limbal stem cells from Aniridia patients

basic access policy for RIMLS-Science

Data Access Policy for External Individuals/Organizations 1. Purpose The purpose of this data access policy is to establish guidelines and procedures for external individuals or organizations seeking access to our internally generated and/or processed data originating from human patients. The policy ensures the protection of patient privacy, compliance with applicable laws and regulations, and the ethical and responsible use of patient data for research and development purposes. 2. Scope This policy applies to all external individuals or organizations, including researchers, collaborators, or third-party vendors, who request access to our internally generated and/or processed data originating from human patients. It covers the entire process of accessing, handling, and utilizing the data. 3. Data Governance 3.1. Ownership: All internally generated and/or processed data originating from human patients is the property of our organization. We retain full ownership and control over the data. 3.2. Data Stewardship: A designated data steward(s) will oversee the management and governance of patient data, ensuring compliance with relevant laws and regulations, data privacy and protection requirements, and the enforcement of this policy. 4. Data Access and Usage 4.1. Application Process: External individuals or organizations seeking access to patient data must submit a formal application detailing their research objectives, methodology, data requirements, and intended use. The application should be sent to the designated data steward(s) for review. 4.2. Data Use Agreement: Prior to accessing patient data, external individuals or organizations must sign a data use agreement that outlines their responsibilities and obligations regarding the use, protection, and confidentiality of the data. The agreement should include restrictions on data sharing, data retention, and compliance with applicable laws and regulations. 4.3. Review and Approval: The data steward(s) will review the application, considering factors such as the legitimacy of the research purpose, the capabilities of the requesting party, and the safeguards in place to protect patient privacy. Access will be granted based on the discretion of the data steward(s) and in alignment with the organization's goals and obligations. 4.4. Data Handling: External individuals or organizations granted access to patient data must handle it in strict compliance with the data use agreement. They must ensure appropriate security measures are in place to protect the confidentiality, integrity, and availability of the data. 4.5. Data Monitoring: The organization reserves the right to monitor and audit the use of patient data by external parties to ensure compliance with this policy and the data use agreement. Any unauthorized access or suspicious activities must be reported to the data steward or appropriate authority immediately. 4.6. Data Retention and Destruction: Patient data provided to external individuals or organizations will be limited to what is necessary for the approved research purpose. Once the research objectives are fulfilled, the data must be securely returned or destroyed in accordance with the data use agreement and applicable legal requirements. 5. Privacy and Security 5.1. Privacy Protection: The privacy of patients and their data will be protected in accordance with applicable privacy laws and regulations. Anonymization and de-identification techniques will be employed to minimize the risk of re-identification. 5.2. Security Measures: External individuals or organizations granted access to patient data must implement appropriate technical and organizational security measures to protect the data against unauthorized access, disclosure, alteration, or destruction. They must comply with relevant security standards and conduct regular security assessments. 5.3. Breach Notification: In the event of a data breach or unauthorized disclosure of patient data by external parties, they must promptly notify our organization as well as affected individuals, regulatory authorities, and other relevant stakeholders, in accordance with applicable laws and regulations.