LONI: Laboratory of Neuro Imaging

Data Confidentiality, Security and Accessibility

The ICBM Database has been constructed to provide an effective means for archival and protection of collaborator collected image data. The goal of this software is to provide a convenient mechanism for searching the existence of particular image data while protecting its usage at the same time.

Data Confidentiality

A number of measures have been taken to ensure subject confidentiality and data security, and to limit unauthorized access to the ICBM data sets.

  • All data is transferred and stored anonymously, identified only by two randomly assigned alphanumeric identifiers (site-specific-ID and ICBM-ID). No identifiable or confidential information about a subject is ever transmitted to, or present in, the ICBM database.

  • Encryption (using SSH and SSL) of all data transfers between ICBM and its users.

  • User authentication. Each user is assigned a user-name and password. This access code also determines the level of access the user has to the ICBM database (which sections of the database the user can access, what operations he/she can perform, whether the access is “read only” or requires a collaborative agreement with the “owner” of the data).

  • Client authentication. Any and all access to the ICBM database requires the user to have a ICBM-issued electronic certificate installed on his/her computer.

 

Data Safety

In terms of the physical presence of the acquired data, at least 5 explicit copies of all subject data exist: 3 at the site of origin, and 2 at ICBM:

A. At each site:

  1. Source data
  2. Copy on local workstation
  3. Explicit archive copies of subject data on CD

B. At ICBM

  1. ICBM database
  2. Explicit archive copies of subject data on tape at ICBM

To ensure data safety, regular backups are made of all data sets. Archival tapes are kept in two separate physical locations. The participating sites are responsible for backing up the data locally.

Data Access

The user authentication procedures described above are flexible enough to allow any user or user group access to any part or all of the database for read or write operations. Write access to the database is restricted to ICBM personnel to ensure database integrity. Individual sites are able to access all data originally collected at their own institution.