data management and security: cdsme national database · 2017-05-23 · data can be shared in both...
TRANSCRIPT
Improving the lives of 10 million older adults by 2020
Data Management and Security:
CDSME National Database
May 23, 2017
CDSME & Falls Prevention Annual Grantee Meeting
2Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging
Data Support Team at NCOA
Angelica P Herrera-Venson, DrPH
Manager for Data & Evaluation
Center for Healthy Aging
National Council on Aging
Daniel Dennis
Associate Director, Systems Integration
National Council on Aging
Meghan Thompson (consultant)
IS Specialist
Sound Generations
3Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging
Session Overview
oCDSME National
Database –by the #’s
TA role of NCOA
Security measures
Quality Assurance practices
Tips for working with
vendors
Updates in Salesforce
Domo preview for reporting
4Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging
Technical Assistance – What can NCOA do for you?
Getting you set up in database
Troubleshooting Data Entry;
Migrating Data from Vendors
Assistance with pulling reports
and #s
Data analyses & evaluation
5Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging
CDSME National Database – By the #’s
313,737
Participants
(2010 – )
28,028
Workshops
200
User Accounts
50
Active Networks
30 former
grantees or
independent
active networks
20 currently funded
active grantees
41
States
6Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging
12 Programs in Database
HomeMeds
PEARLS
EnhanceWellness
Active Living Every Day
Enhance Fitness
Walk With Ease
Chronic Disease Self-Management Program
Diabetes Self-Management Program
Chronic Pain Self-Management Program
Positive Self-Management Program
Cancer: Thriving and Surviving
Arthritis Self-Management Program
Non-CDSME Program / Support Program
(a.k.a. Alternate)
CDSME / Stanford Suite Programs
(a.k.a. Standard)
7Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging
WannaCry? Everyone is Vulnerable
8Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging
You’ve Been Hacked
9Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging
Keeping Your Data Safe – General Safeguarding Practices
YES, CDSME/Falls contains sensitive PHI/PII data protected by Privacy Act
► Personal Health Information (PHI) – physical/mental health condition
► Personally Identifiable Information (PII) – name, zip code
Let your IT department guide your security protocols
Centralize data management; create accountability
Use CDSME or other secure database:
► Salesforce – HIPAA compliant (security features – TRUST site)
trust.salesforce.com
Train all staff handling forms and electronic data:
► Offer Privacy and Security Basics: https://www.ncoa.org/resources/privacy-and-
security-basics-for-cdsme-data-collection/
Require Non-Disclosure Agreements https://www.ncoa.org/resources/non-disclosure-
agreement/
10Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging
Protect Personally Identifiable Information (PII) & PHI
Provide summaries in aggregate form – no case-specific data
De-identify data
► Strip data of zip codes, phone #’s, names, SS#’s, medical record #’s, etc. (total of 18 identifiers).
Limit the # of users accessing Salesforce/CDSME National Database
Let us know as soon as someone leaves to deactivate their account
Discard forms once entered into secure database
11Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging
Data Use Agreements
What is a Data Use Agreement?contractual document used for the transfer of data that has been developed by nonprofit, government or private industry, where the data is nonpublic or is otherwise subject to some restrictions on its use
When is it needed?
► With research partners wanting full data exports (or excerpts of it) containing detailed case-level data? YES
► Use when sharing aggregate data to funder, partner, or the media? NO
Another rule of thumb: If you have an IRB in place, you probably need a DUA
Working with Research institutions:
► https://privacyruleandresearch.nih.gov/
12Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging
Protecting Your PII/PHI Against Hackers
Use complex passwords in Salesforce / CDSME National Database, Email accounts, and everywhere
Use HIPAA compliant software
to store data (e.g.Salesforce,
vendor databases)
Password-protect data files
Follow national security standards
(e.g. NIST)
Be aware of “Social Engineering” -
biggest weakness of organizations
Use Data-Encryption software on computers, esp. laptops, or on specific directories
Exchange PII data using Encryption via email (e.g. SharePoint, OneDrive)
Stay current with patches & anti-virus
updates
13Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging
Working with Vendors
Vendors / external database may be
► an internal organization or statewide system to track participant data
► a database exclusively for certain EBPs (e.g. EnhanceWellness)
► a private, for-profit or non-profit agency entirely focused on data management
needs
7 of the 20 active grantees currently work with vendors to track and manage their
workshop data
Migrating data to National CDSME Database:
► Grantee/network data must be formatted according to these fields:
https://www.ncoa.org/resources/data-migration-excel-template/
► Files are submitted to NCOA (Angelica) on a quarterly basis (or as large batches are completed) – flexibility
► Takes approximately 2-5 weeks from receipt to get data uploaded
• How can you make process faster? – complete and accurate data
► Receive a “Success file” from NCOA with new ID #’s
14Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging
15Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging
What to Ask Before Securing a Vendor
1. Conduct organizational assessment, capacity, and data management needs
1. Data can be shared in both directions – true for grantees with some organization
doing direct data entry, while others are consolidated in particular region/network
2. Ask for packages and clarify range of vendor services
3. Clarify vendor role in data cleaning and preparation, data entry
4. Request vendor ability to customize additional fields and allow for grantees to easily
pull reports from vendors’ databases
5. Ensure that software has appropriate protections and security practices
6. Vendor must agree to exchange of data with NCOA in secure format
MOST COMMON VENDORS: (alphabetical order).
QTAC
PeerPlace
Sound Generations
Workshop Wizard (COAW)
**Note that NCOA cannot formally recommend any one vendor.
16Improving the lives of 10 million older adults by 2020 | © 2017 National Council on Aging
What’s else is new?
Form field updates
1CHA
Community Chatter
2Adding
new implementation
and host organizations
3Domo preview
4Online TA support
5