MPOG Principle Investigator S Check List

MPOG Principle Investigator’s Check List

The Principle Investigator (PI) is responsible for all of the data that is associated with the approved PCRC project. The PI will recruit a team to assist in reviewing and cleaning the data. They will recruit faculty from other institutions, residents, research assistants and students. Each individual gaining access to MPOG data will need to sign the affidavit below.

In addition, the PI affirms that he/she understands what is necessary for securing the data and understands it is their responsibility to ensure the entire team is educated on data safety before the PI receives the data.

Detailed descriptions of all the items on the checklist can be found on MPOG Security Website: http://mpog.med.umich.edu/security.

Secure Computer

☐ Encrypt all mobile workstations (laptops):

-  Encrypt computer hard drive using approved tools (document on MPOG website)

☐ Physical security of any servers

-  Institutional server room with near zero risk of physical theft

☐ Physical security or encryption of any desktop workstations

Install up to date antivirus programs

☐ Windows:

-  Norton Antivirus

-  WindowsAntivirus : Such as Microsoft Security Essentials or commercially available product: http://www.microsoft.com/windows/antivirus-partners/windows-7.aspx

☐ Macintosh:

-  Norton Antivirus

-  ClamXAV (free)

-  McAfee

☐ Create strong login passwords, not automatic at login (8 characters with 1 capital and 1 number)

Securing Files

☐ Encrypt and password protect files (Microsoft Excel 2010 or higher, SPSS 21 or higher, ZIP, or RAR)

Sharing File: Use MiShare ONLY

☐ Never share using a portable USB flash drive

☐ Never store files on public workstations

☐ Never store files on an unencrypted laptop

☐ Never store files on a home/personal desktop

☐ Never store files on a physically unsecured work desktop

MiShare

☐ Share files with other institutions using the University of Michigan File Share Service MiShare

-  Detailed direction on the MPOG Security Website above

-  Okay to run files on computer as long as you have encrypted your hard drive

Citrix/MPOG Application

☐ Obtain Access for PI and team from Tory Lacca () to the University of Michigan Identity Registration System to access MPOG Suite on the UMHS MPOG System

MPOG Principle Investigator’s

Check List: Page 2

I certify that I will:

☐ Not E-mail PHI

☐ Not store PHI on a portable USB

☐ Not save files on a public or personal use workstation

☐ Not give PHI to statistical staff

☐ Not use online sites (Dropbox, Box online storage, Skydrive, Google Docs, etc.) instead I will ONLY use MiShare

☐ Not use file/folder encryption in place of hard drive encryption and I know they are not equivalent

I certify that I will:

☐ Use encrypted files (Excel 2010, SPSS 21, ZIP, WinRAR, etc) to store patient data

☐ Use MiShare to communicate files to all collaborators

☐ Destroy the data if I leave the MPOG project or institution for which I am working

-  Delete files

-  Empty recycle bin

-  Shred any paper files

☐ Destroy distributed copies of the data (on research assistant workstations, etc) and maintain only one centralized dataset when the project is completed

☐ Employ and “off-boarding” process to confirm that data is deleted when a user leaves the project team

I (insert your name), as the Principle Investigators of the following project (insert manuscript title and PCRC Project Number) attest that I understand all the PHI security guidelines and will follow them. As the faculty investigator of this project I am responsible for the conduct of all members of my research team. I also understand that when a project is completed or a member of my team leaves the project, I will contact them to ensure they do not have any PHI on their personal computers or laptops.

Principle Investigator’ Signature / Date