Research Updates - McLean Hospital Research Community

Download Report

Transcript Research Updates - McLean Hospital Research Community

Research Town Meeting

October 29, 2014 Research Administrators Workgroup

Version: for posting

Agenda

     Welcome  Research Updates (

Rauch

) Leadership, Space, Performance & Metrics  Studies of Light and Dark (

Richter, Chateaneuf, Yale, Zurba

)  Dark: Stories of the Dark side and how the institution is protecting you and your research Light: Making sense of research data: How Research and Information Security is helping Anne M. Cataldo Excellence in Mentoring Award (

Greenfield & Rauch

) Reception 2

Welcome

Research Updates

• Dr. Ressler – New CSO and Chief, Depression & Anxiety Division • Due to begin full-time August 2015 • Already engaged in meetings and planning • His lab personnel will start arriving in spring 2015 • • Located on 1 st floor of Mailman and 3 rd floor of Oaks. Most of his lab and equipment will arrive in summer 2015 4

Research Metrics

RESEARCH METRICS Research Activity FY10 FY11 FY12 FY13 FY14

$s in thousands

Federal Applications - Awarded (#) Federal Applications - Awarded ($) Federal Success Rate (%) Center and Consortium Grants K awards Investigators winning 1st R01 (or equivalent) 27 28,176

13.2%

3 17 1 (

Silveri

) 36 49,818 23 17,716

24.5%

1 17 1 (

Ongur

)

25.3% 1 16

Research Financials

Direct Research Revenue Indirect Research Revenue Total Research Revenue Effective Indirect Cost Recovery Rate $30,516 $7,510 $38,026 24.6% $32,706 $10,838 $43,544 33.1% $31,964 $10,538 $42,501 33.0%

16 17,235 11.3% 1 17

0 $33,710 $10,977 $44,687 32.6%

47 30,248

Based on fund set-up

36.4% 0 11

1 (

Nickerson

)

# awarded /# of application (DHHS,ARRA, other Federal) Grants with >$1 million/year in federal funding (P50, U01)

$33,073 $10,332 $43,405 31.2%

Direct research revenue = direct research expense = Indirect Revenue/Direct Revenue

Research Personnel

Full Time Equivalent (FTE) Employee Count (# of people) Principal Investigators (PI's)

FY10

283 385 127

FY11

286 361 132

FY12

313 370 140

FY13 297 410 140 FY13 314 386 140

Proposals Submitted Trend by Fiscal Year 160 140 120 100 40 20 80 60 0 312 2011 246 2012 312 2013 296 2014 DHHS Non-Profit Foundations All Other Sponsors Industry/Corporate Other Federal ARRA

McL Research Revenue Trends

Research Revenues

$60 $50 $40 $30 $20 63% 64% 60% $10 $0 FY01 FY02 FY03 FY04 FY05 FY06 FY07 FY08 FY09 FY10 FY11 FY12 FY13 FY14 DHHS Other Federal Industry / Corporate All Other Source: PHS Research Revenues FY01- FY14 Actual. Note: Research Activity, excludes Other Science and P&L adjustments 7

Research Revenue Metrics

• In FY2014, Total Direct Costs were favorable to budget • TDC Actual = $33.1M; Budget = $31.8M (FY13 = $33.7M) • In FY2014, Indirect Costs were unfavorable to budget • IDC Actual = $10.3M; Budget = $11.0M (FY13 = $11.0M) • Reflects shift from Federal to alternative funding sources at lower indirect cost rates (e.g., foundation, industry, philanthropy) • Indirect cost recovery impacts financial performance of the hospital 8

Conclusions

• Overall research at McLean remains robust & successful • Major investments being made in physical plant • New CSO; additional recruitments ongoing • Shifts from Federal to alternative funding sources reflect national & Partners-wide trends • Indirect rate negotiation with NIH to occur in FY15 9

Studies of Light and Dark Research Town Hall

Studies of Light and Dark

Light:

Making Sense of Research Data: How Research and Information Security is helping

Dark:

Stories of the Dark side and how the institution is protecting you and your research Brent Richter, Associate Director, Enterprise Research Nicholas Yale, McLean Site Manager, Enterprise Research Joe Zurba, Research Information Security Officer Christine Chateauneuf, McLean Information Security Officer, October 2014-Research Town Hall

Real stories that happen every day – Joe Zurba & Christine Chateauneuf

Light: How We Make Sense of Research Data

and

Help Collaboration Data Classification Technology/Tools Information Security Syncplicity, Send Secure Nick Yale and Brent Richter Data Classification Policy & Data Classification Standards drafted Brent Richter and Joe Zurba Understand Technology-EWS Survey Feedback Joe Zurba Education and Training Information Security and Privacy Office (ISPO) Christine Chateauneuf/Joe Zurba 12|

Collaboration-Nick Yale/Brent Richter

What do I use to store or share data?

Tool

Secure File Transfer http://transfer.partners.org

What is it?

Large file share Send Secure http://rc.partners.org/emailencry ption/ Shared File Area (SFA) http://rc.partners.org/storage/sfa Email Encryption Internal file share & storage

Internal

Research Interactive Storage (RFA) http://rc.partners.org/storage/rfa Syncplicity http://rc.partners.org/syncplicity Internal file share & storage File share, sync & storage

External

Syncplicity – What is it?

Online file-sharing and collaboration tool

• • • Synchronizes files and folders across multiple devices Cross-Platform: Mac, Windows, Android, iOS, WP8 Share files and folders with collaborators outside of Partners • • Can be used to share files with Partners co-workers HIPAA Compliant, safe for use with ePHI and PII data 1 5 ** Syncplicity is the only collaboration tool of its kind currently approved by the Chief Information Security & Privacy Officer for transporting or storing Partners Confidential Data. 15

Syncplicity – Why should I use it?

How do I get started?

1) Request online from the PHS-EGI (Ergonomic Group) website: http://web1.ergogroup.com/partners/ • Research Instructions: How to place an order in PHS Ergonomics (EGI).

2) If approved, you will receive a welcome email from Partners with basic instructions to install the client. 3) FAQs / Screenshots / Best Practices in ERIS KnowledgeBase: http://rc.partners.org/kbase?cat_id=85 Website: http://rc.partners.org/syncplicity Contact: [email protected]

Licensing Costs

1 7 Licensing • All licenses include unlimited* storage • Licenses 0-1200: $0 until August 2016. $50/year thereafter • Licenses 1201+: $50/year. Licenses run annually from August to August (costs will be pro-rated if purchased out of annual cycle) Ordering: • Via EGI:

http://web01.ergogroup.com/partners

Support: • • Via Partners Service Desk EMC or ERIS KnowledgeBase Website: http://rc.partners.org/syncplicity Contact: [email protected]

Data Classification-Brent Richter/Joe Zurba

How Data is Classified Today

Confidential or PII/PHI •All Data and information generated within Partners and Hospitals •Research, Administration, etc

Proposed Data Classification (Research)

High Risk

• Extremely Sensitive PII/PHI • National Security • Criminal Liability if Disclosed

Confidential

• Contractual or Regulatory Data • PHI or PII • Financial Information • Legal, Regulatory, or Serious Legal, Psychological, Social, Financial Harm if Disclosed

Institutional

• Non-confidential data that Partners has chosen to keep private • Expectation of Privacy • Small Reputational Risk if Disclosed 20

Proposed Data Classifications • • •

Institutional Information

– Information, the disclosure of which would not cause material harm, but which an organization has chosen to keep confidential – There is an expectation of privacy • Data that is: de-identified, unpublished work, Personnel records, IP or Patentable, building plans, etc

Confidential Information

– Information that would cause material, or serious harm to individuals if released • PHI, PII, PCI and FERPA information, IP and IRB-sensitive data, financial records, donor information, genetic information,…

High Risk / National Security

– Information that would cause severe harm to individuals or Partners Healthcare if disclosed 21

A Practical Approach to Securing Devices

2     Device Prerequisites Applications and data are grouped into the logical privacy pools Each pool has a privacy classification As the privacy classification increases so does the set of device prerequisites necessary to access* pool The specific requirements to be a trusted device will vary by the pool accessed*  Requirements are defined by the application and data owner *Note: privacy classification also applies to the devices where data objects are stored Partners network + Specific information pool • • security requirements Partners Device Policy Additional NAC verifications • Partners Network NAC verification connection • Public Internet No prerequisites

Trusted Device Semi-trusted Device Untrusted Device

Pool Privacy Classification 3: High Risk Information which, if disclosed, would cause serious or severe harm to individuals or organizations 2: Confidential Information which contains personally identifiable health data 1: Institutional Information which Partners has chosen to keep confidential 0: Public Information which is publicly available 22

Technology and Tools-Exchange Web Services (EWS) Survey-Joe Zurba

History

• Partners has a goal to increase security for all Internet facing applications by implementing 2-factor authentication and security questions • EWS, or Exchange Web Services, is the protocol that allows Macintosh computers to communicate with Partners’ email servers for Outlook and Apple Mail • *PC users have to use VPN from outside of Partners in order to use Outlook • VPN is a way to enforce 2-factor authentication • VPN, or Virtual Private Networking, is software that creates a secure tunnel between your machine and the Partners network 24 24

The Survey

• Gather feedback from our research community • Sent to Research email lists at McLean, BWH, MGH, SRH, as well as EFGH • Asked 7 to 9 questions about how the proposed change would affect you and how you work 25

The Results 339 Full Responses 437 Total Responses

The Results (cont)

59% Use Outlook or Apple Mail Remotely 58% Do Not Use VPN 67% It Will Affect How Mail is Accessed 57% Not Worth the Increase in Security 7% Use Gmail or Another Provider for Partners’ Business 27

Lessons Learned

You Said……

• • • • • • • • • • I don’t have confidential information in my email so there’s no security risk Password breaches are not common VPN is unreliable, complex, and inconvenient Security is a trade off between access and protection It’s excessive The survey is too technically worded I don ’t care about security Will it affect my iPhone?

Convince me that it will improve security Anything that requires a high level of security should not be on the common network 29

We Heard You….

• • The EWS retirement is on hold • • Looking at alternative technologies that would have less of an impact Looking for the “right amount of security” But… This may be inevitable 30

The Dark Side-How We Protect You and Your Research

The Partners Information Security and Privacy Office (ISPO) • Detected 4,789 Viruses • Stopped 5 Mil + unintended recipients • Spam, etc.

McLean Top 2: Phishing-User response to emails which generate malware Encryption-All mobile devices used for business purposes Education and Training • User responses still result in malware and viruses from Phishing e-mails • Security Bulletins • Information Security and Privacy Week (10/27-10/31) • Staff Meetings • Other?

Your help maintains our ability to obtain and retain grants, provide care to patients (reputation), etc. 31

Discussion & Feedback

32|