Educause Security Discussion mailing list archives
Re: *EXT* [SECURITY] research data
From: Velislav K Pavlov <VelislavPavlov () FERRIS EDU>
Date: Tue, 5 Dec 2017 17:31:44 +0000
Risk assessment including data identification, classification, mapping to assure the confidentiality, integrity, and availability of data at rest and in transit it addressed. Following the 18 identifiers guidance OR through "expert" determination (Privacy Officer and "expert") as defined here https://www.hhs.gov/hipaa/for-professionals/privacy/special-topics/de-identification/index.html. You have to map what PHI and ePHI looks like for your environment. We created profiles of the type of e/PHI data for each HIPAA Covered Component. We leverage our DLP for data discovery, classification, analysis, notification, and to quarantine specified files/folders. Patterns are patterns, this is where contextual identification helps; matching the what (content) with who, when, where, etc. Match for a patient record in the EMR system and user X from the Health Center is more likely to be a match than a detection of patient record from the Marketing department and hence has a different impact and priority assignment. For the redacting, we use the DLP tool to help us move data and leave a place holder. Most of the scrubbing is still manual especially if it's within a proprietary database or data format. Vel Pavlov | Coordinator, IT Security M.Sc. ISM, CISSP, C|HFI, C|EH, C)PTE, Security+, CNA, MPCS, ITILv3F, A+ From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greaser, Lydia Sent: Tuesday, December 5, 2017 10:45 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: *EXT* [SECURITY] research data Hi everyone, Was wondering what process you follow when de-identifying data for research projects like with PHI etc., who do you designate to do this that's qualified to meet the privacy rule. Do you also use certain software tools to help scrub the data? Sincerely, Lydia Greaser Interim Director of HSC Information Security WVU Health Sciences Center Information Technology Services **Notice** This message is from a sender outside of the Ferris Office 365 mail system. Use caution when clicking links or opening attachments. For assistance determining if this email is safe, please contact TAC. ________________________________
Current thread:
- research data Greaser, Lydia (Dec 05)
- Re: *EXT* [SECURITY] research data Velislav K Pavlov (Dec 05)