Skip to main content

Data Deposit Interview

Start

Data Deposit Interview

Version 0.5

This interview is not validated and should not be used as a legal advice!

This is a sample PolicyModels interview for depositing datasets. By taking into account various federal laws and input from the depositor, the system suggests how the dataset should be handled, and assigns it a DataTag.

Version 0.6.1
Authors
Keywords legislation, privacy, privacy tools project
References
  • Project still in beta - NOT for real world use.
  • The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule 45 C.F.R. Part 160 and Subparts A and E of Part 164, which regulates the use and disclosure of protected health information held by covered entities such as health care providers
  • The substance abuse confidentiality regulations, 42 C.F.R. Part 2 which protect the confidentiality of the medical records of patients seeking treatment for alcohol or drug abuse
  • The Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g, which safeguards student records maintained by an educational agency or institution
  • The Protection of Pupil Rights Amendment (PPRA), 20 U.S.C. § 1232h, which establishes privacy-related procedures for certain surveys, analyses, and evaluations funded by the US Department of Education
  • The Education Sciences Reform Act of 2002, 20 U.S.C. § 9573, which restricts the collection, use, and dissemination of education data in research conducted by the Institute of Education Sciences
  • The Privacy Act of 1974, 5 U.S.C. § 552a, which establishes fair information practices for protecting personally identifiable records maintained by federal agencies
  • The Confidential Information Protect and Statistical Efficiency Act (CIPSEA), 44 U.S.C. § 3501 note, which protects confidential data collected by U.S. statistical agencies
  • Title 13 of the U.S. Code, which protects the confidentiality of Census Bureau data
  • The Driver’s Privacy Protection Act (DPPA), 18 U.S.C. §§ 2721-2725, which restricts the disclosure of personal information from state department of motor vehicle records
  • 21st Century Cures Act, SEC. 2012. PRIVACY PROTECTION FOR HUMAN RESEARCH
  • Notice of Changes to NIH Policy for Issuing Certificates of Confidentiality (Notice Number: NOT-OD-17-109), Effective Date: October 1, 2017
Visualizations
Decision Graph:
Policy Space:
Question Codebook All Questions Start
Policy Space

DepositData
Code One of:
Blue Green Yellow Orange Red Crimson
Handling
Storage One of:
clear Server-side Encryption Client-side Encryption Double Encryption
Transit One of:
clear encrypt Double Encryption
Authentication Some of:
None Email OAuth Password
auth One of:
approval none
DUA
Time Limit One of:
none 50 years 5 years 2 years One year
Use One of:
No Restriction Research IRB No Product
Sharing One of:
Anyone Not Online Organization Group No One
Reidentify One of:
No Matching No Entities No People No Prohibition Reidentify Contact
Publication One of:
No Restriction Notify Pre-Approve Prohibited
Auditing One of:
NotNeeded Yearly Monthly
Acceptance One of:
Click Signed Sign with ID
Approval One of:
None Email Signed
Legal
Education Records
FERPA Some of:
Deidentified Directory Opt-out Directory Info School Official Study Consent Audit
PPRA Some of:
Protected Protected Deidentified Consent Opt-out Provided Marketing
Medical Records
HIPAA Some of:
Waiver Authorization Safe Harbor Deidentified Expert Determination Limited Dataset Business Associate Contract
Part 2 One of:
deidentified Veterans Medical Data Consent Scientific Research
Cures Act Some of:
Certificate Required
Government Records
DPPA Some of:
Highly Restricted Required State Consent Limited State Consent Broad Requester Consent Limited Requester Consent Broad Research Exception
Census Some of:
Census Published
ESRA Some of:
Restricted Public
Privacy Act Some of:
Deidentified Identifiable
CIPSEA Some of:
Deidentified Identifiable
Additional Restrictions Some of:
Contract or Policy Manual Inspection Required
Assertions
Data Type
Effort One of:
anonymous deidentified identifiable identified
Harm One of:
No Risk Minimal Shame Civil Criminal Max-Control
IP value placeholder
Identity One of:
No Person Data Not Person Specific Person Specific
Origin Some of:
US Non-US
Permalink to latest version: /models/usdd/start