| Example | Data Class | Compliant Solution | Comments |
|---|---|---|---|
| Collection of PII/PHI though a REDCap survey | 3 | Jefferson REDCap server | |
| Data Analysis of class 3 survey data | 3 | Adams Analysis server | |
| Analysis of de-identified survey data from above | 1 | Any University computer IT system | As long as it is not combined with data that could allow re-identification. |
| Collection of data containing health information but not any identifiers under HIPAA. | 1 | Jan redcap server | Jan, although not as secure as Jefferson, has a REDCap available for nonsensitive data surveys. |
| Limited Data Set from an external partner | 3 | Analysis on Monsoon cluster | Although Monsoon is not encrypted, it is secure (approved as secure by the CIO) |
| Limited Data Set from an external partner | 3 | Analysis on dedicated workstation that has full disk encryption and multifactor authentication enabled | Researchers should also use secure methods to move the data onto and off of the workstation |