Educause Security Discussion mailing list archives
Re: Research Expectations
From: Wayne Wilson <wwilson () UMICH EDU>
Date: Fri, 5 Jul 2002 09:37:00 -0400
Piazza, John wrote:
It depends on the type of research it appears, Marty.
> Well, it's certainly true that human subjects research is highly scrutinized and clinical trials research can be regulated by the FDA to a higher standard (or perhaps just different concerns) than HIPPA. >
. I am also hearing that all are looking to create congruence with the hipaa standard once it is finalized - soon. If you research thta you iwll find it is the most comprehensive and scalable law ever intorduced in healthcare, privacy, or security. It is very good stuff and a model higher ed/educause will be well advised to consider adopting - in short order. John
In the health care IT community HIPPA is often called the Y2K project that never ends. This is a comment on the amount of money that has so far been spent, with no end yet in sight, not a comment on the effectiveness of the proposed measures. The issue here is the same one as in the other current thread about support dollars for IT being derived from current indirects. The bottom line is that this is all going to cost more money and that money has to come from somewhere. If you accept that current indirects are being spent on necessary costs, and that rate is not going to change, then it's hard to see how many of the improvements in security or operational robustness are going to be funded. One potential strategy is to encourage a shift in the kinds of hardware and software that are used. This also assumes (and this assumption needs to be checked) that researchers can be productive and IT support costs can be lowered by using a combination of commodity hardware and open source software, for example. Openbsd was mentioned in an earlier post, there are also several variants of linux such as the the NSA sponsored secure linux. This strategy was designed to work in a zero sum economic situation. Another, parallel strategy would attempt to work in a non zero sum economic situation, i.e. calling for higher re-imbursements. Yet another strategy would be to stratify the kinds of IT support needed for various forms of research. It should be clear that a single strategy guided by the assumptions that all information is confidential (the HIPPA approach) does not necessarily need to be applied to all research. That would make some kinds of research more expensive than others, and perhaps alter the kinds of research that particular institutions would be willing to undertake. Common and clear criteria for such stratification would need to devised. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/cg.html.
Current thread:
- Research Expectations Marty Hoag (Jul 03)
- <Possible follow-ups>
- Re: Research Expectations Piazza, John (Jul 04)
- Re: Research Expectations Wayne Wilson (Jul 05)
- Re: Research Expectations Jere Retzer (Jul 05)
- Re: Research Expectations Piazza, John (Jul 05)