act (HIPAA). ICPSR requests from depositors copies of IRB approval, approved protocols, privacy certificates, and blank consent forms.

Evidence (continued) Links provided to: ICPSR Deposit Form Terms of Use Restricted Data Agreement

Findings and Changes Made Recognized need to make policies more public – e.g., static and linkable Terms of Use (previously only dynamic) Reinforced work on succession planning – now integrated into Data-PASS partnership agreement Underscored need to comply with OAIS – now building a new system based on it

Comparison – Effort and Resources Test audit was the most labor- and time- intensive TRAC self-assessment involved the time of more people Data Seal of Approval least costly

Comparison – Changes Made Test audit was first experience – resulted in greatest number of changes made and greatest increase in awareness Fewer changes made as a result of DSA assessment because many addressed in earlier test audit; also not as detailed TRAC assessment will surface additional issues to address

Other Observations about DSA Assessment is a static document -- URLs may change and links may break Best not to integrate details about technology that may change Organizations may want to establish a schedule to review their assessments (in addition to DSA prompts)

Conclusions: Benefits of DSA Approach Lower bar, less threatening Less labor- and time-intensive, less costly Emphasis on raising awareness and transparency is great More community- and peer-based rather than top down Interaction with peer reviewer is meaningful Seal carries meaning that is easily recognized

Thank you! Questions?