Data Security

We take data privacy and HIPAA regulations very seriously. All data collected on human participants or biospecimens are subject to the Privacy Act, HIPAA, and all other U.S. Department of Health and Human Services (DHHS) regulations. Subjects' names and other private health information, with rare exception, are not part of the central database held at RTI; all such identifying information typically resides with the clinical site where the subject is enrolled. For the rare studies where identification is necessary, the identifying information is stored under rigorous security control separately from all other data. In addition, role-based security measures are built into our data management system to protect data from unauthorized access. System use and data access are limited to authorized users whose access, views, and actions are controlled by a configurable set of rights based on their role in the study. The DCC provides investigators with a secure environment to store their data. Attention is paid to both physical security (locks and keys) and to the security of data (on site and off-site backups, encryption, authentication, role-based access). The DCC uses Secure Socket Layer (SSL) connections when providing researchers to role-based access the data over the web. Security procedures are continuously monitored and upgraded as necessary. The DCC works with the Stanford University Privacy and Data Security Officer to comply with all HIPAA regulations as they pertain to a project.