Change Online home
Top Story
Eye on the Nation
News
Crossroads
Conduct Matters
Basics
CPA News
News Extra

 

I’m a graduate student and recently started working in a lab at the School of Medicine. I’ve been using my personal laptop to record and store data so I can analyze it from home. However, I’ve been told that this may not be allowed. What are the regulations regarding data storage on my laptop?

Maintaining all original data in a secure location is important for defending yourself and the study team against questions about the propriety of research. In many cases of research fraud, the authors aren’t able to provide a complete set of verifiable data. Even if no misconduct occurred, not providing the full set of records can cast suspicion on you.

For this and other reasons, the School of Medicine’s Rules and Guidelines for Responsible Conduct of Research state that, “custody of all original data must be retained by the unit in which they are generated.” These rules—and the rules imposed by the funders of research—state in many cases that the data must be stored securely for several years. If you’re using your laptop to record original data and you’re transporting it to and from the lab, you cannot guarantee that the data will be secure in the long term or readily available for peers to review. Just as data written in a lab notebook doesn’t leave the room, data captured electronically also shouldn’t move.

However, it’s possible to protect the safety and integrity of electronic research data while using your laptop for work outside the lab. The original data should be stored on a computer in the lab. If you want to work with the data at home, you can easily copy the electronic data onto your laptop. Taking this step won’t always be enough to ensure data security and integrity. If your records include patient information protected under the Health Insurance Portability and Accountability Act, encryption software should be installed on your laptop by Hopkins IT professionals. Hopkins recently mandated that that all computers containing sensitive patient information, including personal ones, be encrypted.

Updated policies, procedures and regulations related to conduct of research are available at hopkinsmedicine.org/Research/OPC/index.html. square

 


 

To the Editor,

Thank you for the May 2008 “Conduct Matters” column providing guidance on the issue of the use of personal laptops to store and analyze lab data. As a point of clarification, it’s generally best practice to maintain protected health information and other sensitive data on professionally managed servers rather than copy data to laptops or workstations. When accessing this data remotely, you should use an encrypted communications channel such our virtual private network (VPN). This ensures that you don’t have several different versions of the files, and it also has security benefits, since even encrypted devices and files may have vulnerabilities. We have found that keeping sensitive information on servers is a more secure approach than downloading data to individual machines.

On another note: While many of our laptops use full-disk encryption, few workstations are now secured in that manner.

Sincerely,

Darren Lacey
Chief Information Security Officer
The Johns Hopkins University and The Johns Hopkins Health System

 
            
Please Write | Archived Issues
Johns Hopkins Medicine
© 2007 The Johns Hopkins University