Functions of a Governing Body Suggested by Interview Participants | Count |
---|---|
Data Use | Â |
Establish principles of operation of the community | 3 |
Make project-wide decisions regarding appropriate use of data and tissue (rules of engagement) | 5 |
Establish uniform position on data ownership and intellectual property | 1 |
Set standards for assuring data integrity | 1 |
Establish common guidelines on professional credentials needed to access specific types of data | 2 |
Oversee the "joining" of organizations | 4 |
Review privacy laws and research ethics guidelines for potential foreign partners before entry | 2 |
Community-Wide IRB Functions | Â |
Provide community-wide assurance that all repositories have appropriate IRB review | 1 |
Establish common Data Safety Monitoring Plans agreeable to constituent IRBs | 1 |
Act as a community-wide Data Safety Monitoring Board | 1 |
Establish standards for Human Subjects Research (HSR) and HIPAA training; require institutions to assess own training modules; publish results to community | 1 |
Provide guidance on common consent form language across caBIG | 2 |
Random checks of user publications to determine whether data use appropriate to protocol | 1 |
Risk Assessment | Â |
Establish common levels of data risk and identify security mechanisms appropriate for risk level | 1 |
Provide centralized statistical assurance of minimal risk of re-identification for systems | 2 |
Establish Security Policies and Processes | Â |
Prevent and police abuse | 4 |
Establish common guidelines for provisioning and de-provisioning users | 2 |
Establish requirements for monitoring credentialing process and assess incoming progress reports | 2 |
Establish standards for authorization | 2 |
Set minimum standards for physical security | 2 |
Set standards for what users will have to agree to do and not do | 1 |
Audit and Oversight | Â |
Aggregate audit information and provide reports back to member institutions | 2 |
Monitor compliance with established and agreed upon processes | 2 |
Periodic checks of whether the data which is supposed to be de-identified is REALLY de-identified | 1 |
Investigation of security incidents | 1 |
Reporting and Enforcement | Â |
Establish enforcement policy for sanctioning of organizations or individuals who misuse resource | 1 |
Report misuse to OHRP, ORI and funding agency when necessary | 1 |
Issue federation-wide reports of security incidents | 1 |
Maintain federation "No Fly" list of researchers not permitted access anymore from any institution | 2 |
Mediation | Â |
Mediate disputes between organizations | 2 |
Accept requests to appeal decisions at local institutions (for example termination of access) | 1 |
Build Trust within the Community | Â |
Build trust among institutions that data will be used appropriately | 3 |
Build trust in veracity of user identities | 1 |
External Standards and Best Practices | Â |
Set external standards participating institutions must meet (e.g. CLIA approval of tissue-banks) | 1 |
Seek out and publicize community-wide best practices | 1 |
Strategic Role | Â |
Establish goals for the entire project and ensure that operation is in keeping with those goals | 1 |
Monitor new regulations coming from the federal government and address relevance to sites | 1 |
Assess and address weaknesses of the collaborative research environment | 1 |
Address novel problems | 1 |