Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Management Planning for JHU SOM IRB Approval

Published byLeo Pitts Modified over 6 years ago

Similar presentations

Presentation on theme: "Data Management Planning for JHU SOM IRB Approval"— Presentation transcript:

1 Data Management Planning for JHU SOM IRB Approval
David Thiemann, MD Medical Director, Center for Clinical Data Analysis JHU SOM IRB Data Management Consultant/Reviewer Associate Professor, Cardiology, Epidemiology and Health Sciences Informatics 14 July 2017

2 IRB Data Review Types/Triggers
IRB Data Consultant Content review >=500 patients OR high-risk data JHU Legal Counsel/ Privacy Office Liability/compliance issues-rare De-ID, external sharing Information Security Technical review-rare Web apps, cloud apps, externally facing DB JHM Data Trust Research Sub-Council Stuart Ray, Chris Chute Policy review-rare External data sharing, conflict of interest

3 The Basics Store raw data/PHI on
Enterprise storage (SAFE, REDCap) Study-specific folder on JHED/AD-enabled managed server JHBox (discouraged) No PHI on desktops, laptops, thumb drives, CDs Separate raw-data and (de-identified) analytic files No unencrypted data transmission ( ) No external data sharing w/o specific permission No non-JHM tools (DropBox, Gmail)

4 IRB Data Management Documents: Plan, Data Security Profile, Data Dictionary
Plan: 1-3 paragraphs Specifics, not a statement of good intentions Describe data methods/flow, not just storage Explain case finding, data sources Either Data Security Profile (simple projects) or Checklist (complex) Data Dictionary—list what will be collected

5 Common Mistakes Excel Shared pswd/access Using MRN as 1o key
Portable, unauditable, no data typing Shared pswd/access Using MRN as 1o key No data dictionary “We’re going to abstract some charts” Back-channel/illicit data access Absurd data de-ID methods/promises No DIY de-ID for export Sample size fibs 498 patients of 5,000 Unrealistic EMR/Epic expectations Sipping from a dirty fire hose

6 Non-Epic Registries: New Data Trust Policy/Standards Coming Soon
Def: Ongoing enrollment, >500 pts Excludes Registries required by law/regulation, operational systems, consented clinical trials, external registries Technical requirements: MS SQL Server at MTW, designated DBA, logging, monitoring by security team JHED/AD authentication, MFA No unnecessary PHI: SSN, address, phone, No self-service access. No umbrella IRB approval.

7 Useful URLs IRB Data Security Profile form (studies involving >=500 patients): IRB Data Security Checklist form (for studies that do not comply with or meet the requirements of the Data Security Profile): JHM Privacy Office Use of Data Agreement (for data extracts from JHM enterprise databases, such as Epic, EPR2020, SCM and CaseMix): JHM encryption standards:

8

Download ppt "Data Management Planning for JHU SOM IRB Approval"

Similar presentations

Driving Factors Security Risk Mgt Controls Compliance.

Driving Factors Security Risk Mgt Controls Compliance.
Data Security Protocol

Data Security Protocol
A Guide to Compliant Data Management

A Guide to Compliant Data Management
Financial Services Workshop Margaret Umphrey ECU Information Security Officer March 12, 2014 1IT Security, East Carolina University.

Financial Services Workshop Margaret Umphrey ECU Information Security Officer March 12, IT Security, East Carolina University.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA and Professionalism In an age of electronic mediums.

HIPAA and Professionalism In an age of electronic mediums.
Common Errors to avoid in IRB- 03 (VA) Applications.

Common Errors to avoid in IRB- 03 (VA) Applications.
David Cloutier Director, Research Center Management and Development Budgeting for Industry Sponsored Clinical Trials.

David Cloutier Director, Research Center Management and Development Budgeting for Industry Sponsored Clinical Trials.
1 CLOUD AND SaaS-BASED PLATFORMS: ENSURING DATA PRIVACY May, 2011.

1 CLOUD AND SaaS-BASED PLATFORMS: ENSURING DATA PRIVACY May, 2011.
SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.

SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
HIPAA Data Security PCF Data Security Update May 1 st, 2015.

HIPAA Data Security PCF Data Security Update May 1 st, 2015.
REDCap Overview Institute for Clinical and Translational Science Neil Nuehring Jesteny Pascual Daniel Hingtgen https://icts.uiowa.edu/confluence/download/attachm.

REDCap Overview Institute for Clinical and Translational Science Neil Nuehring Jesteny Pascual Daniel Hingtgen
Security and Confidentiality Practices - Houston Dept. of Health and Human Services Jerald Harms, MPH, CART and Jeff Meyer, MD, MPH HIV/AIDS Surveillance.

Security and Confidentiality Practices - Houston Dept. of Health and Human Services Jerald Harms, MPH, CART and Jeff Meyer, MD, MPH HIV/AIDS Surveillance.
2012 VA IRB Administrators Meeting Stephania H. Griffin, JD, RHIA, CIPP/G VHA Privacy Officer Director, Information Access and Privacy Privacy Officer.

2012 VA IRB Administrators Meeting Stephania H. Griffin, JD, RHIA, CIPP/G VHA Privacy Officer Director, Information Access and Privacy Privacy Officer.
 background and intro  client deployment  system Architecture and server deployment  behind the scenes  data protection and security  multi-server.

 background and intro  client deployment  system Architecture and server deployment  behind the scenes  data protection and security  multi-server.
SECURITY: 2014. Personal Health Information Protection Act, 2004 this 5 min. course covers: changing landscape of electronic health records security threats.

SECURITY: Personal Health Information Protection Act, 2004 this 5 min. course covers: changing landscape of electronic health records security threats.
Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.

Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.
REDCap Overview Institute for Clinical and Translational Science Heath Davis Fred McClurg Brian Finley.

REDCap Overview Institute for Clinical and Translational Science Heath Davis Fred McClurg Brian Finley.

Similar presentations

Ads by Google