Mission and Charge
The Duke Research Facilitation & Data Security (RFDS) team supports the evolving computational and data needs of Duke faculty, staff and students using protected data in their research or academic capstone projects. They provide consultations to research teams using protected data and manage the Protected Research Data Network (PRDN). This team was previously housed in the Social Science Research Institute, but now sits within the Office for Research, better reflecting it as an institutional resource.
Protected data is data classified as Sensitive or Restricted by the Duke Data Classification Standard, and includes many types of identifiable or proprietary data, e.g., health records, internal business records, longitudinal studies, educational records, and data regulated by various laws and standards such as NIST 800-171, GDPR, or Export Controls.
We assist researchers across the institution in developing project documentation and obtaining research approvals (including Data Use Agreements (DUAs), Data Management Plans (DMPs), and IRB protocols), to verify that the administrative and technical requirements of both the university and data providers are met. In order to receive support, projects in the PRDN must meet Duke requirements. To work in the PRDN, researchers must have written approval to use or collect protected data. Data descriptions in each project approval must match. RDS will review approval documentation and work with researchers, data providers, and Duke offices to ensure compliance with Duke requirements before work can begin.
The team also manages and supports the technical environment (the Protected Research Data Network, or PRDN) to ensure that the security controls in place are sufficient, appropriate, and consistent, and to monitor for unauthorized activity. Researchers securely access and analyze their data in the PRDN. Our administrative and technical security controls are based on Duke’s Data Classification and University IT Security Office standards and can meet a variety of security requirements including those for HIPAA, export controls, and NIST 800-171. We regularly consult and coordinate with the Duke entities that are involved in research governance and institutional approvals to provide up-to-date guidance to those we support.
Duke classifies data into three categories: Sensitive, Restricted and Public. Access to Sensitive and Restricted data typically involves the execution of a Data Use Agreement (DUA), which is approved and submitted by Duke on behalf of the researcher to the data provider. When the DUA is fully executed, the data provider distributes the data under the terms of the agreement. For research involving human data, this process often goes hand in hand with the Institutional Review Board (IRB) processes for either the University or Duke Health.
The Protected Research Data Network (PRDN)
For data with Duke or data provider security requirements, the PRDN leverages the OIT infrastructure to provide flexible and secure computation and storage.
- General assistance with IRB proposals and data security plans.
- Navigate the data procurement process (Data Management Plans, Data Use Agreements, Memoranda of Understanding, template documents, legal authorization).
- Review Duke’s storage/security/usage options and determine which best satisfies the data security needs.
- Implement computational and storage solutions for research projects in conjunction with OIT and ITSO.
- Manage access and curation of certain Duke licensed data sets.
- Provide audit support and liaison work with the data providing agencies or organizations.
Technical services within the PRDN
Implement and support controls to secure protected data.
Windows and Linux systems with a standard set of analytical software that is site-licensed by Duke (e.g. R, RStudio, Matlab, anaconda).
Custom storage directories to comply with data use agreements project team needs.
Friendly and knowledgeable end user support.