Security architecture for multi-site patient records research.

A security system was developed as part of a patient records research database project intended for both local and multi-site studies. A comprehensive review of ethical foundations and legal environment was undertaken, and a security system comprising both administrative policies and computer tools was developed. For multi-site studies, Institutional Review Board (IRB) approval is required for each study, at each participating site. A sponsoring Principal Investigator (PI) is required at each site, and each PI needs automated enforcement tools. Systems fitting this model were implemented at two academic medical centers. Security features of commercial database systems were found to be adequate for basic enforcement of approved research protocols.