Skip to main content

Table 17 Information needed about users for provisioning decisions.

From: Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study

Information Needed to Make Provisioning and Authorization Decisions
Federal-Wide Assurance Number of IRB
Nationwide IRB Identifier
Quality of HIPAA training verified
Has institution agreed to abide by policies?
Has institution been debarred?
Institution(s) investigator employed at
Is IRB Human Subjects Research Training up to date?
Is the HIPAA training up to date?***
Who has personally vouched for this individual's identity and need for access?
User has agreed to abide by policies
User has promised not to try to re-identify data
User has promised not to share credentials
User has promised to use the system only for the purposes of the project
Has the individual been debarred?
Are there findings of research misconduct associated with the individual?
Have there been OHRP sanctions?
If user associated with unaffiliated institution – has user completed an unaffiliated user agreement?
If user is performing preliminary research – has there been some other institutional review or approval?
IRB Protocol
IRB approval number
IRB approval dates
Category of IRB approval (not HSR, exempt, expedited, full-review)
PI named on IRB protocol under which user is searching
Name and short description of project
  1. Scenario 1 – Questions 9 and 12. Respondents included individuals from all organizational roles. Data was aggregated with interview statement as the unit of analysis.