Policies & Procedures

Only authorized researchers have access to either the electronic or the physical data. Different levels and means of access are defined by the CHIR Director in consultation with the Data Manager, depending upon the functions and requirements of the individual, authorized researcher. Authorized researchers limit their access to patient-specific information to only what is necessary for the execution of the research tasks. All authorized users must sign a confidentiality agreement, signifying compliance to the data security protocol.

The CHIR servers are hosted by ASU’s University Technology Office (UTO) and are continuously monitored by authorized UTO staff. Physical access to the servers is restricted to authorized UTO staff members and the Data Manager, and the servers are secured behind pass-coded doors with video surveillance monitoring. All electronic data files containing personally identifiable information are stored only on these servers.

The CHIR servers are kept distinct from the rest of the ASU network. Remote access to the server can be accomplished only through a password authenticated Virtual Private Network connection, and all access attempts are restricted and logged by a dedicated CHIR-owned firewall. Logon privileges are granted only to authorized researchers using secure passwords via access lists maintained on the firewall server.

The CHIR office suite is secured by a series of secure locks, providing access only with combined usage of an ASU personal identification card and a unique, randomly generated pass code. There are three levels of secure access for both the physical media storage and the CHIR data personnel offices. The building in which the CHIR office suite is located grants after hours access to the building only by individually assigned pass cards and provides building security twenty-four hours per day, seven days per week.

Computational Resources

CHIR utilizes very large databases containing confidential health care information for millions of individuals in Arizona. CHIR has the technological capability to efficiently manage this vast amount of data through ownership of four dedicated, optimized servers. The Network Appliance® Network Attached Storage (NAS) file server has capacity for over sixteen terabytes (TB) of data, along with two IBM application servers, each running dual Intel processors for the processing, summarizing and analyzing of the data using cutting edge industry-standard software tools. These servers are secured behind a firewall server and are maintained in a secure facility on the ASU campus. All appropriate physical and electronic security protocols have been implemented to restrict access to this highly sensitive data, including the encryption of all sensitive database tables.

 

CHIR - Center for Health Information & Research
502 E. Monroe St., Ste. C320 Box 13, Phoenix, AZ 85004-2430| Map
Main Office: 602.496.2021 / chir@asu.edu
Webmaster