Securing Sensitive Data in a Research Environment

Several years ago, staff on one of the research projects in my organization developed guidelines for disseminating sensitive data to researchers around the country. These guidelines included eligibility requirements, a request for a security plan to protect the sensitive data, requirements for Institutional Review Board (IRB) review of the security plan for handling and storing sensitive data, a data confidentiality agreement to be signed by the data recipient, and notification that site visits may occur to verify the data was being used and protected in the manner specified in the researcher's application.