The Discovery-DCC can contribute to the success of grant proposals and the conduct of studies through a number of key functions:
- Translating clinical and scientific questions into appropriate study designs and analysis strategies for funding proposals
- Calculating sample size or power estimates that are consistent with the associated analysis strategies and specific to the research phase and design type
- Conducting standard and novel statistical analyses and writing methods and results for manuscripts, reports, or presentations Developing data collection forms and web-based data management using Research Electronic Data Capture (REDCap) Cloud
- Maintaining effective data management and producing ongoing recruitment and safety reports for data safety monitoring boards (DSMBs) and other committees
- Providing other logistical support as needed for specific RFAs
The Discovery-DCC shall be responsible for the communication, coordination, storage, maintenance, and integrity of data collected from all sites involved in a study. The Discovery-DCC shall also have primary responsibility for statistical analysis to support the study. The study PI(s) shall work closely with Discovery-DCC staff to provide general direction, oversight of adverse event (AE) reporting, and data presentation, and may carry out additional aspects of administrative, clinical, and technical expertise and leadership in the design and coordination of the study, in collaboration with the data coordinating center and PI(s).
SCCM will maintain a data coordinating center that meets the administrative, physical, and technical safeguards required by the U.S. Department of Health and Human Services’ Health Insurance Portability and Accountability Act (HIPAA) regulations to support programs.
All sites participating in a multisite research program must be HIPAA-compliant and must demonstrate that they have policies on the use of, and access to, any data collected and stored at the site. This includes transferring, removing, disposing of, and reusing electronic media and electronic protected health information (ePHI).
Technical safeguards require access control to allow only authorized people to access ePHI. Access control includes using unique user IDs, an emergency access procedure, automatic logoff, and encryption and decryption.
Audit reports or tracking logs must be implemented to keep records of activity on hardware and software. This is especially useful for pinpointing the source or cause of any security violations.
Technical policies should also cover integrity controls or measures put in place to confirm that ePHI has not been altered or destroyed. Information technology disaster recovery and offsite backup are key to ensuring that any electronic media errors or failures can be quickly remedied and ePHI recovered accurately and intact. Network, or transmission, security is the last technical safeguard required of HIPAA-compliant hosts to protect against unauthorized public access of ePHI. This concerns all methods of transmitting data, whether it be email, Internet, or even private network, such as a private cloud.
The Discovery-DCC can serve in multisite studies as the data coordinating center, although this is not required if the researchers prefer to use a different data coordinating center that meets the criteria of Discovery, as noted below in Data Policies and Health Insurance Portability and Accountability Act Compliance.