|
We are committed to ensuring both the privacy
of patient records and the integrity of our data
and data
systems. Towards that end, we have developed
a comprehensive information-system security plan
that includes the following features:
- Oversight by the Minneapolis Medical Research
Foundation’s Institutional Review Board
- Employee training in and signed commitment
to confidentiality issues in general and the
requirements of the Privacy Act and HIPAA in
particular
- Encrypted patient-identifiable data
- Limited, password-protected access to servers
and networks
- Restricted access to computing equipment
and data storage media
- Secure, restricted-access physical space
protected by electronic locks and cipher locks
- Staff who track data from initial request
to study completion, assuring security, confidentiality,
and regulation compliance
- Visitor logs to comply with the Privacy Act
- 24-hour security monitoring by an outside
security monitoring system
- Firewalls to block unauthorized computer
system access from the Internet
- Virus detection software for each desktop
and laptop on the network
- Regularly scheduled data backups
- Arrangements for off-site storage to prevent
data loss due to unexpected events
- Connection to an uninterrupted power source
to prevent data loss due to power failures
- Archiving systems to preserve programs, datasets,
study methods and results, abstracts, manuscripts,
and data reports
- Tracking systems to monitor the transaction
activities of research files
|
