Working with Sensitive Data on HPCC

The HPCC employs industry standard security practices to protect HPCC systems from unauthorized access and guard data from inadvertent disclosure. These practices are designed to protect unpublished fundamental research. Some data or code may be subject to external legal or contractual requirements that require additional technical or administrative controls. The HPCC considers any data with these requirements to be sensitive data.

Examples of sensitive data include:

  • Personally Identifiable Information (PII)
  • Protected Health Information (PHI)
  • Controlled Unclassified Information (CUI); including data or code that is covered under export control agreements.
  • Data covered under the Health Insurance Portability and Accountability Act (HIPAA)
  • Data covered under the Federal Information Security Management Act (FISMA)
  • Data covered under the Federal Education Rights and Privacy Act (FERPA)
  • Data with security requirements set by the MSU Institutional Review Board (IRB)
  • Controlled access data from the NIH Database of Genotypes and Phenotypes (dbGaP)

Investigators that intend to store sensitive data must work with the HPCC to ensure data security standards are met. Storing sensitive data on the HPCC without notifying HPCC staff may be a violation of MSU’s Institutional Data Policy.

Hosting these datasets may require that the HPCC provide documentation of its current security practices or develop additional technical controls and processes. Additional controls and processes are developed by consulting with MSU Information Security. This collaboration between investigators, the HPCC, and Information Security ensures sensitive data are properly protected and gives external organizations confidence in the University’s stewardship of their data.

Investigators can request the ability to store and process sensitive data through the HPCC web site by completing the Sensitive Data Hosting Request form. Investigators provide a description of the desired sensitive data through this form, then HPCC staff work with them to determine how best to comply with the relevant requirements.

Please contact us if you are unsure if your data falls under any of the sensitive data categories.


Publish Date: 03/28/2018