U.S. Department of Health and Human ServicesHHS National Institutes of HealthNIH National Center for Advancing Translational SciencesNCATS
Home

Review & Clean Your Data

Review Data Protection Plan

If you have not already developed a plan for managing and protecting your participants’ data when you were setting up your registry, do so now. You need to ensure that your participants’ data are secure. Develop an action plan in case a security breach accesses participants’ personally identifiable information (PII). Maintaining the trust of your participants and guaranteeing data security is paramount in ensuring the success of your registry.

Your data security protocol could address these or similar questions:

  • Who can handle and access data?
  • Which data do you share with researchers; which do you not?
  • How often should you update your data security protocol?
  • How do you update your registry as data security best practices evolve?
  • How do you lock down the system if there is a breach?
  • How and when should participants be notified if there is a breach?
  • Which stakeholders or strategic partners should you notify and what should you tell them?
  • How do you recover from a security breach?

Decrease the likelihood of data breaches by taking steps to minimize risks. Here are some example measures you can customize to develop and implement a data security protocol that meets the unique needs of your registry.

  • Establish secure access. Determine how to control access to the data to ensure your registry is secure and to minimize exposure to your participants’ sensitive data.
  • Develop security guidelines. Clearly set guidelines and expectations for security measures in a written policy for anyone who works with the registry data.
  • Set up automated detection systems. These can alert you when there is unusual activity involving sensitive data.
  • Maintain software and security updates. To keep up with the increasingly sophisticated ways breaches occur, make sure that your team is keeping up with security patches to address new methods of attacks.
  • Create a data breach response plan. Data breaches can happen regardless of how many precautions you have taken. Establishing a response plan will help you determine the steps to take in the event of a breach. This plan should include a strategy for alerting participants of any threats involving their personal information.