Research & Economic Development Office of Grants and Contracts Administration Data Security Presented by Debbie Bolick September 24, 2015.

Slides:

Advertisements

Similar presentations

The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.

Advertisements

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

Overview of the Privacy Act

National Science Foundation Division of Science Resources Statistics May The Confidential Information Protection and Statistical Efficiency Act.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

HIPAA Privacy Rule Training

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

NAU HIPAA Awareness Training

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

Are you ready for HIPPO??? Welcome to HIPAA

Prepared by the Office of Grants and Contracts1 COST SHARING.

NCES Data Confidentiality and Data Licensing Program Marilyn Seastrom July, 2013 Washington, DC.

1 The University of Texas at Tyler Protecting the Confidentiality of Social Security Numbers UTS165 Information Resources Use and Security Policy.

Research and the Health Information Act Rachel Hayward Office of the Information and Privacy Commissioner of Alberta.

Supportive Services for Veteran Families (SSVF) Data Bigger Picture Updated 5/22/14.

Recently Issued OHRP Documents: Guidance on Subject Withdrawal and Draft Revised FWA Secretary’s Advisory Committee on Human Research Protections October.

HMIS Fundamentals HMIS Data Standards for VA Community Contract Programs.

Developing a Records & Information Retention & Disposition Program:

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

Informed Consent and HIPAA Tim Noe Coordinating Center.

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

Information Asset Classification

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.

CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.

HIPAA PRIVACY AND SECURITY AWARENESS.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

Responsible Conduct of Research (RCR) Farida Lada October 16, 2013

 Understanding the IRB Process University of Tennessee Health Science Center Institutional Review Board.

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

HIPAA – How Will the Regulations Impact Research?.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

FERPA: What you Need to Know The Family Educational Rights and Privacy Act & SEI.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.

Data Management Lesley A. Brown Director of Proposal Development.

NEW FERPA REGULATIONS: ARE YOU IN COMPLIANCE? Presented by Cristi Millard.

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.

HIPAA BASIC TRAINING MODULE 1C – Overview (For staff who do not generally create Protected Health Information) Anderson Health Information Systems, Inc.

VI. Developing a VSMP Program General Stormwater Training Workshop.

The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,

Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.

Tad and Terry Legal Issues in ILP. 28 CFR Part 23 The federal rule that governs or provides guidance for these issues. § 23.3 Applicability: These policy.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process A course for the Department of Commerce contracting and contracting.

VETERANS HEALTH ADMINISTRATION SLIDE 0 New Requirements for VA ORD Investigators: Implementation of Data Management and Access Plans.

WESTERN PA CHAPTER OF THE AMERICAN PAYROLL ASSOCIATION – NOVEMBER 4, 2015 Risk Management for Payroll.

Human Subjects Update E. Wethington, Chair, UCHS.

Responsible Data Use: Data restrictions Robert R. Downs, PhD Center for International Earth Science Information Network (CIESIN), Columbia University Version.

Slide 1 Standard Operating Procedures. Slide 2 Goal To review the standard operating procedures Creating the informed consent document Obtaining informed.

POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.

HIPAA Privacy Rule Training

Nassau Association of School Technologists

Tomball Independent School District Annual Confidentiality Training

Providing Access to Your Data: Handling sensitive data

Dining with Diabetes IRB Training 2017.

Introduction to the Federal Defense Acquisition Regulation

Research Opportunities at Federal Statistical Research Data Centers

General Data Protection Regulation

Making Your IRBs and Clinical Investigators HIPAA-Ready

PRIVACY PRESENTATION TO THE SPRING 2013 CONFERENCE BY HANK MOORLAG

IRB Harmonization 2016 Review

Presentation transcript:

Research & Economic Development Office of Grants and Contracts Administration Data Security Presented by Debbie Bolick September 24, 2015

Data Security Data security Means safeguarding data, from being lost, modified, or unauthorized access Monitoring That responsible parties are compliant with security plans Termination Disposition or Sanitization of Data

What type of Data is being protected? Defined personally identifiable information Information that can be used to distinguish or track an individual’s identity such as name, SSN, or biometric information Indirect identification using information in conjunction with other data elements to reasonably infer the identity of a respondent such as a combination of gender, race, date of birth, geographic indicators, or other descriptors Non-identifiable information Tracking purposes

CIPSEA Confidential Information Protection and Statistical Efficiency Act of 2002 (CIPSEA), Implemented June 15, 2007 Provides strong confidentiality protections for statistical information collections sponsored by or conducted by more than 70 Federal agencies Establishes uniform policy across Federal agencies Authorizes data sharing among specified agencies (Bureaus of Economic Analysis, Labor Statistics and Census) to include identifiable data CIPSEA data may only be used for statistical purposes

CIPSEA Penalties for non-compliance Class E felony with imprisonment of not more than five (5) years Fine of not more than $250,000

CIPSEA Implementation Guidance Harmonized principles and processes and set minimum standards Utilized best practices for handling Addressed intersection between CIPSEA and Privacy Act of 1974 for non-statistical uses

Authority Federal agencies empowered to make determination about the sensitivity of their information used for statistical purposes under a pledge of confidentiality Applies to local and state governments collecting data for federal agencies Special procedures required for use of laptop computers, PDAs, zip drives, floppy disks, CDROMs or any other IT devices

Minimum Standards All persons with access understand his/her responsibility related to maintaining confidentiality of information Monitoring procedures for collection and release Evaluating the reason for and controlling access Maintaining physical and information systems security Required Training Overview of protection procedures Limit access to those with a “need to know” Physical and information systems security procedures must be in place Penalties

Ensure Controls

311.9 Regulation Regarding Third Party Data Subject to Contractual Access Data Security at UNC Charlotte pursuant to Policy Implemented February 2011 Policy for handling and safeguarding electronic third part y data Received from third parties Subject to contractual access restrictions. Ensures that adequate precautions are implemented prior to receiving such data Maintain the security and confidentiality of covered data; and Protect against the unauthorized access or use of such records or information in ways that could violate the University’s agreements with third parties who supply such data.

Initiate Request for Data? Data Security Officer ) First Point of Contact Data Security Plan Checklist University Signatory Data Use Agreement Document Repository Submits to Agency Data Sponsor Agency releases Data to PI PI

Ongoing Monitoring College Data Security Officer Central IT Random audits Collaborative role PI (Lead Custodian) cannot be a student Authorizes Updates and monitor Students Research staff Signs Use Agreement System of Record Signatory Unit Responsible Party Information Security Internal Audit

DSO list Data Security Officers Effective April 2015 Charles Andrews......Metropolitan Studies and Extended Academic Programs William Ardern William States Lee College of Engineering Brian Bard Student Health Center Tim Carmichael Belk College of Business Alex Chapin College of Liberal Arts & Sciences Rose Diaz College of Arts + Architecture Dane Hughes College of Education Joe Matesich College of Computing and Informatics Michael Moore College of Health and Human Service

Resources College Data Security Officers IT Policies & Standards Security Awareness Training assurance/security-awareness-training Human Subjects (IRB) compliance-orc/human-subjectshttp://research.uncc.edu/departments/office-research- compliance-orc/human-subjects Checklist & Data Security Plan orc/human-subjects/3rd-party-data-requirements

QUESTIONS?