The Protected Research Data Network provides a flexible and secure environment where researchers from across campus can securely access and analyze their restricted or sensitive data. Below are answers to some commonly asked questions about the PRDN.
Consider using the services of the Protected Research Data Network when you will be working with data (primary and/or secondary) that are classified as Sensitive or Restricted according to the Duke standard (such as data protected by HIPAA, FERPA, or other regulations, human subjects research data, controlled unclassified information, and data protected under a data use agreement or similar contract). The PRDN can be used for both primary and secondary data analysis and storage.
The RFDS team provides both technical and administrative support and can customize features specific to the user and data provider requirements. The RFDS team sets up and manages this secure enclave in which you can store and analyze your sensitive or restricted project data. We can also provide basic assistance with your documentation needs, including IRB protocol drafts, data use or data security agreements, and educational project agreements.
We support students, faculty, and academic program staff from departments, schools, and institutes across the Duke campus, including Economics, Political Science, Psychology & Neuroscience, Statistics, the Fuqua School of Business, the School of Law, the Sanford School of Public Policy, and the Duke Institute for Brain Sciences. We also support Duke Health staff and students working with third party data that is not from Duke Health.
Students in programs such as Data+, MIDS (Master in Interdisciplinary Data Science), and MQM (Master of Quantitative Management) also make use of the Research Facilitation & Data Service team services and the PRDN.
We provide and support Windows and Linux virtual machines (VMs) in various sizes averaging 4-8 CPUs and 16-32 GB RAM. We offer GPU and high performance computing, and a wide assortment of quantitative and qualitative analytical tools. Custom sizes and configurations are also available. Storage is hosted on the OIT’s storage space and is expandable to your needs from megabytes to terabytes.
We maintain a Linux cluster environment utilizing SLURM that is suitable for sensitive data. Nodes can be purchased for this environment and a common partition spanning the entire cluster is available.
The most efficient way to get started is to first tell us about your project using our request form. You don't need to have all the details of your project worked out, just fill in what you can and we will contact you to set up an initial planning meeting.
It is important to understand and keep track of the various documents related to your data both before and after you begin working in the PRDN.
If you are analyzing existing (secondary) data about human subjects: The Campus or Health System IRB must review your research before it begins. Only the IRBs can determine if your project meets the requirements for conducting research with human subjects, approve your study activities, or declare them to be exempt from ongoing review. In general, use of secondary identifiable data will require a data use agreement with the data provider sufficient to comply with both Duke’s and the data provider’s requirements for protecting the data. That agreement will be reviewed as part of the IRB approval process.
If you are analyzing existing data that is not about human subjects but is Sensitive or Restricted by Duke's standard: Proprietary corporate data or government data are the most common examples of this data type. Various types of documentation and/or contracts may be required by the data providers. In general, use of these types of data will also require a data use agreement that is sufficient to comply with both Duke's and the data provider's requirements for protecting the data. The agreement will be signed by a Duke official (not by a PI, program manager, or other researcher).
If you are collecting your own identifiable data: The request for protocol approval requires different forms and informed consent, but the rules above still apply.
If you are using Duke Health data: While the PRDN can be used for all kinds of protected identifiable data, including PHI, Duke Health allows only de-identified Duke Health data to be transferred to the PRDN.
In all cases:
- Changes to your study or data: The project approval documentation defines the purposes for which the data can be used by approved study team members. Changes to study team membership require IRB approval and may require the approval of the data provider as well. If both the DUA and IRB protocol need to be amended, the IRB should be amended first. Before adding new research questions or new data (even data that is publicly available), you also need to obtain appropriate approvals from the IRB and secondary data provider. Data use approval is study specific, so you must obtain approval to reuse the data from your data provider for another study or to change the research questions (or add additional data) in an existing study.
- Keeping documents up to date: Data stored and analyzed in the PRDN must have current approvals. DUAs may be approved for a fixed period of time or for the duration of the project. IRB approval is typically for one or two years (depends on the protocol). Renewals should be submitted 30-60 days before expiration to Campus IRB and 45-60 days for DUHS IRB. In order to maintain access to PRDN resources, send us copies of your renewals before the previous documents expire.
Actively Manage Collaboration and Dissemination
How you as the PI manage collaboration on papers and presentations depends on study requirements, team structure, your own preferences, and other factors. Establishing a required research flow process to support replication and dissemination of your results is an essential early step. For example, you might provide a controlled location (such as a Box folder) for research team members to deposit their work for your review. Configure it so that only you or select team members can remove items from that location. However you approach collaboration and dissemination, make sure that it allows you to identify and address any problems with the materials before they are submitted or presented.