Data Storage for Research Activities: Home

Introduction

The University of Utah has been working with various departments, including the Office of the Vice President for Research, the Center for High-Performance Computing (CHPC), Marriott Library, Eccles Health Sciences Library, UIT, and Bioinformatics, to find solutions for storing research data, both during the research process and after research is conducted. This guide provides information on various storage options, including services such as REDCap and LabArchives, as well as cloud solutions from UIT, UBox, O365, and Ucloud, and group and archive storage space from CHPC—Research Computing Support for the University.

• Has a high level of sensitivity
• Protection of data is required by federal or state law or regulation, or contractual obligation
• May be subject to data breach notification requirements

Examples:

• Protected Health Information (PHI)—i.e. HIPAA campliance
• Import/Export Rules
• Endangered species/habitat

Sensitive Data

• Has a moderate level of sensitivity
• Protection of data is required by the Data Steward or other confidentiality agreements.

Examples:

• Intellectual Property
• Designated Non-Public Academic Activity Information (DNPAAI)
• Employee and Student information, i.e. FERPA compliance
• Contracts

Note the text in yellow endangered Species/habitat. Yes, HIPAA data and data falling under Import/Export rules must be secured as Restricted data, but that does not mean a PI cannot consider his/her data Restricted.

For additional information on restricted, sensitive and public data see Rule 4-004C Data Classification and Encryption Rev. 1

Security and Software from the University Information Security Office (ISO)

ISO has a page on university-approved platforms for restricted and sensitive data, which they update as needed.

Business Associate Agreement (BAA)

Research data should be stored within systems for which the University has a Business Associate Agreement (BAA). These agreements outline the permitted use, disclosure, and restrictions, and outline many safeguards required to protect the restricted information that may be shared with the business associate. If you have questions regarding whether a particular software has a Business Associate Agreement, please contact Milton Burbidge (milton.burbidge@hsc.utah.edu) in the Compliance Privacy Office at 801-587-9241.