United States Department of Veterans Affairs
Office of Research Oversight (ORO)

Research Information Protection

New ORO Guideline for Enforcement of VA Handbook 6500 §6.c(4)(j) Regarding VA Sensitive Research Information on Non-VA “Other Equipment”

This Guideline applies solely to ORO’s enforcement of VA Handbook 6500 §6.c(4)(j) as it pertains to VA sensitive research information.  It does not impact the enforcement of the §6.c(4)(j) requirement by any other relevant office within VA.  ORO will continue to enforce regulations and policy requirements for the disclosure of PHI to non-VHA entities, e.g., VHA Handbook 1605.1

Issued January 31, 2012.

 

Research Information Protection Program Checklist

Revised April 2012.


VA Laptop Encryption

On November 15, 2011, the Assistant Secretary for Information and Technology issued a Memorandum (VAIQ #7117920) regarding VA Laptop Encryption.  The Memorandum requires that all VA government-owned (VAGFE) laptops (including Macs) must have fully functional VA-approved disk level encryption software installed or an approved waiver in place by February 29, 2012.  The Memorandum provides some examples of VAGFE laptops that may be granted encryption waivers, including laptops connected to research devices which would hinder the application from operating as intended.

Note that all waivers currently in place for laptop encryption will become void on February 29, 2012, and an application for a new waiver must be resubmitted using the process described in the Memorandum.
 

Checklist for Reviewing Privacy, Confidentiality and Information Security in Research

This new Checklist was designed to assist Privacy Officers and Information Security Officers in their review of VHA research protocols.  Please see the accompanying Instructions for Use and Research Checklist Memorandum.  Please note that the use of this Checklist is highly encouraged but not mandatory. 

 

Interim ORO Guidance On Data Disclosure For Collaborative Studies

The Office of Research Oversight (ORO) has developed interim guidance on data disclosures for collaborative research studies. The guidance clarifies current requirements for the disclosure of VA research data to academic affiliates and other non-VA entities for “collaborative” human subject research, including requirements related to the retention of VA research records, disclosure of data under the Health Insurance Portability and Accountability Act (HIPAA), data ownership, information security, “dual appointment” research investigators, and combining data collected at a VA site and an affiliate/collaborator site.

An accompanying PowerPoint presentation can be found here.

 

Researcher Contacts with Veterans

Memo dated July 10, 2006.
To ensure the privacy and data security of research subjects, the Principal Deputy Under Secretary for Health (10A) issued the attached memorandum. 


Frequently Asked Questions — Research Information Protection

FAQs Updated July 27, 2009 


   ORO Logo - Yellow compass star with letters O-R-O on top and inside a circle


ORO Links