The HaAD Enclave complies with over 450 Federal Information Security Modernization Act of 2014 (FISMA) safeguards that help secure your sensitive analytic work without requiring you to build FISMA-compliant systems, undergo annual federal security audits, and obtain federal agency certifications on your own.
On this page, we highlight four categories of FISMA safeguards implemented in the HaAD Enclave–namely, CMS Auditing and Authorization; Physical Security; System Security; and User and Administrator Security. We then provide guidelines for disclosure limitations--that is, protecting the privacy of individuals in datasets that you receive from us and our NIA-funded data partners.
To access content for each security topic, click the left arrow next to the topic heading.
The HaAD Enclave satisfies FISMA security audit and certification requirements, including but not limited to:
We physically secure the hardware resources housing your research data and findings in accordance with 21 physical environment mandates set by FISMA. These safeguards include but are not limited to:
We safeguard your dedicated Enclave workspace in accordance with 198 FISMA system security controls. This safeguarding includes but is not limited to:
In addition to physical and system security safeguards, we satisfy 90 FISMA security mandates for identifying, authorizing, and training both HaAD Enclave users and HaAD Enclave administrators. These mandates include but are not limited to:
If you are a HaAD Enclave user, you must protect the privacy of--that is, limit disclosing private information about--individuals in your CMS and NIA-funded partner datasets. To help you do so, review the three sections below, clicking the arrow next to the section heading to access content.
When your team executed a Data Use Agreement (DUA) with the National Institute on Aging (NIA), you agreed to uphold the privacy rights of Centers for Medicare & Medicaid Services (CMS) beneficiaries. As part of that agreement, you committed to:
In addition to these requirements, your agreements with one or more NIA-funded studies may have included more or less restrictive cell suppression requirements. For example, the Health and Retirement Study (HRS) stipulates that you must redact cells with less than 3 in magnitude data and cells with less than 2 in frequency data, as described in HRS's Disclosure Limitation Review Web page.
To help you navigate these varying requirements, this section provides you with:
To uphold the privacy rights of CMS beneficiaries, our team and NIA-funded studies have:
While these measures support privacy rights, your team still has privacy obligations that you must uphold.
To uphold the privacy requirements for individuals in both CMS and NIA-funded study data:
©2022 MedRIC