General Confidentiality Practices Checklist (Page 2 of 3) in pdf

areas such as open labs, elevators, or hallways; and reminders to employees of their special duty

to maintain confidentiality when research involves individuals they know personally.

Formally credentials staff who have received confidentiality training.

Conducts a routine evaluation of skill and performance with regard to protection of confidentiality

an identifies re-training needs based on performance.

Routine evaluation of employees’ skill and performance is conducted.

Re-training needs are based on performance indicators, either for individuals or groups.

Electronic Security

_______________________

) has the following technical practices in place:

(Firm or Registry

Authentication of users by means of passwords or digital ID.

Access control by means of role-based authentication/access, locked server room, and an internal

firewall.

An audit trail that documents who, when, and for what purpose data (including paper) was

accessed.

A disaster prevention and recovery plan including adequate fire and entry alarms where data are

stored; a fireproof file space for paper, routine backups of electronic data at intervals appropriate

for the rate of data accrual; and offsite storage of backups (e.g., a safe deposit box).

External firewalls in places to prevent remote access by unauthorized users.

Virus checking is routine as are updates to the data files and engines to provide maximum

protection of data files.

System assessment including diagnostics runs and external audits conducted regularly to insure

the integrity of the system.

Data that are sent and received in conjunction with _________ (Registry) activities are

electronically encrypted.

A data retention schedule is defined which includes a notation of the date when files are destroyed.

Data file owners are notified when their file is destroyed.

The transfer of data is accompanied by

A data-transfer agreement incorporating confidentiality standards to ensure data security at the

recipient site and set standards for the data use at the recipient site.

A paste (electronic) or stamp (paper) on all records containing identifiable data as a reminder of

the need for special handling.

procedures

Telecommuting and the use of home offices maintains the same level of security and

to address special issues, including data-transfer agreements, secure transmission

procedures, and encryption. Additional safeguards are also followed, including: maintenance of

minimal data on home computer, use of electronic screen savers, and password control at home.

Inventory: Security and Confidentiality

2 of 3

As of 04/09/2002

General Confidentiality Practices Checklist Page 2