Access Control Systems

Access control systems are systems that manage physical access to Harvard-owned properties, structures or services

Authorization

Permission to access resources in a digital domain (after positive authentication)

Authorization Proxy Service (AuthZProxy)

Service provided by Harvard that allows applications to check the status of users prior to allowing system access.

Confidential Information

Information about a person or an entity that, if disclosed, could reasonably be expected to place either the person or the entity at risk of criminal or civil liability, or be damaging to financial standing, employability, or reputation. Harvard is bound by law or by contract to protect some types of confidential information. Additionally, Harvard requires protection of some other kinds of information beyond legal or contractual requirements as an additional safeguard.

Confidential Information includes:
Confidential Personally Identifiable Information.
This includes information that can be linked, directly or indirectly, to individual people. Harvard's requirement to protect confidential personally identifiable information is largely governed by law or contract. ( e.g. HIPAA, FERPA, GLB, PCI, and human subject data ) Examples include SSN, HUID, credit card, health and employment records, human subject data, and all FERPA non-directory information about students and former students.

Confidential Non-Personally Identifiable Information.
This includes summary information about people where the identities of individual people cannot be determined and information about university-related activities. Harvard's requirement to protect confidential non-personally identifiable information is governed by Harvard's own policies. Examples include detailed information about some University buildings, activities or events, information about future University development plans, and grant information.

De-Identified Data

Information that can be used to identify individuals either directly or indirectly must be removed. For information to be de-identified under HIPAA, 18 separate identifiers must be removed from the individual's record before that information can be considered de-identified. Covered entities have the option of stripping fewer identifiers from individual records but only if an expert with knowledge of statistical and scientific principles and methods assures that individuals will not be identifiable from the disclosed data or by comparison of the data with other sources of information.

De-Identified Research Data Set

A Research Data Set where all personal identifiers have been removed (and normally replaced by a random identity key) such that no personally identifiable data remains.1

Encryption

The algorithmic transformation of a data set to an unrecognizable form using an encryption key.  The original data set or any part thereof can be recovered only with knowledge of a secret decryption key. 

Identity Key

The code used in place of Personal Identifier(s) in a Research Data Set.

Identity-Mapping File

Data set that can be used to associate identity keys with individuals.

IRB Application

The research application submitted to the local IRB for review and approval.

Mass Email message (or Broadcast Email message)

Sending of an electronic communication to a campus-wide or ad hoc group of individuals across multiple schools or administrative units.

Limited Data Set

A limited data set contains more information about individuals than de-identified data. A limited data set permits use of some identifiable health information, while excluding direct identifiers. This type of disclosure requires a Data Use Agreement between the researcher and the covered entity that establishes the permitted uses and disclosures of the data set.

Non de-identified data set

Data set that contains personally identifiable data.  Not all data sets can be reasonably de-identified (for example, an audio recorded interview in which a subject identifies him or herself, or a videotape that includes images of subject’s face).  In this case, the data set must be considered a non de-identified data set.

Personal identifiers

Any data elements within a data set that singly or in combination can uniquely identify an individual, such as a social security number, name, address, birth date, physical characteristics, demographic information (e.g. combining gender, race, occupation, and location), hospital-patient numbers) or history.

Personally identifiable data

Data that are associated with living persons, or that can be associated with living persons by deduction from personal identifiers in a data set.

Personally identifiable Harvard confidential information

Research Data Set

A body of data elements collected or used in the course of research.

Secure location

A place (room, file cabinet, etc.) to which only the Principal (or lead) investigator, and any specifically-approved other individuals, has access through lock and key. Either physical or electronic keys are acceptable.

Sensitive Data

Any data that can be linked to individual subjects involving medical information, personal financial information, social security numbers, and any information the disclosure of which outside the research could reasonably place the subjects at risk of criminal or civil liability or be damaging to the subjects' financial standing, employability, insurability or reputation. (Expanded from 45 CFR 46.101(b)(2)(ii).) Any data concerning Harvard students should be considered Sensitive Data.

UISO

University Information Security Officer, Scott Bradner (scott_bradner@harvard.edu)

University LDAP Enterprise Directory (Attribute Service)

Harvard’s University LDAP directory acts as an official university attribute authority. It contains profile data about HUID holders, and to a much lesser extent, for XID holders.

University PIN system (Authentication Service)

Provides authentication services for populations that hold Harvard ID numbers (students, faculty, staff, someaffiliates).

XID system (integrated with University PIN System)

Allows non Harvard ID holders to register for this other type of ID number that can be used for authentication with University PIN-enabled applications

N.B. Hospitals and other health care providers, as well as health insurance companies, are held to a very stringent standard for de-identifying data under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). To be considered de-identified for HIPAA purposes, an expert in statistics would need to conclude that disclosure of the information in a particular data set presented a very small risk that the information could be “used, alone or in combination with other reasonably available information, by an anticipated recipient to identify an individual who is the subject of the information.” 45 CFR 164.514(b)(1)(i). In addition, under HIPAA a de-identified data set must be stripped of certain enumerated elements. Harvard researchers are not held to the same standard when de-identifying data. However, in creating a de-identified data set, one can consider the HIPAA elements. They are: names; street address; city; county; precinct; zip codes and their equivalent geocodes, except one may include the first 3 digits of a zip code unless fewer than 20,000 people reside within such zip code; dates related to birth, hospital admission or discharge, death, and all ages over 89 years old; telephone, fax, social security, vehicle identification, and license numbers; email addresses, health plan, medical record or account numbers, device identifiers and serial numbers; URLs or IP addresses; biometric identifiers such as finger prints; full face photos or comparable images; and any other unique identifying number other than code numbers assigned for the research, such as in an Identity-Mapping File. 45 CFR 164.514(b)(2).