Re: Research Expectations

[Jere Retzer <retzerj () OHSU EDU>]

To a large degree, the problem of adequate funding for security in research efforts comes back to education, education, 
education. I've heard bio researchers say for years that they do not need security for what they do but how will they 
react if their data is destroyed, stolen or corrupted? I think that If the researchers considered it a core need then 
generally their federal counterparts would go along.

One of the nice things about HIPAA is that it returns the focus to the complete security picture needed to ensure 
information availability, integrity and (appropriate) confidentiality.  Most of us who have dug into HIPAA 
implementations quickly realize that technical security measures are just one small, although important part of the 
picture.  

Given the recent federal interest in computer security, however maybe we should call upon the feds to specifically 
address including adequate funding to ensure federally-funded research projects include adequate security.  Have them 
include a requirement in the grant application to describe the technical and procedural measures that will be used to 
insure the security (to include availability, integrity and confidentiality) of research data and infrastructure to be 
acquired under the project.