Data Management and Security
Research sponsors, scholarly journals, and the general public are demanding greater access to research data, especially if the data has been collected with public funds. This new focus on data accessibility means that effective data management-which has always been a crucial aspect of the research process-has new urgency for researchers and research institutions.
Careful planning for data management can help researchers fulfill the requirements of their sponsors, and increase the accessibility, usability, and impact of their work.
Resources are available to assist researchers in fulfilling data management and sharing requirements. The University Libraries' Scholarly Communications Program website has pages on Data Management and Open Access. The site contains valuable information on policies and resources for researchers, including the data management and sharing requirements of federal agencies, an overview slide presentation on Data Management and Sharing, FAQs and links to outside resources, including the NSF and NIH requirements.
Some research data are highly sensitive, such as Protected Health Information (PHI) including names or addresses associated with clinical information, or Personally Identifiable Information (PII) such as Social Security numbers, credit card numbers, or personal financial data. The release of such data can lead to harm such as privacy violations, identify theft, financial liability for the University, and in some cases, individual liability for the person who released the data.
All researchers should be aware that sensitive information is highly regulated by federal laws, such as HIPAA and HITECH, and by University policy, such as the Electronic Information Resources Security Policy. As the Policy states: "Individuals who access or control University electronic information resources must take appropriate and necessary measures to ensure the security, integrity, and protection of these resources, using appropriate physical and logical security measures."
Breaches and even suspected breaches must be reported to the Information Technology Security and Policy Office and to the local system administrator. At CUMC, breaches must be reported to the CUMC Privacy and Information Security Officers at firstname.lastname@example.org. Anyone with questions concerning Protected Health Information privacy or security requirements and HIPAA policies should visit the CUMC HIPAA webpage.