Date: Mon, 9 Oct 2006 12:53:16 -0400
Reply-To: Kevin Roland Viel <kviel@EMORY.EDU>
Sender: "SAS(r) Discussion" <SAS-L@LISTSERV.UGA.EDU>
From: Kevin Roland Viel <kviel@EMORY.EDU>
Subject: IRB, password protection
Content-Type: TEXT/PLAIN; charset=US-ASCII
I would like to solicit advice on language used in IRB applications for
clinical trials concerning the protection of the data. Is it sufficient
to use SAS passwords or do people typically encrypt the data, too. Given
that I work from a laptop remotely and theft of such sensitive data has
made news lately, never mind liability (is anyone carrying insurance, I am
not incorporated, yet), this seems especially pertinent.
I would prefer to simply use SAS passwords and create unique patient ID
for those time when I *might* need to send data. Since this company only
licenses one copy of SAS, I guess I could write a perl program and
transmit only these anonymous IDs.
Does this seem sufficient, provided I describe it using about two
paragraphs, or should I look for something more involved?
PS Logon requires a password, each MS application (Access, Excel, and
Word) requires a password, and the SAS datasets require a password.
Department of Epidemiology
Rollins School of Public Health
Atlanta, GA 30322