Data Security Tips
Any device (e.g., desktop, laptop, tablet) used to access, process, or store HIPAA data or individually identifiable human subject research data, unless otherwise designated by the IRB, must have the following:
- Operating System is supported and updated
- Anti-Malware set to auto update and scan
- Disk encryption
- Auto screen lock (15 min max) to password/code
HIPAA Limited Data Sets can be processed on our Shared Computing Cluster (SCC4). SCC staff or the data provider (e.g., BMC Clinical Data Warehouse) can help you limit the data to that allowed by law: city, zip code, dates of birth, death, or treatment (partial de-identification)
A completely de-identified data set requires removal of these identifiers as well. See U.S. Department of Health and Human Services, Office for Civil Rights guidance on de-identification.
- If data is completely de-identified it is classified as Public Data.
Reminders and Updates