Sounds great - Thanks Jon! Patrick
On Apr 30, 2014, at 2:06 PM, Jon Stiles wrote: > On Monday, ICPSR will be conducting a webinar on building restricted use data > support services. > > This looks like a valuable use of time – May 5th > > http://www.icpsr.umich.edu/icpsrweb/ICPSR/support/announcements/2014/04/webinar-announced-building-restricted > > - > Jon > > From: [email protected] > [mailto:[email protected]] On Behalf Of Steve MASOVER > Sent: Wednesday, April 30, 2014 2:00 PM > To: RIT Reading Group > Subject: Managing sensitive/restricted research data: Wed. 7 May 12-1pm > > All, > > Our next Reading Group meeting will take place on WEDNESDAY of next week -- > May 7th -- from noon to 1pm in 200C Warren Hall. > > We'll be discussing management of sensitive or restricted research data, with > a particular focus on federal guidelines and rules: issues that are > critically important to researchers across a wide range of domains because > those guidelines and rules ground the model for auditing research grants that > manage or use sensitive data. > > University practice in this area is largely driven by institutions that > include medical schools, and therefore broad and deep need to manage personal > health information in a secure way in alignment to HIPAA guidelines (see > optional reading). That said, more and more sensitive data outside med school > domains needs the same kind of management. > > This was a topic of special discussion at the April CASC meeting in > Arlington, VA, attended by Patrick Schmitz who will facilitate next week's > discussion. > > Please read the following to prepare for our discussion next Wednesday (note > specific page or section callouts for the large NIST document): > > ==> Overview of Federal Information Security Management Act (FISMA): > http://csrc.nist.gov/groups/SMA/fisma/ and > > http://en.wikipedia.org/wiki/Federal_Information_Security_Management_Act_of_2002 > > > ==> FISMA generally points at NIST for the details: > http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf > [Page references below are PDF pages, not the numbering of pages in the > document sections themselves...] > o PDF pages 8-12 > o Chapter 1, Introduction (PDF pages 23-27), > o Chapter 2 through the end of Section 2.1 (PDF pages 29-31) > o Glance at Appendix D for the way they think about the guidelines (PDF > page 107-149) > > Federal Risk and Authorization Management Program (FedRAMP) is another model. > See > http://www.datacenterknowledge.com/archives/2013/11/26/government-clouds-what-is-a-fedramp/ > for a discussion of fedRAMP certification. Browse > http://www.gsa.gov/portal/category/102375 andhttp://cloud.cio.gov/fedramp if > you want. > > Optional: > ========= > > HIPAA: Read the intro to > http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act, > but ignore all the bits about insurance, etc. > > Scan > http://www.businesswire.com/news/home/20110707006289/en/University-California-Settles-HIPAA-Privacy-Security-Case#.U2A7M_ldV8E > for impact on Med Centers. > > A commercial approach: HITRUST: > http://hitrustalliance.net/common-security-framework/understanding-leveraging-csf/ > > > > We're looking forward to seeing you on Weds 7 May at noon, 200C Warren Hall. > > ~Steve > > > > > -- > Steve Masover > IST Research Information Technologies > [email protected] > 510-642-8488
