Security Requirements for Researchers

security research

Summary

Researchers at UTHSC work with data that often includes human subjects, Controlled Unclassified Information (CUI), HIPAA‑regulated information, or other sensitive classifications. This article outlines the security requirements, data classifications, and compliance expectations necessary to protect research data in alignment with UTHSC cybersecurity standards.

Prerequisites

Understanding of UTHSC data classifications

Active involvement in UTHSC research activities
Awareness of cybersecurity standards and practices
Ability to contact the Cybersecurity team when needed

Instructions

Overview

Researchers collect and manage sensitive information that must be protected to ensure confidentiality, integrity, and availability. UTHSC maintains a comprehensive security program and publishes Cybersecurity Standards and Practices.

UTHSC data classifications are defined in GP‑002 – Data and System Classification.

Key Data Classifications Relevant to Researchers

Classified Data categorized as national security information under Executive Order 12958 (as amended by Executive Order 13526) or Restricted Data under the Atomic Energy Act of 1954. Systems containing Classified data are not permitted on the UTHSC network. Contact the Cybersecurity team for guidance.
Confidential Data protected under federal/state law, regulation, or contract, or data that could cause significant financial, reputational, or legal harm if exposed. Examples include medical records, Social Security numbers, PCI‑regulated financial data, driver’s license numbers, non‑directory student records, authentication data, CUI, and export‑controlled technical data.

Most research data at UTHSC falls under the Confidential classification.