Mount Sinai Health System Data Security Policies
The PPHS office expects that all research conducted at the institution follows all relevant Health System policies. Policies related to data security standards are available on the MSSM intranet on the following pages:
- IT Security Policies and Guidelines: http://infosec.msnyuhealth.org/
- Institutional HIPAA Security Policies: http://intranet1.mountsinai.org/hipaa/security_management_policies_alpha.htm
A couple of key points are the requirement to employ encryption of all laptops and portable media devices as well as research data on a local drive of a workstation computer. Local hard drives that have full disk encryption do not require separate encryption of each data file.
The PPHS office expects that when an investigator indicates in the protocol template that data will be encrypted, that the investigator is using encryption software as described in the policies and guidelines.
The PPHS office expects that when an investigator indicates that all data will be saved on the MSSM Server, that by “MSSM Server” the investigator means a folder on the network server that has appropriate levels of protection, is behind the firewall and is backed up and maintained by the IT department, and is accessible only to authorized members of the research team.
Program for the Protection of Human Subjects
For submissions and general inquiries send e-mail to: IRB@mssm.edu
345 East 102 Street
(between 1st and 2nd Avenues)
New York, NY 10029
Icahn School of Medicine
One Gustave L. Levy Place
New York, NY 10029-65749