Improving the lives of 10 million older adults by 2020

Data Management and Security:

CDSME National Database

May 23, 2017

CDSME & Falls Prevention Annual Grantee Meeting

2Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging

Data Support Team at NCOA

Angelica P Herrera-Venson, DrPH

Manager for Data & Evaluation

Center for Healthy Aging

National Council on Aging

Daniel Dennis

Associate Director, Systems Integration

National Council on Aging

Meghan Thompson (consultant)

IS Specialist

Sound Generations

3Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging

Session Overview

oCDSME National

Database –by the #’s

TA role of NCOA

Security measures

Quality Assurance practices

Tips for working with

vendors

Updates in Salesforce

Domo preview for reporting

4Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging

Technical Assistance – What can NCOA do for you?

Getting you set up in database

Troubleshooting Data Entry;

Migrating Data from Vendors

Assistance with pulling reports

and #s

Data analyses & evaluation

5Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging

CDSME National Database – By the #’s

313,737

Participants

(2010 – )

28,028

Workshops

200

User Accounts

50

Active Networks

30 former

grantees or

independent

active networks

20 currently funded

active grantees

41

States

6Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging

12 Programs in Database

HomeMeds

PEARLS

EnhanceWellness

Active Living Every Day

Enhance Fitness

Walk With Ease

Chronic Disease Self-Management Program

Diabetes Self-Management Program

Chronic Pain Self-Management Program

Positive Self-Management Program

Cancer: Thriving and Surviving

Arthritis Self-Management Program

Non-CDSME Program / Support Program

(a.k.a. Alternate)

CDSME / Stanford Suite Programs

(a.k.a. Standard)

7Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging

WannaCry? Everyone is Vulnerable

8Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging

You’ve Been Hacked

9Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging

Keeping Your Data Safe – General Safeguarding Practices

YES, CDSME/Falls contains sensitive PHI/PII data protected by Privacy Act

► Personal Health Information (PHI) – physical/mental health condition

► Personally Identifiable Information (PII) – name, zip code

Let your IT department guide your security protocols

Centralize data management; create accountability

Use CDSME or other secure database:

► Salesforce – HIPAA compliant (security features – TRUST site)

trust.salesforce.com

Train all staff handling forms and electronic data:

► Offer Privacy and Security Basics: https://www.ncoa.org/resources/privacy-and-

security-basics-for-cdsme-data-collection/

Require Non-Disclosure Agreements https://www.ncoa.org/resources/non-disclosure-

agreement/

10Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging

Protect Personally Identifiable Information (PII) & PHI

Provide summaries in aggregate form – no case-specific data

De-identify data

► Strip data of zip codes, phone #’s, names, SS#’s, medical record #’s, etc. (total of 18 identifiers).

Limit the # of users accessing Salesforce/CDSME National Database

Let us know as soon as someone leaves to deactivate their account

Discard forms once entered into secure database

11Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging

Data Use Agreements

What is a Data Use Agreement?contractual document used for the transfer of data that has been developed by nonprofit, government or private industry, where the data is nonpublic or is otherwise subject to some restrictions on its use

When is it needed?

► With research partners wanting full data exports (or excerpts of it) containing detailed case-level data? YES

► Use when sharing aggregate data to funder, partner, or the media? NO

Another rule of thumb: If you have an IRB in place, you probably need a DUA

Working with Research institutions:

► https://privacyruleandresearch.nih.gov/

12Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging

Protecting Your PII/PHI Against Hackers

Use complex passwords in Salesforce / CDSME National Database, Email accounts, and everywhere

Use HIPAA compliant software

to store data (e.g.Salesforce,

vendor databases)

Password-protect data files

Follow national security standards

(e.g. NIST)

Be aware of “Social Engineering” -

biggest weakness of organizations

Use Data-Encryption software on computers, esp. laptops, or on specific directories

Exchange PII data using Encryption via email (e.g. SharePoint, OneDrive)

Stay current with patches & anti-virus

updates

13Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging

Working with Vendors

Vendors / external database may be

► an internal organization or statewide system to track participant data

► a database exclusively for certain EBPs (e.g. EnhanceWellness)

► a private, for-profit or non-profit agency entirely focused on data management

needs

7 of the 20 active grantees currently work with vendors to track and manage their

workshop data

Migrating data to National CDSME Database:

► Grantee/network data must be formatted according to these fields:

https://www.ncoa.org/resources/data-migration-excel-template/

► Files are submitted to NCOA (Angelica) on a quarterly basis (or as large batches are completed) – flexibility

► Takes approximately 2-5 weeks from receipt to get data uploaded

• How can you make process faster? – complete and accurate data

► Receive a “Success file” from NCOA with new ID #’s

14Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging

15Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging

What to Ask Before Securing a Vendor

1. Conduct organizational assessment, capacity, and data management needs

1. Data can be shared in both directions – true for grantees with some organization

doing direct data entry, while others are consolidated in particular region/network

2. Ask for packages and clarify range of vendor services

3. Clarify vendor role in data cleaning and preparation, data entry

4. Request vendor ability to customize additional fields and allow for grantees to easily

pull reports from vendors’ databases

5. Ensure that software has appropriate protections and security practices

6. Vendor must agree to exchange of data with NCOA in secure format

MOST COMMON VENDORS: (alphabetical order).

QTAC

PeerPlace

Sound Generations

Workshop Wizard (COAW)

**Note that NCOA cannot formally recommend any one vendor.

16Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging

What’s else is new?

Form field updates

1CHA

Community Chatter

2Adding

new implementation

and host organizations

3Domo preview

4Online TA support

5