Supporting Secure Data-Sharing Partnerships

Overview

A rapid rise in malicious cyber activity and several well-publicized incidents at academic centers led UCSF leadership to determine that a thorough review of our data management and data sharing practices was necessary to ensure the appropriate protection of our data assets.

At the Chancellor’s request, a task force of research, technology, and operational leaders across the University reviewed how we share data with external partners and created a set of recommendations.

What to Expect

New contracts that propose data sharing with external entities are being closely reviewed by UCSF's five authorized contracting units. Data sharing agreements that meet any of the criteria below will be escalated by the contracting unit to the IT Governance Committee on Enterprise Information and Analytics (EIA) for evaluation.

This multi-phase project will unfold over several months. End-to-end value stream mapping of the external partnership process began in June 2019.

Escalation criteria

Sharing any UC protected health information (PHI) outside of IRB-approved clinical trials.
Sharing sensitive UCSF data (i.e. P3 and P4) with high-risk countries or companies
- Identified using Restricted Party Screening software from Visual Compliance® and information from government and law enforcement authorities (e.g. F.B.I.)*
Sharing de-identified sensitive data (i.e. P3 and P4) with:
- Any commercial entity (domestic or international); or,
- Any colleges and institutes of higher learning outside of the U.S.

*The Visual Compliance Restricted Party Screening software is available to all UC employees. You may consider signing up if you are considering entering into a data sharing partnership.

P3 and P4 data types

	Restricted Data	Sensitive Data
UCOP Protection Level	P4 - High	P3 - Moderate
Data Types	Personally Identifiable Information (PII) Protected Health Information (PHI) Research Health Information (RHI) Payment Card Industry (PCI) Data Confidential Security Information Licensed Proprietary IP and Product Development Information	De-identified data University Intellectual Property Employee Information Sensitive Faculty Activities Student Information Donor Information Current Litigation/Investigation Materials Contracts Physical Building Designs Financial Information

UCSF's full data classification standard - including policy and legal requirements, access, and adverse business impact - is available on the UCSF IT website.

High-risk countries

High-level process workflow

Task Force Recommendations

Based on its findings, the task force has created a set of interim and longer-term recommendations across contracting, technology, security, and data access areas that will help inform process change going forward.

Recommendations

Questions and Feedback

We want to hear from you and welcome your questions.

General project questions: [email protected].
In-process contract questions: email your specific contract specialist.
If you might enter into a data sharing agreement but do not have a formal contract in place, contact one of UCSF's five authorized contracting units:

FAQ and Resources

If you have questions about sharing de-identified data to meet funder and publisher requirements, please review the guidance on the new page Sharing De-identified Data for Publication

The session "De-mystifying Data Sharing ... your questions answered by UCSF experts" from the 2020 Research Data Series provides an overview and practical dos and don'ts for data sharing at UCSF. You can watch the session or review slides.

Review frequently asked questions about the data sharing project. If you have a question that is not addressed, please email [email protected].

Task Force

Name	Content Area	Title
Julia Adler-Milstein, PhD	Data Policy	Director, Center for Clinical Informatics and Improvement Research
Joe Bengfort	UCSF Information Technology	Associate Vice Chancellor and Chief Information Officer
Kirsten Bibbins-Domingo, PhD, MD, MAS	Population Health	Vice Dean for Population Health and Health Equity
Christy Boscardin, PhD	Education Research	Associate Professor, Department of Medicine
Michael Blum, MD (Task Force Chair)	Data Governance	Associate Vice Chancellor for Informatics, Chief Digital Transformation Officer
Katja Brueckner, PhD	Basic Science Research	Professor, Department of Cell and Tissue Biology, School of Dentistry
Atul Butte, MD, PhD	Institute for Computational Health Sciences	Director of the Institute for Computational Health Sciences and Executive Diretor for Clinical Informatics across the six UC Schools of Medicine and Medical Centers
Lisa Cisneros	Communications	Strategic Communications & University Relations
Lindsey Criswell, MD, MPH	Research	Vice Chancellor, Research
Russ Cucina, MD	Clinical Informatics	Vice President, Health Informatics and Chief Health Information Officer
David Dobbs	Enterprise Information	Executive Director, Data Warehousing and Analytics
Elizabeth Engel	UCOP	Chief Strategy Office
Jenny Grandis, MD	Clinical and Translational Science Institute	Associate Vice Chancellor, Clinical and Translational Research
Patrick Phelan	Information Technology Security	Chief Information Security Officer
Tom Poon, CHPC	Privacy Office	Interim Chief Privacy Officer
Greta Schnetzler	Legal	Chief Campus Counsel
Niraj Sehgal, MD	Clinical Quality	Professor, Department of Medicine
Barry Selick, PhD	Strategic Partnerships	Vice Chancellor, Business Development, Innovation and Partnerships
Brian Smith	Compliance	Associate Vice Chancellor for Research Infrastructure and Operations
Miriam Rike	Finance	VP Cancer Finance Services on behalf of Barrie Strickland, CFO UCSF Health
Ralph Gonzales	Research	Chief Innovation Officer
David Teitel, MD	Academic Senate	Chair, Academic Senate

UCSF Data Resources

Search form

You are here