Institutional Cybersecurity in a Clinical Research Setting

Chapter
First Online:
Part of the Translational Bioinformatics book series (TRBIO, volume 2)

Abstract

The principal challenge facing IT groups that support research on a daily basis lies in striking a fine balance: On one hand researchers must share data and use cutting edge analytic tools on a variety of computing platforms to enhance their creativity and productivity. On the other hand, much of the data that supports translational research contains personal health information derived from patients’ medical records. Hospitals are justifiably concerned about the highly sensitive nature of the data and the need to comply with a myriad of federal, state and local laws and contractual regulatory requirements that demand high levels of security and access control. In this chapter we discuss these challenges and the approaches taken at a research intensive children’s hospital to put a policy framework in place that enacts standards for security, monitoring, testing and design of the IT infrastructure. These protect the institution, while enabling collaboration and innovation among researchers. We stress the organizational need for a close and collaborative relationship between IT groups that support research and those charged with support of the medical center’s clinical and business operations. It is also important to recognize that technology alone cannot assure security. Institutional policies and user education also play key roles in assuring that confidential information is in fact protected.

Keywords

Intrusion Detection System Database Server Confidential Information Remote Access Virtual Private Networking 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

Notes

Acknowledgements

This publication was supported in part by an Institutional Clinical and Translational Science Award, NIH/NCATS Grant Number 8UL1TR07-04. Its contents are solely the responsibility of the authors and do not necessarily represent the official views of the NIH.

References

  1. Center for Internet Security. [cited 2012 June 11]. Available from: http://www.cisecurity.org
  2. Microsoft Baseline Security Analyzer. [cited 2012 June 5]. Available from: http://technet.microsoft.com/en-us/security/cc184923
  3. National Vulnerability Database Checklist Program. [cited 2012 June 11]. Available from: http://web.nvd.nist.gov/view/ncp/repository?tier=&product=&category=&authority=&keyword=
  4. NFSv4: overview of new features. [cited 2012 June 11]. Available from: http://www.iaps.com/NFSv4-new-features.html
  5. NIST IDS IPS Guide [cited 2012 June 5] Available from: http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf
  6. OpenVas. [cited 2012 June 5]. Available from: http://www.openvas.org/
  7. Processor Privilege Levels. [cited 2012 June 5]. Available from: http://cs.usfca.edu/∼cruse/cs630f06/lesson07.ppt
  8. Secunia Personal Security Inspector. [cited 2012 June 5]. Available from: http://secunia.com/vulnerability_scanning/personal/
  9. Security Content Automation Protocol (SCAP). Available from: https://scap.nist.gov/
  10. Squid Cache Proxy Project. [cited 2012 June 5]. Available from: http://www.squid-cache.org/
  12. Verizon Data Breach Report. 2011 [cited 2012 June 5]. Available from: http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2011_en_xg.pdf
  13. Windows Server Update Services. [cited 2012 June 5]. Available from: http://technet.microsoft.com/en-us/updatemanagement/default.aspx

Copyright information

© Springer Science+Business Media Dordrecht 2012

Authors and Affiliations

  1. 1.Department of PediatricsUniversity of Cincinnati College of MedicineCincinnatiUSA
  2. 2.Division of Biomedical InformaticsCincinnati Children’s Hospital Medical CenterCincinnatiUSA

Personalised recommendations