Skip to main content

Advertisement

Table 30 Summary of security and privacy requirements for a federated biomedical grid.

From: Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study

Guidelines
A separate legal entity for governance is desired.
Consensus on foreign and commercial partnerships should be developed
Risk models and risk management processes for data within the Federation should be defined.
Specific technical infrastructure to support the credentialing process in the regulated environment should be developed.
The feasibility of creating a federated honest broker system should be studied.
Local control of identity provisioning and authorization of users is desired.
The identity credentialing process should be strong.
A special credentialing structure for institutionally unaffiliated investigators will be needed.
Existing institutional infrastructure should be leveraged.
Develop or acquire acceptable HIPAA and research ethics training modules for the entire federated community.
A central auditing authority is a necessity.
All data sets dealing with human data, whether de-identified, limited, or fully identified, should be subject to the same auditing requirements.
Specific tooling to support the auditing functions is needed.
A Two-protocol Mode for Data Exchange is accepted by interview participants.
Further Study
Potential for federated human honest broker systems to reduce the number of cases where identifiable information is necessary.
Manner in which undefined prospective research involving data and tissue repositories will be consented and handled.
Establishment of data use and confidentiality agreements between participant organizations and individual investigators in a scalable fashion.
Development of common consent forms acceptable to all IRBs participating in a federation.