Table 30 |
|
Summary of security and privacy requirements for a federated biomedical grid. |
|
Guidelines |
|
|
|
A separate legal entity for governance is desired. |
|
|
|
Consensus on foreign and commercial partnerships should be developed |
|
|
|
Risk models and risk management processes for data within the Federation should be defined. |
|
|
|
Specific technical infrastructure to support the credentialing process in the regulated environment should be developed. |
|
|
|
The feasibility of creating a federated honest broker system should be studied. |
|
|
|
Local control of identity provisioning and authorization of users is desired. |
|
|
|
The identity credentialing process should be strong. |
|
|
|
A special credentialing structure for institutionally unaffiliated investigators will be needed. |
|
|
|
Existing institutional infrastructure should be leveraged. |
|
|
|
Develop or acquire acceptable HIPAA and research ethics training modules for the entire federated community. |
|
|
|
A central auditing authority is a necessity. |
|
|
|
All data sets dealing with human data, whether de-identified, limited, or fully identified, should be subject to the same auditing requirements. |
|
|
|
Specific tooling to support the auditing functions is needed. |
|
|
|
A Two-protocol Mode for Data Exchange is accepted by interview participants. |
|
|
|
|
|
Further Study |
|
|
|
Potential for federated human honest broker systems to reduce the number of cases where identifiable information is necessary. |
|
|
|
Manner in which undefined prospective research involving data and tissue repositories will be consented and handled. |
|
|
|
Establishment of data use and confidentiality agreements between participant organizations and individual investigators in a scalable fashion. |
|
|
|
Development of common consent forms acceptable to all IRBs participating in a federation. |
|
|
|
Manion et al. BMC Medical Informatics and Decision Making 2009 9:31 doi:10.1186/1472-6947-9-31 |
