Download:
pdf |
pdfAttachment 7
CHIS Data Security Policies
7A: CHIS Data Security Policies
7B: Data Collection Subcontractor Confidentiality
Protections
�California Health Interview Survey (CHIS)
Data Security Policies
The data collection contractor for the California Health Interview Survey will have the
primary responsibility to ensure the protection of any identifiable data on respondents.
In its contract, the data collection contractor will be required to abide by the UCLA
human subject research guidelines. Specific confidentiality protection procedures
follow:
•
Secured Electronic Access to Raw Data: All data will be stored electronically
on computers with secured access. Only designated individuals will have access
to the raw survey data.
•
Secured Backup of Data: Backups of data files will be stored in a separate
locked facility. Access to these files will be limited to designated individuals and
only in case of emergency (e.g. primary data source destroyed by fire).
•
Consent for Contact Information: After confirming or providing their address
information near the end of the survey, the CHIS adult respondents are asked if
they would be willing to participate in follow-up surveys. Respondents are
provided with three choices: (1) Yes; (2) Maybe; and (3) Definitely No. If
respondents answer “yes” or “maybe,” they are considered to have given contact
consent to be re-contacted for follow-up studies. If the respondent refuses, then
the interviewer will thank the respondent for participating in the survey and
terminate the interview.
•
Separation of Contact Data from other Data: At the completion of data
collection, Westat will separate the contact data (name and address, if collected,
as well as telephone numbers) and any other data items that may reveal the
identity of the respondent (e.g. birthdate). This information will be stored in an ID
file, which will be archived with secured access.
•
Data Deliverables without Respondent Identifiers: The data collection
contractor will deliver to the CHIS PI at the UCLA Center for Heatlh Policy
Research the analysis data files without the ID file. Only month and year of birth
will be included in the analysis files delivered to the Center..
•
Destruction of the ID File: This information will be stored in two separate ID
files: one that contains contact data on respondents who have agreed to be recontacted for potential follow-back studies (ID_Recontact_OK) and another that
contains information on all other CHIS respondents. The ID file for potential
follow-back study participants (ID_Recontact_OK) will be archived by the data
collection contractor for five years effective at the completion of the data
collection. Unless requested by the CHIS PI at UCLA for an extension, the ID file
(ID_Recontact_OK) will be destroyed at the end of the five-year period. The ID
file for CHIS respondents who have not agreed to be re-contacted for follow-back
studies (ID_No_Recontact) will be maintained for 90 days after delivery of the
final data file and then destroyed.
�•
Authorization for Use of the ID File: Any person wishing to use the ID file for a
follow-back study during the archive period will be required to seek review and
authorization by both the CHIS Principal Investigator at UCLA and their home
institution's Institutional Review Board, which must have a Multi-Party Assurance
Agreement with the federal government. Authorized users of the ID file will be
required to sign an agreement indicating that the data will be used for research
purposes only and that the identity of the respondents will not be revealed to
unauthorized individuals or in any reports. Only the CHIS survey data contractor,
will be authorized to re-contact subjects on behalf of the California Health
Interview Survey.
Release of Data: To meet the overall objectives of CHIS, data files (not the ID
file) will be distributed to project funders. Files designated for public use will be
further edited to prevent analysis that could allow identification of individual
respondents. Steps include removing all information that may be used to identify
a respondent (e.g. birth month, highly specific ethnicities), topcoding outlier
variables such as income or other continuous variables that may lead to
disclosure, removal of sensitive data, and adding noise to records that could
identify members of small populations. In addition, public use files provided to
local health departments will be only be released at the stratum level. All strata
have a minimum population of 100,000. Public use files available on the Internet
will present statewide data only, and will contain no sub-state geographic
identifiers.
CHIS data estimates will be presented through an internet-based system for
tailored and descriptive statistics, called AskCHIS. Queries can be posed and
responses generated automatically in graphical or tabular format and provided to
requesters on-line. Algorithms that suppress estimates with small numbers and
with sensitive data have been implemented to prevent disclosure of confidential.
Data involving small geographic areas will only be available to authorized
researchers through the UCLA Data Access Center, a secure, supervised data
analysis facility. Through the implementation of stringent security controls,
disclosure review procedures, and staff monitoring, the confidentiality and
anonymity of respondents will be ensured. Modeled after the Research Data
Center at the National Center for Health Statistics, the Data Access Center has a
control workstation and printer in a separate room accessible to staff only. All
email, Internet, telephone, USB port, or floppy disk drive capabilities have been
disabled, and workstations are supported by a server that has no outside network
connections. All output, printouts, and media must be reviewed by the Manager
of the Data Access Center before they are released to researchers to remove
from the Center.
�Following is a description of the procedures Westat will take to assure confidentiality of survey
data collected from California Health Interview Survey respondents:
Facility and Personnel Security
•
All data processing and telecommunications operations will take place at Westat facilities
in Rockville, Maryland.
•
Access to Westat facilities and the computer center is restricted through a key-card lock
system. Access to the computer room is restricted to only authorized computer room
personnel.
•
No survey data or respondent identifying information will be transmitted by electronic
mail. Security criteria apply to electronic mail transmissions.
All contract staff working on the study will be required to sign a statement pledging to
maintain the confidentiality of all data.
All personnel are assigned user identification codes and passwords.
•
Access to study data will be limited to the staff working on the study.
Study Data Security
Study data will be identified and retrieved by a study number only.
Social Security Numbers will not be collected.
There will be no hard-copy records with respondent identifiers or survey responses.
All computerized data will be maintained in a manner that is consistent with the DHHS
ADP Systems Security Policy.
No reports or data files used for analysis will contain personal identifiers.
Access to data files is password protected and require user identification codes
When the study is complete or until the data is no longer required for research, the data
will be destroyed as required by NIH Manual 1743 – Keeping and Destroying Records.
�
| File Type | application/pdf |
| File Modified | 0000-00-00 |
| File Created | 0000-00-00 |