Sensitive Data Retention and Destruction Policy

Transcription

1 Sensitive Data Retention and Destruction Policy Institutional Policy Title: Sensitive Data Retention and Destruction Policy Responsible Officer: Director, Research Informatics Effective Date: Revised Date: 3/6/2014 Supersedes: New Policy Approved By: Table of Contents 1 Purpose Scope Definitions Policy Statement Procedures Data Use Agreement Tracking Notification Process Project Closeout Storage Facilities Physical Content Electronic Content Long Term Storage Tracking Destruction Process Permanent Retention Related Policies Reference Materials Appendix Document Properties... 5 Sensitive Data Retention and Destruction Policy 1/6

2 1 Purpose The purpose of this policy is to protect the privacy of sensitive data collected from and about research participants. The aim is to be in compliance with good data practice and all applicable Federal and State laws on protecting data security. This policy provides deference to HSL corporate data retention policy, but establishes guidance for data handling with regards to data use and data sharing agreements, which may conflict with existing HSL policy. 2 Scope This policy applies to all faculty and staff of Hebrew SeniorLife Institute for Aging Research (HSL/IFAR) working on research projects involving sensitive data (SD) and/or projects with explicit data use or data sharing agreements. 3 Definitions Term: Sensitive Data Any data which contains Social Security Numbers or other personal identification numbers, confidential personal or financial information, protected health information, student educational records, proprietary customer data or information that is otherwise deemed to be protected by HSL corporate policy, state, federal, or international laws, statutes, or regulations or explicitly identified in a contract. 4 Policy Statement Sensitive data are to be destroyed by the date specified by corporate rules unless otherwise stipulated in the Data Use Agreement (DUA), Data Sharing Agreement (DSA), Contract or Grant Guidelines (federal and non-federal). 5 Procedures Data obtained via a DUA or DSA must be destroyed upon the date or point in time specified in those agreements. If not otherwise governed by a DUA/DSA or another type of contractual agreement, investigators and staff should follow the HSL IRB data retention policies and HSL IT policies for appropriate destruction dates and methods. The project principal investigator is responsible for directing and certifying data destruction and completing any required forms (e.g., CMS Certificate of Data Destruction). 5.1 Data Use Agreement Tracking IFAR administration, which includes the Informatics Core, will assist investigators in tracking destruction deadlines by maintaining a database of data use and sharing agreements. It is the Sensitive Data Retention and Destruction Policy 2/6

3 responsibility of the principal investigator to provide the Director of Research Informatics with relevant information (e.g. project title, IRB number, deadline date, etc.) to assist the Institution in tracking projects maintained in this database Notification Process The Director of Research Informatics will query the tracking database monthly for projects with expiring DUAs/DSAs or approaching the "destroy by" date for paper and electronic data files. The Director will inform investigators 90 days before destroy by dates to confirm and facilitate data destruction, or if an application to extend a DUA/DSA is required. 5.2 Project Closeout All investigators and project directors should develop and execute project closeout activities. This process should be executed at the end of primary data analysis and before IRB authorization expires. Closeout activities might include creating de-identified data sets and clear result set documentation as well as aggregating study communications, meeting minutes, casebooks and other related materials. These artifacts should be stored in preapproved locations on the HSL corporate network for electronic content or in designated long term storage facilities for paper-based materials. Content containing sensitive data or data related to a DUA, DSA, Grant or Contract should be clearly marked or organized in a way to facilitate permanent data destruction. 5.3 Storage Facilities Physical Content IFAR maintains three physical locations for storing project content. The use of these locations must be preapproved by Vice President of Research Administration. Name 6 th Floor Roslindale Patio Roslindale (gated) B2 Roslindale (gated) Container Access Restrictions Type Cabinet Requires IFAR floor access, Keys controlled by project director or her designee Storage Box Requires preapproval from Director of Research Informatics Keys are maintained by HSL security Storage Box Requires preapproval from Director of Research Informatics Keys are maintained by HSL security Storage Type Active Projects Long Term Long Term Projects may also employ third party long term storage facilities (e.g. Iron Mountain) at their own expense. Approval from the VP of Research Administration and Director of Research Informatics must be obtained prior to engaging in a contract or transmitting content to this Sensitive Data Retention and Destruction Policy 3/6

4 third party. Certification of all materials stored must be obtained and retained by the Informatics group. Projects using long term storage must be registered with Informatics Core and incorporated into its database. See description below. All paper content must be stored in appropriate, sturdy containers preapproved by administration. Clear labels must be applied to assist staff in recovery and destruction Electronic Content IFAR maintains a dedicated project archive network file share for permanent storage of electronic content. Project teams are encouraged to organize and store sensitive data and accompanying materials in this location. Access to the IFAR project archives is strictly prohibited and requires preapproval with the Director of Research Informatics and assistance from the HSL IT Department Long Term Storage Tracking The Informatics Core maintains a database of all projects using long term on-site physical storage. The database contains a list of all projects, investigator and administrative contact information, destroy dates and grant information. Furthermore, each project asset (i.e. storage box) is tracked with a label and minor details. Access to this database is controlled by the Director of Research Informatics. 5.4 Destruction Process The investigator is responsible for organizing or directing his/her staff to destroy paper and electronic (source and derivative) data files on the deadline date where there is no pending amendment or exception to a DUA. The Director of Research Informatics will provide assistance or additional resources to execute relevant tasks. The following resources may be destroyed in this process. Electronic data files located on any active or archived network file share locations. These include Windows file shares, document management systems (e.g. SharePoint), or distributed file systems (e.g. Dropbox, Accellion, etc). Electronic data sets stored in database systems (e.g. Microsoft SQL Server, MySQL) or dedicated analytical systems (e.g. SAS server, Hadoop, etc.). Paper records stored on site in IFAR long term storage (e.g. Patio) or off site commercial storage (e.g. Iron Mountain). All electronic equipment (e.g. hard drives) must be turned over to IT for destruction (see below). The investigator is responsible for certifying, with assistance and documentation from third parties (e.g. IT, off-site storage, etc.), that all sensitive data have been destroyed properly Electronic Equipment The investigator or her designee is responsible for turning over all electronic equipment to IT for destruction. The IT department uses a certified data destruction company that adheres to HIPAA policies on data and equipment destruction. Sensitive Data Retention and Destruction Policy 4/6

5 Equipment no longer in use should relinquished to IT as soon as possible The investigator must schedule equipment pickup or drop off through the help desk system o Server equipment destruction is handled by IT Operations staff o Mobile (tablets, laptops, etc.) and desktop equipment is handled by Help Desk staff The IT department schedules equipment destruction biannually or on an as needed basis o Equipment queued for destruction is stored in a secured, locked room with card control access All equipment (servers, workstations, etc.) is bar-coded by IT staff prior to deployment o Barcodes are referenced at end-of-life and cross referenced before destruction All storage components (i.e. hard drives, integrated devices) are shredded on site by vendor o A master list of devices destroyed (receipt) is provided and cross-referenced 5.5 Permanent Retention Once a project is complete, investigators may not maintain project files that contain identifiable research data, including statistical package scripts, project documentation, grant applications, etc. Investigators may retain de-identified data sets with no mechanism or scheme that may re-identify research participants. 6 Related Policies The document author(s) have attempted to identify policies that may be applicable or related to this policy. This is not an exhaustive list. All HSL employees are expected to abide by all active policies of the organization at all times. As such, employees are encouraged to review any and all potentially applicable policies regardless of whether they are identified below. HSL reserves the right to modify, cancel, or enact new policies at anytime, without notice. HSL Policy: Record Management, Retention, Disposition and Destruction Guidelines HSL IRB Policies and Procedures (Section 3 Investigator and Research Personnel Requirements, and Section 14 Record Management) 7 Reference Materials NA 8 Appendix NA 9 Document Properties Title: Sensitive Data Retention and Destruction Policy Sensitive Data Retention and Destruction Policy 5/6

6 Author: Version: File Name: Jason Rightmyer Sensitive Data Retention Policy.docx Sensitive Data Retention and Destruction Policy 6/6