All data is classified as either prohibited, restricted, confidential, or public.
- Prohibited: Either protection of the data is required by law or regulation, or inappropriate access requires disclosure. This includes information like social security numbers, credit card numbers, health insurance policy ID numbers, driver's license numbers, and financial account numbers.
- Restricted: Prohibited information that Stanford's Data Governance Board has determined must be accessible to faculty, staff, or students to accomplish Stanford's mission. This includes information like patient health information (PHI) and passport and visa numbers.
- Confidential: Data that are neither prohibited or restricted but are not generally available to the public. This includes student records/admissions applications, research data, personnel files, donor and donation information, and SU and employee ID numbers.
- Public: Data not in the previous three categories.
Detailed descriptions and explanations of these data classifications can be found on the Information Security Office's web site.
Options for secure storage and backup
- Secure AFS (Andrew File System): This AFS-based storage service allows for the storage of public, confidential, restricted, and prohibited data, and includes both storage and nightly backups. Standard AFS space allows for storage of public and confidential data only.
- Secure IGFS (Individual & Group File Storage): Similar to the normal IGFS service, but allows for storage of public, confidential, and restricted data (but not prohibited data). Backups are available. Standard IGFS space allows for storage of public and confidential data only.
- Online Archive Storage: Allows for storage of public, confidential, and restricted data (but not prohibited data).
The Information Security Office has a nice chart of services that shows which ones can be used for which categories of data.
Working with sensitive information
Sensitive data may require de-identification or anonymization. Strategies for approaching these processes are based on the type of analysis you wish to perform. It is not recommended that you collect sensitive data using Excel. Use Excel only for analysis of your de-identified or anonymized data.
The following are tools available to Stanford researchers who are collecting and managing patient health or other sensitive information.
Visit Clinical Informatics for more information and to request a free consultation about using these tools or working with sensitive data.
REDCap (Research Electronic Data Capture) is an application for building and managing online databases. The Stanford Center for Clinical Informatics (SSCI) runs and supports a secure, local Stanford installation of REDCap for the Stanford research community at no cost. REDCap provides a web-based interface for collecting data with data validation and includes the ability for automated export to statistical packages. The software also includes data logging for HIPAA compliance and the ability for administrators to define access rights on a per-user basis. Data stored in production REDCap databases is not automatically purged, but archiving of completed within REDCap is recommended. In the event the REDCap service were to be replaced or discontinued, all project owners would be notified and plan devised that would allow ample time for owners to export their data.
Visit the Clinical Informatics web site for more information on REDCap.
The Stanford Center for Clinical Informatics (SSCI) provides access to clinical information for research purposes through STRIDE -- Stanford Translational Research Integrated Database Environment. The cornerstone of STRIDE is a clinical data warehouse that integrates historical and current clinical data from the Lucile Packard Children's Hospital and Stanford Hospital and Clinics. STRIDE is a highly secure environment utilizing encryption, fine-grained access control, robust auditing and detailed data segregation. Additionally, STRIDE has a robust access control framework with well-defined access granting authorities and access control groups. Consequently STRIDE meets or exceeds the requirements of the HIPAA Privacy and Security regulations. Privacy protection is further enhanced by requiring IRB approval for all research projects using STRIDE clinical data.
Visit the Clinical Informatics web site for more information on STRIDE.
Qualtrics is an online survey tool with customizable templates, the ability to send and track invitations and reminders, and in-depth reporting. The service includes the ability to generate reports, view statistics, and export data for analysis. Qualtrics may be used to store and transmit restricted and confidential data, such as patient health information and research data.
Visit the Clinical Informatics web site for more information on Qualtrics.