NIH Reconfirms Commitment to Protecting Sensitive Personal Data
April 14, 2008
As a result of the recent theft of an NIH employee’s laptop which included storage of patient data, the NIH has refocused its efforts to protecting information systems (electronic and hard copy) which contain sensitive personal information. Steps are currently underway at NIH to ensure that all computers, laptops and portable electronic devices are encrypted and that NIH employees are educated in the proper handling of sensitive data.
In addition, the NIH encourages grantee institutions and individuals not to use portable electronic devices to store identifiable, sensitive, and confidential information about NIH-supported research or research participants. If they must be used, they should be encrypted to safeguard data and information. These devices include laptops, CDs, disc drives, flash drives, etc. Researchers and institutions should limit access to personally identifiable information through a means of access controls such as password protection.
For more information, see NIH Guide Notice, dated 4/11/2008.