Re: Research Expectations

[Wayne Wilson <wwilson () UMICH EDU>]

Piazza, John wrote:
> It depends on the type of research it appears, Marty.
>
Well, it's certainly true that human subjects research is
highly scrutinized and clinical trials research can be
regulated by the FDA to a higher standard (or perhaps just
different concerns)  than HIPPA.
>
> . I am also hearing that all are looking to create congruence with
> the hipaa standard once it is finalized - soon. If you research thta you
> iwll find it is the most comprehensive and scalable law ever intorduced in
> healthcare, privacy, or security. It is very good stuff and a model higher
> ed/educause will be well  advised to consider adopting - in short order.
> John
In the health care IT community HIPPA is often called the
Y2K project that never ends.

This is a comment on the amount of money that has so far
been spent, with no end yet in sight, not a comment on the
effectiveness of the proposed measures.

The issue here is the same one as in the other current
thread about support dollars for IT being derived from
current indirects.  The bottom line is that this is all
going to cost more money and that money has to come from
somewhere.  If you accept that current indirects are being
spent on necessary costs, and that rate is not going to
change, then it's hard to see how many of the improvements
in security or operational robustness are going to be funded.

One potential strategy is to encourage a shift in the kinds
of hardware and software that are used.  This also assumes
(and this assumption needs to be checked) that researchers
can be productive and IT support costs can be lowered by
using a combination of commodity hardware and open source
software, for example.  Openbsd was mentioned in an earlier
post, there are also several variants of linux such as the
the NSA sponsored secure linux.  This strategy was designed
to work in a zero sum economic situation.

Another, parallel strategy would attempt to work in a non
zero sum economic situation, i.e. calling for higher
re-imbursements.

Yet another strategy would be to stratify the kinds of IT
support needed for various forms of research.  It should be
clear that a single strategy guided by the assumptions that
all information is confidential (the HIPPA approach)  does
not necessarily need to be applied to all research.  That
would make some kinds of research more expensive than
others, and perhaps alter the kinds of research that
particular institutions would be willing to undertake.
Common and clear criteria for such stratification would need
to devised.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/cg.html.