Skip to main content

Table 5 Potential functions of the governing body suggested by participants.

From: Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study

Functions of a Governing Body Suggested by Interview Participants Count
Data Use  
Establish principles of operation of the community 3
Make project-wide decisions regarding appropriate use of data and tissue (rules of engagement) 5
Establish uniform position on data ownership and intellectual property 1
Set standards for assuring data integrity 1
Establish common guidelines on professional credentials needed to access specific types of data 2
Oversee the "joining" of organizations 4
Review privacy laws and research ethics guidelines for potential foreign partners before entry 2
Community-Wide IRB Functions  
Provide community-wide assurance that all repositories have appropriate IRB review 1
Establish common Data Safety Monitoring Plans agreeable to constituent IRBs 1
Act as a community-wide Data Safety Monitoring Board 1
Establish standards for Human Subjects Research (HSR) and HIPAA training; require institutions to assess own training modules; publish results to community 1
Provide guidance on common consent form language across caBIG 2
Random checks of user publications to determine whether data use appropriate to protocol 1
Risk Assessment  
Establish common levels of data risk and identify security mechanisms appropriate for risk level 1
Provide centralized statistical assurance of minimal risk of re-identification for systems 2
Establish Security Policies and Processes  
Prevent and police abuse 4
Establish common guidelines for provisioning and de-provisioning users 2
Establish requirements for monitoring credentialing process and assess incoming progress reports 2
Establish standards for authorization 2
Set minimum standards for physical security 2
Set standards for what users will have to agree to do and not do 1
Audit and Oversight  
Aggregate audit information and provide reports back to member institutions 2
Monitor compliance with established and agreed upon processes 2
Periodic checks of whether the data which is supposed to be de-identified is REALLY de-identified 1
Investigation of security incidents 1
Reporting and Enforcement  
Establish enforcement policy for sanctioning of organizations or individuals who misuse resource 1
Report misuse to OHRP, ORI and funding agency when necessary 1
Issue federation-wide reports of security incidents 1
Maintain federation "No Fly" list of researchers not permitted access anymore from any institution 2
Mediate disputes between organizations 2
Accept requests to appeal decisions at local institutions (for example termination of access) 1
Build Trust within the Community  
Build trust among institutions that data will be used appropriately 3
Build trust in veracity of user identities 1
External Standards and Best Practices  
Set external standards participating institutions must meet (e.g. CLIA approval of tissue-banks) 1
Seek out and publicize community-wide best practices 1
Strategic Role  
Establish goals for the entire project and ensure that operation is in keeping with those goals 1
Monitor new regulations coming from the federal government and address relevance to sites 1
Assess and address weaknesses of the collaborative research environment 1
Address novel problems 1
  1. Scenario 1 – Question 3. A total of 17 interviews provided responses. Respondents included individuals from all organizational roles. Data was aggregated with interview statement as the unit of analysis