SEER-Medicare Policy on Encryption & Data Security: Portable Devices & Removable Media

The SEER-Medicare linked data must be protected. The Principle Investigator (PI) must sign a Data Use Agreement (PDF, 256 KB) before obtaining these data. All staff with access to these files should also sign the DUA for the PI’s records. Any investigator who has obtained the SEER-Medicare data (including all persons with access to the data) must take all reasonable measures to ensure the safety and confidentiality of the data. Data storage should comply with the data storage plan that was detailed in the approved application. Any change to that plan must be submitted for review and approval before the change can be implemented.

The preferred method of storage for SEER-Medicare linked data is on an institutional server with password controlled access. If it is necessary to store these files by some other method, this storage plan must be detailed in the data storage and protection section of the application. No files should be stored on portable devices or removable media without permission. A portable device includes any non-fixed equipment that contains an operating system which may be used to create, access, or store SEER-Medicare data. This includes but is not limited to personal computers, laptops, personal digital assistants (PDAs), and smart phones. Removable media include, but are not limited to: CDs, DVDs, MP3 players, removable memory, external hard drives and USB drives (thumb / flash drives).

If special permission has been granted for portable device or removable media storage, all files on these devices must be password protected AND encrypted. Encryption is a method used to protect the confidentiality, integrity, and authenticity of the data. SEER-Medicare data stored on portable devices or removable media must be encrypted using one of the following approved encryption standards: Data Encryption Standard (DES) that uses a 64-bit input-output block size; Advanced Encryption Algorithm (AES) that uses a 128, 192, or 256-bit key size; or International Data Encryption Algorithm (IDEA) that uses a 128-bit key size. If any portable device or removable media containing SEER-Medicare data are lost or stolen or if the there is any reason to believe that data security has been compromised, the investigator must notify the SEER-Medicare contact within 24 hours/first business day of discovering the data breach/loss.

SEER-Medicare users may access the SEER-Medicare data using an institutionally provided secure VPN. The user’s PC may support the VPN. All SEER-Medicare data must remain on the server and no SEER-Medicare data should be downloaded to the user’s computer. The PI should control all access to the SEER-Medicare data and should monitor all VPN access to ensure compliance with these rules.

All media on which the SEER-Medicare data are delivered must be stored in a secure location, such as a locked file cabinet in a locked office, only accessible by the PI and/or designated staff.

All datasets containing restricted variables must be kept physically separate from any other SEER-Medicare files. Separate access controls with strong user authentication (username/password, digital certifications, etc.) must be established to allow limited and trackable access to these files.

For a complete description of data use and storage requirements, please refer to the SEER-Medicare Data Use Agreement (PDF, 256 KB).

Last Updated: 16 May, 2019