Bioinformatics Cores: How To Maintain Confidentiality Of Data
4
7
Entering edit mode
11.6 years ago
rob.costa1234 ▴ 310

It may appear to be little weird question but I guess this is the right platform I was just wondering working in a bioinformatics core how one is supposed to maintain the confidentiality of the data. It is easy that a user approach a bioinformatcian and bioinformatician, perform analysis, discuss project and deliver analysis to user- neat and clean. However when a colleague on the virtue of being senior in the core wants to have access to the data, what should be done? The said colleague has no idea about the project, not involved in discussion and has not analyzed data. The problem is the user has asked to maintain the confidentiality of data and sometime data is from patient samples. Now problem is should one just say not to senior colleague of core? just give away data; in that case if something happen at later stage will not the analyst be in trouble? I am sure several bioinformatican may have faced this situation. Any one would like to share their thoughts or guidance please?

Thanks

• 6.0k views
ADD COMMENT
1
Entering edit mode

I am really glad to see you investigate this. I would like to see more discussions about data confidentiality and privacy among the practitioners here.

ADD REPLY
0
Entering edit mode

You should take up this question with your Core Facility Director/Manager as they will be ultimately responsible for compliance within the Core. There will be data privacy policy documents in the University/Company and also probably the core facility.that will apply. In addition with a fee paying client there should be specific privacy clauses in the contact.

ADD REPLY
0
Entering edit mode

Talking about security of the data I can say that today it is so important question. Information became the main weapon in hands of people. I was using a lot of security system. Now I stopped on ideals virtual data room and I must say that a solved a lot of problem with help of it. You may read information about them. Probably, you`ll also like it.

ADD REPLY
8
Entering edit mode
11.6 years ago
David ▴ 740

As a project manager in a bioinformatics core myself I will try to elaborate on my experience.

First of all when a biologist/client/user approach you for a job or to start a collaboration there is a tacit agreement (sometime written) between both party that you are now part of a project. Compensation for the work left to the discretion of the PI or head of the facility. This can take different form, either monetary or co-author ship or whatever...

The main point here is that you are part of a project with the client.

The level of security and confidentiality with which the data should be treated is project specific. For example, if those data are from patient and contain Protected Health Information (PHI) the confidentiality rules are set by the Institutional Review Board of the research institution (this example is valid for academic research in the US). Another example, you are processing expression data from mouse experiments and have a set of well defined deliverable such gene lists, GSEA analysis, figures etc... In the two examples above the level of security and confidentiality needed is very different but what is identical is the fact that the data do not belong to you. They belong to the PI of the project and your core facility is providing a service.

In the case of the mouse experiment if your colleague want to access those data you should refer him/her to the PI of the project. Similarly for the human data containing PHI the access right are not your to set except if you are the owner of the project.

There should be no feeling that you appear over-protective or paranoiac, if the data belong to someone else it is not your problem to decide to give access or not. Refer the request to the project owner.

I hope this helps. In case of conflict or tricky situation always refer to your supervisors for help.

ADD COMMENT
0
Entering edit mode

what will be the scenario if the senior himself/herself is supervisor a statstican? It is a very complex situation.

ADD REPLY
0
Entering edit mode

If I understand well your boss is asking you to give him access to some data sets you worked on? Your supervisor is part of the project team by default as he/she is supervising the collaboration. He/she should already have access to ALL of your work projects no question asked, and not only the one he requests.

ADD REPLY
4
Entering edit mode
11.6 years ago

If I were in your case, I would contact the person with whom I have signed the contract, and explain him the situation. You should not give the data to anyone, unless you have the permission from the person who hired you.

ADD COMMENT
2
Entering edit mode
11.6 years ago

You are not suppose to share the data without approval from your supervisor or the PI associated with the project. AFAIK, as a member of a researcher group handling confidential data you should be approved by Institutional review board (IRB) or Ethics committee. You may inform your senior or whoever ask you for the data access to inform your supervisor and PI and get the required data access approval.

ADD COMMENT
0
Entering edit mode

I was missing this point in my frustration Good point! I am sure it will help others too. But let us share more thoughts I have bearing this tussle from last several months and has reached at its peak.

ADD REPLY
0
Entering edit mode

You need to explain to the third party that both of you could get into real trouble if you breached the confidentiality laws. That could have far more serious consequences than whatever disagreements you might be having.

ADD REPLY
1
Entering edit mode
11.6 years ago
ff.cc.cc ★ 1.3k

Hi, I believe a clear policy is necessary especially for a core facility. So your question induced me to google in search for some example...

here I found a quite clear scheme. At this site is also presented the more complicated case of confidential or sensible data.

I don't believe that each step of the workflow should be implemented with a formal written or electronic request, but the logic behind data mangement should be the same: every data has an owner and access restrictions and every request should be directed people responsible for the data, not to people involved in the data transfer.

ADD COMMENT

Login before adding your answer.

Traffic: 1361 users visited in the last hour
Help About
FAQ
Access RSS
API
Stats

Use of this site constitutes acceptance of our User Agreement and Privacy Policy.

Powered by the version 2.3.6