So in handly datasets, how do we protect patient data from hackers? Is there a policy surrounding DCoP and how data security is managed?
2 Likes
I think this is an interesting question – I have tended to think about this from a data-specific policy (e.g., whichever data we’re referring to is governed by it’s own data use agreement). That said, the DUAs I have experience with such as the one for Fox Insight are pretty generalized (e.g., ‘keep data secure’ rather than ‘here is how to keep the data secure’) and say things like researchers must follow all local regulations (frequently citing things like GDPR and local institutional review boards).
Have you had policies or specific guidance you’ve seen on this? I haven’t had a chance to look through them extensively, but here are some from Michigan University, Princeton, and Harvard.
1 Like
Very good links to look into. I find that often times, the reason why other researchers are reluctant to expose other colleagues to their data is because they are unsure of how data will be managed or handled.
I guess both parties who intend to share data have to consider careful which devices data will be on, encryption procedures, how long data can be shared, how data is transported and how data will be disposed off.
2 Likes
Agreed! When you have a chance to look at those resources curious as to your thoughts – my sense is that reluctance is both present in a lot of places, but also with localized nuance. If there are ways to align on something like… best practices/guidelines or to develop other resources for alleviating those concerns I think that would be a great benefit to the broader community!
2 Likes
I agree
I see us working on best practices resource that integrates all that I read from the links you shared
thank you
I believe @vdardov may have some experience with data security? Tagging her here in case she has additional thoughts or resources on this topic.
Data security varies greatly based on so many things. For AMP PD, a signed data use agreement grants users access to data that is stored in google cloud. GCS has a lot of great security features and access controls, as do most cloud providers. There is definitely the concern that a researcher who has access can download the data and share it with those who don’t have access, but that is going against the data use agreement/contract that is signed.
In terms of sharing between labs, scientists and clinicians, there are secure ways of sharing data through password protected folders, uploading to a secure/private drive and sharing that.
In terms of protecting data that the DCoP shares from hackers; it seems like we are uploading data for sharing to Zenodo. They have a whole section on infrastructure which mentions they stay up to date with the latest security patches. That being said, if we are sharing patient data, we need to ensure that the patient data is deidentified, and like @Vidash stated, people need to consider where the devices the data will be on, encryption, etc. @jgottesman had a great point on best practices and guidelines - definitely something that’s needed for individuals within the DCoP that want to share data.
2 Likes
Thanks for sharing this.