Minneapolis VA Health Care System Research Service
New Staff Orientation: Security
Staff Orientation: Overview | Administrative Expectations | Required Training | Security | Timekeeping & Travel
All personnel at the Minneapolis VA are required to adhere to VA rules and regulations covering digital and physical security. Personnel engaged in research have some additional responsibilities related to research data and records.
PIV Card
The PIV card is the digital identification card used by VA to enable computer access and physical access to secure areas of the facility. New employees and WOCs will complete a PIV Badge Request Form in the Research Office and will be advised on when to report to the PIV Office to have their biometrics captured.
You are required to have and display a VA issued PIV card when on VA property. PIV cards are the property of the VA and must be returned to the PIV Office when leaving the VA.
In addition to acting as a form of identification, your PIV card will also allow you to send and receive encrypted email messages and digitally sign documents.
Physical Security
Research personnel are typically assigned keys to access designated office or laboratory space. Requests for keys to research areas must be made by your immediate supervisor or PI through the Research Office. Keys should be returned to the Research Office if access to a specific space is no longer needed. All VA-issued keys must be returned to the Research Office before you leave the VA.
Access to secure research areas, such as the Research laboratory wings, is given on an as-needed basis and is regulated by your PIV card. Your supervisor must send a written request to the Research Office, and you must complete all required training, before access will be granted.
Digital Security
Research employees, including IPA and WOC employees, are granted the level of computer network access requested by their supervisor. Supervisors must make written requests to the Research ADPACs before any network accounts will be created r modified. To maintain access, employees are required to complete VA Privacy and Information Security Awareness and Rules of Behavior in TMS annually.
For assistance, including activation or re-activation of VA network accounts or PIV cards, contact Research ADPACs at VHAMINResearchADPAC@va.gov.
As a reminder, VA network accounts become inactive if not checked at least once every 90 days. It is an expectation that all VA research personnel, including WOCs, log in to their VA computer and check their VA email regularly.
WOCs who will be at the VA for more than 180 days will be required to complete a background check before they will be granted access to the VA information systems.
Data Security
All research project personnel are responsible for maintaining the security of data and records for active projects. When initiating a project, a secure study data folder must be created on the VA network (R drive) at R:\Data. The folder in which data are placed must be named using the approved project protocol number, and must be secured to prevent access for any persons other than approved study personnel. All study records and data must be stored in this folder. Access to the folder can be managed by the study team using instructions outlined in Adding or Removing Personnel in SFFX. Typically, the PI and lead study coordinator/laboratory technician are assigned permission to edit group membership in SFFX
Note: Some research groups or centers (CCDOR or RECOVER) maintain study data in alternate locations approved by the Research Office. These folders are secured and access-restricted using the same process as folders in R:\Data. When in doubt, contact the Research Office for guidance.
Once a project is closed, the PI must provide all paper and electronic study records and data for archiving. Please note that once a project closes, the research team is not allowed to retain copies of records containing PHI/PII.
Applicable policy and guidance:
Next: Timekeeping & Travel