Protecting Information Is an Integral Part of All Our Activities

Posted

Electronic information is a powerful resource for the extramural community. Research of all types is facilitated greatly by keeping information in digital databases and in other forms that can be easily manipulated, e-mailed, posted, sorted or searched, and accessed by investigators in multiple locations. In addition, the availability and increasing sophistication of portable devices facilitate rapid transfer of large amounts of data and allow us to work almost anywhere. That said, however, these benefits are accompanied by an increasing risk of information finding its way to inappropriate places. This is all the more important because much of the information generated and used by the extramural community is of a sensitive nature, especially when the research involves human subjects.

The recent theft of an NIH employee’s laptop computer with sensitive data on human subjects has focused renewed emphasis on this issue and its associated risks. We at the NIH are examining our data security procedures to ensure that all our information systems are protected from unauthorized access. This includes confirming that all laptops and portable electronic devices are encrypted and that all staff is trained in the proper handling of sensitive information, pursuant to the Federal Information Security Management Act (FISMA), Title III of the E-Government Act of 2002 Pub. L. No. 107-347 (beginning on page 48).

To make sure we are all protecting the information produced by federally funded research, I encourage everyone in the extramural community to consider their information security procedures carefully. Ideally, personally identifiable, sensitive and confidential information about NIH-supported research or research participants should not be housed on portable electronic devices. If these devices must be used, they should be encrypted to safeguard data and information. Researchers and institutions should also limit access to personally identifiable information through ensuring proper access controls such as password protection and other means. Please see our recent NIH Guide notice.

The public trusts us with their personal information. It is up to every one of us to use it responsibly and protect it.

== Norka Ruiz Bravo, Director, NIH Office of Extramural Research