- Standard Operating Procedure: details database security, de-identification of data, access to identified data, data delivery, and data use agreement.
- Data Use Agreement: all users must agree to these parameters of data usage.
- MSDW Database Access Agreement: all users requesting direct database connection must submit the access agreement.
- Chargeback Policy: custom Data Warehouse programming is charged at $180/hour (see policy provisions and applications)
MSDW Database Access Agreement
This MSDW Database Access Agreement is for those requesting direct connection to the Mount Sinai Data Warehouse and may not be applicable to all users. Please reference the criteria for direct connection to determine if this agreement applies to you. A downloadable PDF of this agreement is available.
Any person (“end user”) who seeks direct database access to the Mount Sinai Data Warehouse (MSDW) must attest and consent to the terms of this agreement.
This agreement specifies the “rules of the road” to which any user with direct database access to MSDW2 must adhere.
These rules include Federal and New York State regulations, as well as Mount Sinai policies.
Federal & State Regulatory Compliance
For Human Subjects research uses, I certify that I have completed all Mount Sinai training required by the Program for Protection of Human Subjects (PPHS), and agree to abide by all PPHS requirements pertaining to access, storage, sharing, and review of data.
When I access MSDW, I will adhere to the “minimum necessary” principle; I will access only those data relevant to my IRB-approved research project or department-approved quality improvement (QI) project.
I will abide by all regulations pertaining to the access and usage of protected data, including but not limited to the following:
- Health Insurance Portability and Accountability Act (HIPAA)
- 42 CFR Part 2 (Confidentiality of Substance Use Disorder Patient Records)
- New York State Article 27-F (HIV and AIDS Related Information)
I will not re-use or re-disclose any data obtained for an IRB-approved research project without explicit permission from the IRB.
I will not attempt to re-identify any data that has been de-identified via any means or method.
IT Security Policies
I will not share my account credentials with any other user for any purpose.
I will not use my account credentials for any scheduled or triggered automated processes (i.e., any usage that should be performed by a service account rather than an individual account).
I will not attempt to circumvent MSDW’s user-access controls for data security, privacy, and regulatory compliance.
Mount Sinai Policies
I will not use my access to enable connections to the database by any business intelligence tools, reporting tools, or other software applications that provide query capabilities to anyone other than myself.
I will not attempt to mimic the MSDW team’s service offerings or other analytics tools without the written consent of the MSDW team.
I acknowledge that all data access is subject to Mount Sinai Health System’s data privacy and security policies, and applicable laws.
I acknowledge that my failure to adhere to these policies may result in forfeiture of my access and subject me to the penalties specified in Mount Sinai Health System’s policies.
I acknowledge that my usage of the data is my responsibility, including data validation, assessment of its suitability for my use, aggregation, analysis, and presentation.
I acknowledge that my access to MSDW is “read only”; all modifications to database objects or data content will be performed by the MSDW team.
I acknowledge that my access to and usage of the MSDW system is logged and may be audited at any time.
I acknowledge that the availability of or ability to connect to the MSDW is not guaranteed by the MSDW team for any time period due to scheduled periodic maintenance and unscheduled outages.
I attest that I possess the skill and experience with Structured Query Language (SQL), and any tools used by me that generate such SQL queries, that is necessary to avoid negatively impacting any other users or data-loading processes on the MSDW system.
I agree to report any data anomalies or apparent mis-configuration of user-access or data security & privacy controls to the MSDW team for investigation and remediation, as appropriate.
I agree to notify the MSDW team immediately of any change to my role or position at Mount Sinai, including any reduction to less than full-time or less than 100% dedicated to Mount Sinai.
I acknowledge that the MSDW team reserves the right to terminate my queries, my connections, or my database access at any time due to violations of any of the above, or for any reason deemed necessary by the MSDW team or Mount Sinai Information Technology leadership.