Figure out how to handle/ensure data de-identification

[gkiar]

Is the onus on us or them to ensure it is de-identified? If us, what can we do about it? We want no-one in the loop when performing the assessment+solution, if possible.

[wrgr]

Maybe a partial solution is to have a disclaimer like:

OCP only accepts de-identified data, unless expressly permitted in writing. If non-deidentified data is accidentally transmitted, OCP will make a best-effort to scrub the offending information, but can make no guarantees that it is completely or securely wiped from our systems in compliance with the IRB or PII policy of the collecting institute. Because OCP handles deidentified data only, we do not have an IRB in place ourselves.

Best, Will

On Thu, Jul 2, 2015 at 4:07 PM, Greg Kiar notifications@github.com wrote:

Is the onus on us or them to ensure it is de-identified? If us, what can we do about it? We want no-one in the loop when performing the assessment+solution, if possible.

— Reply to this email directly or view it on GitHub https://github.com/openconnectome/m2g/issues/100.

[jovo]

mm spent 3 months of his life dealing with a student losing a laptop with PHI. i'm not taking any data that is not DID, no matter what.

On Thu, Jul 2, 2015 at 4:11 PM, William Gray notifications@github.com wrote:

Maybe a partial solution is to have a disclaimer like:

OCP only accepts de-identified data, unless expressly permitted in writing. If non-deidentified data is accidentally transmitted, OCP will make a best-effort to scrub the offending information, but can make no guarantees that it is completely or securely wiped from our systems in compliance with the IRB or PII policy of the collecting institute. Because OCP handles deidentified data only, we do not have an IRB in place ourselves.

Best, Will

On Thu, Jul 2, 2015 at 4:07 PM, Greg Kiar notifications@github.com wrote:

Is the onus on us or them to ensure it is de-identified? If us, what can we do about it? We want no-one in the loop when performing the assessment+solution, if possible.

— Reply to this email directly or view it on GitHub https://github.com/openconnectome/m2g/issues/100.

— Reply to this email directly or view it on GitHub https://github.com/openconnectome/m2g/issues/100#issuecomment-118152798.

the glass is all full: half water, half air. openconnecto.me, jovo.me, office hours https://www.google.com/calendar/embed?src=e2ktu4lrgul8anp8hclrcminp8%40group.calendar.google.com&ctz=America/New_York

[wrgr]

Right. But if someone screws up we should be clear that we aren't responsible for fixing?

On Thu, Jul 2, 2015 at 5:03 PM, joshua vogelstein notifications@github.com wrote:

mm spent 3 months of his life dealing with a student losing a laptop with PHI. i'm not taking any data that is not DID, no matter what. On Thu, Jul 2, 2015 at 4:11 PM, William Gray notifications@github.com wrote:

Maybe a partial solution is to have a disclaimer like:

OCP only accepts de-identified data, unless expressly permitted in writing. If non-deidentified data is accidentally transmitted, OCP will make a best-effort to scrub the offending information, but can make no guarantees that it is completely or securely wiped from our systems in compliance with the IRB or PII policy of the collecting institute. Because OCP handles deidentified data only, we do not have an IRB in place ourselves.

Best, Will

On Thu, Jul 2, 2015 at 4:07 PM, Greg Kiar notifications@github.com wrote:

Is the onus on us or them to ensure it is de-identified? If us, what can we do about it? We want no-one in the loop when performing the assessment+solution, if possible.

— Reply to this email directly or view it on GitHub https://github.com/openconnectome/m2g/issues/100.

— Reply to this email directly or view it on GitHub https://github.com/openconnectome/m2g/issues/100#issuecomment-118152798.

the glass is all full: half water, half air. openconnecto.me, jovo.me, office hours

https://www.google.com/calendar/embed?src=e2ktu4lrgul8anp8hclrcminp8%40group.calendar.google.com&ctz=America/New_York

Reply to this email directly or view it on GitHub: https://github.com/openconnectome/m2g/issues/100#issuecomment-118167521

[wrgr]

I'm a grad student and I accidentally uploaded the wrong version of the images....oppose. Can you please remove all traces of the pii?

On Thu, Jul 2, 2015 at 5:03 PM, joshua vogelstein notifications@github.com wrote:

mm spent 3 months of his life dealing with a student losing a laptop with PHI. i'm not taking any data that is not DID, no matter what. On Thu, Jul 2, 2015 at 4:11 PM, William Gray notifications@github.com wrote:

Maybe a partial solution is to have a disclaimer like:

OCP only accepts de-identified data, unless expressly permitted in writing. If non-deidentified data is accidentally transmitted, OCP will make a best-effort to scrub the offending information, but can make no guarantees that it is completely or securely wiped from our systems in compliance with the IRB or PII policy of the collecting institute. Because OCP handles deidentified data only, we do not have an IRB in place ourselves.

Best, Will

On Thu, Jul 2, 2015 at 4:07 PM, Greg Kiar notifications@github.com wrote:

Is the onus on us or them to ensure it is de-identified? If us, what can we do about it? We want no-one in the loop when performing the assessment+solution, if possible.

— Reply to this email directly or view it on GitHub https://github.com/openconnectome/m2g/issues/100.

— Reply to this email directly or view it on GitHub https://github.com/openconnectome/m2g/issues/100#issuecomment-118152798.

the glass is all full: half water, half air. openconnecto.me, jovo.me, office hours

https://www.google.com/calendar/embed?src=e2ktu4lrgul8anp8hclrcminp8%40group.calendar.google.com&ctz=America/New_York

Reply to this email directly or view it on GitHub: https://github.com/openconnectome/m2g/issues/100#issuecomment-118167521

[jovo]

i'm not sure whether that works, i'm unwilling to take a risk.

On Thu, Jul 2, 2015 at 5:28 PM, William Gray notifications@github.com wrote:

I'm a grad student and I accidentally uploaded the wrong version of the images....oppose. Can you please remove all traces of the pii?

On Thu, Jul 2, 2015 at 5:03 PM, joshua vogelstein notifications@github.com wrote:

mm spent 3 months of his life dealing with a student losing a laptop with PHI. i'm not taking any data that is not DID, no matter what. On Thu, Jul 2, 2015 at 4:11 PM, William Gray notifications@github.com wrote:

Maybe a partial solution is to have a disclaimer like:

OCP only accepts de-identified data, unless expressly permitted in writing. If non-deidentified data is accidentally transmitted, OCP will make a best-effort to scrub the offending information, but can make no guarantees that it is completely or securely wiped from our systems in compliance with the IRB or PII policy of the collecting institute. Because OCP handles deidentified data only, we do not have an IRB in place ourselves.

Best, Will

On Thu, Jul 2, 2015 at 4:07 PM, Greg Kiar notifications@github.com wrote:

Is the onus on us or them to ensure it is de-identified? If us, what can we do about it? We want no-one in the loop when performing the assessment+solution, if possible.

— Reply to this email directly or view it on GitHub https://github.com/openconnectome/m2g/issues/100.

— Reply to this email directly or view it on GitHub < https://github.com/openconnectome/m2g/issues/100#issuecomment-118152798>.

the glass is all full: half water, half air. openconnecto.me, jovo.me, office hours < https://www.google.com/calendar/embed?src=e2ktu4lrgul8anp8hclrcminp8%40group.calendar.google.com&ctz=America/New_York

---

Reply to this email directly or view it on GitHub: https://github.com/openconnectome/m2g/issues/100#issuecomment-118167521

— Reply to this email directly or view it on GitHub https://github.com/openconnectome/m2g/issues/100#issuecomment-118172849.

the glass is all full: half water, half air. openconnecto.me, jovo.me, office hours https://www.google.com/calendar/embed?src=e2ktu4lrgul8anp8hclrcminp8%40group.calendar.google.com&ctz=America/New_York

[wrgr]

I wondered about that. The problem is that if you have a webservice that anyone can use, how do you prevent accidents? People are notoriously bad at stuff like this...

Best, Will

On Thu, Jul 2, 2015 at 7:57 PM, joshua vogelstein notifications@github.com wrote:

i'm not sure whether that works, i'm unwilling to take a risk.

On Thu, Jul 2, 2015 at 5:28 PM, William Gray notifications@github.com wrote:

I'm a grad student and I accidentally uploaded the wrong version of the images....oppose. Can you please remove all traces of the pii?

On Thu, Jul 2, 2015 at 5:03 PM, joshua vogelstein notifications@github.com wrote:

mm spent 3 months of his life dealing with a student losing a laptop with PHI. i'm not taking any data that is not DID, no matter what. On Thu, Jul 2, 2015 at 4:11 PM, William Gray <notifications@github.com

wrote:

Maybe a partial solution is to have a disclaimer like:

OCP only accepts de-identified data, unless expressly permitted in writing. If non-deidentified data is accidentally transmitted, OCP will make a best-effort to scrub the offending information, but can make no guarantees that it is completely or securely wiped from our systems in compliance with the IRB or PII policy of the collecting institute. Because OCP handles deidentified data only, we do not have an IRB in place ourselves.

Best, Will

On Thu, Jul 2, 2015 at 4:07 PM, Greg Kiar notifications@github.com wrote:

Is the onus on us or them to ensure it is de-identified? If us, what can we do about it? We want no-one in the loop when performing the assessment+solution, if possible.

— Reply to this email directly or view it on GitHub https://github.com/openconnectome/m2g/issues/100.

— Reply to this email directly or view it on GitHub < https://github.com/openconnectome/m2g/issues/100#issuecomment-118152798 .

the glass is all full: half water, half air. openconnecto.me, jovo.me, office hours <

https://www.google.com/calendar/embed?src=e2ktu4lrgul8anp8hclrcminp8%40group.calendar.google.com&ctz=America/New_York

---

Reply to this email directly or view it on GitHub:

https://github.com/openconnectome/m2g/issues/100#issuecomment-118167521

— Reply to this email directly or view it on GitHub <https://github.com/openconnectome/m2g/issues/100#issuecomment-118172849 .

the glass is all full: half water, half air. openconnecto.me, jovo.me, office hours < https://www.google.com/calendar/embed?src=e2ktu4lrgul8anp8hclrcminp8%40group.calendar.google.com&ctz=America/New_York

— Reply to this email directly or view it on GitHub https://github.com/openconnectome/m2g/issues/100#issuecomment-118196840.

[jovo]

we de-identify everything, possibly forcing them to go through a HIPPA certified location, S3 is working on this.

On Thu, Jul 2, 2015 at 8:00 PM, William Gray notifications@github.com wrote:

I wondered about that. The problem is that if you have a webservice that anyone can use, how do you prevent accidents? People are notoriously bad at stuff like this...

Best, Will

On Thu, Jul 2, 2015 at 7:57 PM, joshua vogelstein < notifications@github.com>

wrote:

i'm not sure whether that works, i'm unwilling to take a risk.

On Thu, Jul 2, 2015 at 5:28 PM, William Gray notifications@github.com wrote:

I'm a grad student and I accidentally uploaded the wrong version of the images....oppose. Can you please remove all traces of the pii?

On Thu, Jul 2, 2015 at 5:03 PM, joshua vogelstein notifications@github.com wrote:

mm spent 3 months of his life dealing with a student losing a laptop with PHI. i'm not taking any data that is not DID, no matter what. On Thu, Jul 2, 2015 at 4:11 PM, William Gray < notifications@github.com

wrote:

Maybe a partial solution is to have a disclaimer like:

OCP only accepts de-identified data, unless expressly permitted in writing. If non-deidentified data is accidentally transmitted, OCP will make a best-effort to scrub the offending information, but can make no guarantees that it is completely or securely wiped from our systems in compliance with the IRB or PII policy of the collecting institute. Because OCP handles deidentified data only, we do not have an IRB in place ourselves.

Best, Will

On Thu, Jul 2, 2015 at 4:07 PM, Greg Kiar <notifications@github.com

wrote:

Is the onus on us or them to ensure it is de-identified? If us, what can we do about it? We want no-one in the loop when performing the assessment+solution, if possible.

— Reply to this email directly or view it on GitHub https://github.com/openconnectome/m2g/issues/100.

— Reply to this email directly or view it on GitHub <

https://github.com/openconnectome/m2g/issues/100#issuecomment-118152798 .

the glass is all full: half water, half air. openconnecto.me, jovo.me, office hours <

https://www.google.com/calendar/embed?src=e2ktu4lrgul8anp8hclrcminp8%40group.calendar.google.com&ctz=America/New_York

---

Reply to this email directly or view it on GitHub:

https://github.com/openconnectome/m2g/issues/100#issuecomment-118167521

— Reply to this email directly or view it on GitHub < https://github.com/openconnectome/m2g/issues/100#issuecomment-118172849 .

the glass is all full: half water, half air. openconnecto.me, jovo.me, office hours <

https://www.google.com/calendar/embed?src=e2ktu4lrgul8anp8hclrcminp8%40group.calendar.google.com&ctz=America/New_York

— Reply to this email directly or view it on GitHub <https://github.com/openconnectome/m2g/issues/100#issuecomment-118196840 .

— Reply to this email directly or view it on GitHub https://github.com/openconnectome/m2g/issues/100#issuecomment-118197225.

the glass is all full: half water, half air. openconnecto.me, jovo.me, office hours https://www.google.com/calendar/embed?src=e2ktu4lrgul8anp8hclrcminp8%40group.calendar.google.com&ctz=America/New_York

[gkiar]

migrated and linked