Updated 06.26.2026

NW Tribal Data Hub

FAQ

FAQ
(Frequently Asked Questions)

  1. Complete a Data Sharing Agreement and Data Hub Addendum. 
    1. Data Sharing Agreement (DSA) and Data Hub Addendum are documents that outline the roles of organizations bound by the agreement, what data will be shared, how long the agreement is in place, how the data will be used, who owns the data, identifies authorizing official(s) and their roles, and processes for confidentiality and security of the data. 
  2. Identify who will have Access and complete the User Request Form. 
    1. Once the DSA is complete and an authorizing official(s) has been identified. The authorizing official will need to identify who will have access to the NW Tribal Data Hub. The User Request Form is a document to authorize, renew, or remove users from the NW Tribal Data Hub. 
  3. Log in to your NW Tribal Data Hub account. 
    1. Once you have completed your new user form with the appropriate authorization from the Tribe’s Authorizing Official, NW Tribal Data Hub staff will send you a link to book an orientation meeting. Once orientation is booked, the team will email you an invitation to join the Data Hub. During the orientation meeting, you will learn how to log in, be granted access to your Tribe’s data, and provided a tour of the application. 

NW Tribes approve which users have access to their data in the NW Tribal Data Hub. 

To get access to the NW Tribal Data Hub, Tribes must complete a data sharing agreement (DSA) and Data Hub Addendum to identify the Tribe’s Authorizing officials who approve individuals who will have access to the data. Each individual must complete a User Request Form before receiving access to the NW Tribal Data Hub. 

For more information about gaining access to the NW Tribal Data Hub see Get Started. 

It is vital to the security of your organization’s data to notify NW Tribal Data Hub staff as soon as possible when users should no longer have access to your dashboards, such as when users change positions or leave employment with the Tribe.  

To remove a user, the authorizing official (listed in the data sharing agreement) should complete the upper portion of the Data Hub User Request Form and email it to the Data Hub team. If you are unsure who the Tribe’s authorizing official is or need to update the authorizing official contact us at datahub@npaihb.org. Please complete one form for each user whose access should be removed. Removing access does not require complete information for the user, but does require basic information: 

  • Enter your organization name. 
  • Check the removing user box. 
  • Complete the section on user informationname, and email. 
  • User job title, email, phone number, and signature attestation are not required for user removal. 
  • Complete the authorizing official (AO) section including:  
  • The authorizing official namesignature, and date are required and can be provided electronically. 
  • Leave the lower portion of the form blank it will be completed by the NPAIHB. 

 

Email the completed form to datahub@npaihb.org 

Urgent Requests: If there is a situation where you need an individual removed urgently, please contact us via phone (971) 430-2607. 

  • It is up to Tribal leadership and the Authorizing Official identified on the Data Sharing Agreement and Data Hub Addendum to identify who will have access to their NW Tribal Data Hub dashboards. Generally, users include: 

    • Public health staff, 
    • Tribal Health Director, 
    • Grant writers, 
    • Data analysts, and/or 
    • Anyone else identified by the Authorizing Official or leadership with a need to access the Tribal Area-specific data regularly. 

  • Tribes are sovereign nations with the power to govern their people, land, and resources without interference from other jurisdictions. Federally recognized Tribes have a government-to-government relationship with the U.S. government, and state-recognized Tribes have a government-to-government relationship with the states in which they are recognized. For more information see Tribal Data Sovereignty. 

  • Tribal data sovereignty is the inherent right of Tribes to control the collection, ownership, and use of their data. Data are an important tool for informing public health policies and decision-making and are key to building evidence-based Tribal health systems that protect and promote health for current and future generations. For more information see Tribal Data Sovereignty. 

  • There are three dashboards currently available in the NW Tribal Data Hub, on topics identified as priorities by NW Tribes: 

    • Drug overdose deaths 
    • Suicide death 
    • Leading causes of death 

     

  • The NW Tribal Data Hub plans to build a comprehensive health profile for Tribes including: 

    • Cancer, racial misclassification, diabetes, heart disease, and more. 

     

  • Access to dashboards must be authorized by the Tribe for their individual users. For more information about how to access dashboards, see: Get Started. Data cannot be released if it could potentially identify an individual. Data with non-zero counts of less than 5 and estimates derived from these counts will be identified as “suppressed” or “unreliable” and will not be displayed in any visuals in dashboards. For more information about data suppression and small numbers see the NW Tribal Data Hub Methods document. 

  • NWTEC relies on the input of NW Tribal Data Hub users and Tribal leaders to determine topics for new dashboards. Each summer, NWTEC sends out the NW Tribal Data Hub Annual Evaluation and Priorities Survey to identify NW Tribe’s priority public health topics. The Data Hub teams reviews input received from users, Tribal leaders, and other surveys to plan our upcoming dashboards and ensure alignment with Tribal priorities.  

  • Data security and protection are vital for supporting Tribal data sovereignty. We believe that your Tribe’s data belongs to you. As data stewards, the NWTEC takes the protection of Tribal data very seriously and has designed the NW Tribal Data Hub with multiple layers of security in place. Maintaining the security of the NW Tribal Data Hub is a shared responsibility between NWTEC, Tribes, and the cloud provider that hosts the NW Tribal Data Hub (Amazon Web Services, or AWS). 

    AWS is responsible for protecting the security of the cloud by maintaining the physical security and health of the infrastructure that runs all the cloud services, staying current on the latest cybersecurity standards, and maintaining security certifications.  

    NWTEC is responsible for security in the cloud by following the latest recommendations for secure cloud architecture designs, defining data management policies and protocols, and enforcing strict access controls.  

    Tribes can protect the security of their data by defining which users have access to their Tribe-Area data, coordinating user access with NWTEC, and following the policies outlined in the Terms of Use. These policies are in place to protect the security of Tribal data.  

    Individual users can protect the security of the NW Tribal Data Hub by following the security policies of their Tribes, the NW Tribal Data Hub Terms of Use, and being mindful of general security best practices. We recommend the following guidelines: 

    • Access the NW Tribal Data Hub only from private, secure connections. Do not connect to the NW Tribal Data Hub while on an open public internet network. VPN (virtual private network) connections are strongly recommended.  
    • Ensure your device screen is not visible to others who do not have the Tribe’s permission to access the NW Tribal Data Hub.  
    • When you have completed your session, log out of the NW Tribal Data Hub.  
    • Logging in to the NW Tribal Data Hub requires Multi-Factor Authentication. Protect the device used for MFA with strong passwords and/or biometric authentication.  
    • If you download a PDF report of your dashboard, protect it as you would any other sensitive information. 

  • There are multiple layers protecting the security of the NW Tribal Data Hub and protecting that security is a shared responsibility between the cloud provider, NWTEC, Tribes, and individual users. These layers can be broken down into physical security, cloud architecture, identity and access management, data management, monitoring, and disaster recovery. 

    Physical Security 

    This layer of security is about protecting the health and security of the physical infrastructure (i.e., physical hardware such as the servers) that house the data and services that comprise the NW Tribal Data Hub. These physical protections are the responsibility of the cloud provider, Amazon Web Services (AWS). 

    These protections include: 

    • Perimeter protections (fencing, barriers, security guards, etc.); 
    • Security surveillance and monitoring for both interior and exterior areas of the data center, with real-time alerts and CCTV recording of activity; 
    • Intrusion detection and security alerts; 
    • Restricted access with multiple layers of security controls, including biometric authentication; 
    • Environmental controls to monitor and control temperature, humidity, and other environmental health factors; 
    • Automated fire detection and suppression, and; 
    • Security updates and maintenance of the physical servers. 

     

  • Cloud Architecture 

    Cloud architecture refers to the overall design of how the system is built in the cloud. This is like a blueprint for the NW Tribal Data Hub. It defines how the rooms (services, such as our data visualization tool QuickSight), hallways (networks), locks (security controls), and utilities (storage and computing) are arranged so the whole system is safe, reliable, cost-efficient, and easy to use.  

    These protections include: 

    • Network firewalls and security protocols; 
    • Continuous, centralized logging and monitoring; 
    • Strict access controls and centralized identity and access management; 
    • Data protection and encryption algorithms validated by National Institute of Standards and Technology (NIST); 
    • Access to the database or data storage is strictly controlled and restricted to within our Virtual Private Cloud (VPC); 
    • FedRAMP and HIPAA-compliant services and architecture; 
    • Automated backups and disaster recovery. 

    This multi-layered design protects the privacy, security, and availability of the NW Tribal Data Hub. Identity and Access Management 

    Identity and Access Management refers to the management of users and their privileges within a system. The NW Tribal Data Hub uses centralized identity and access management for both NWTEC staff and Tribal users of the NW Tribal Data Hub with Single Sign-On (SSO) enabled. This simplifies the task of user and permissions management, provides a better user experience, and enables additional layers of security. 

    These protections include: 

    • Enforced session time-outs help us protect against unauthorized access because someone forgot to sign out of their account on a shared device. 
    • Multifactor authentication and/or one-time passwords are required for all users – this adds an extra layer of authentication and protects against unauthorized use of credentials to gain access to the system. 
    • All users are federated through configured identity providers with enforced MFA (see above). Only after an identity is authenticated through the identity provider (for example, Microsoft Entra ID) is access granted to the system. 
    • There are no passwords stored within AWS. 
    • Role-based security groups follow the principle of least privilege – each user has access only to the resources and actions required for their role. 
    • Row-level security groups protect Tribal-Area data at the row level by restricting access to only the individuals specified by the Tribe. 
    • No one except NWTEC staff and individuals specified by the Tribe can access Tribal-Area data. 
    • Tribes cannot view another Tribe’s area-specific data. 

     

 

  • Data Management 

    The NW Tribal Data Hub has defined multiple data management policies and protocols to protect data throughout the data lifecycle. 

    These protections include: 

    • Data in the cloud are encrypted using secure industry-standard AES-256 encryption algorithms both at rest (i.e., in the database) and while in transit (i.e., when data are uploaded to cloud storage). Encryption keys are securely stored, strongly protected, and automatically rotated regularly. 
    • Data are uploaded to the cloud from secure, encrypted connections. 
    • Data are stored in a Virtual Private Cloud with no public access. 
    • Access to data is restricted and strictly controlled. 
    • The privacy of individuals is protected by presenting only de-identified and aggregated (grouped) data in data visualizations to prevent individuals from being identified. 
    • Small number standards are followed. Statistical analyses based on a small number of cases will not be released to ensure individuals’ confidentiality and statistical reliability. See the NW Tribal Data Hub Methods for additional details on small numbers suppression. 

     

  • Artificial Intelligence (AI) Restrictions 

    NPAIHB has a strict policy prohibiting the use of generative AI to protect Tribal data sovereignty. While many companies and cloud providers such as AWS continue to push new AI features, the NW Tribal Data Hub has explicitly disabled the use of any of these features at the account, security group, and user level. We continuously monitor new features and adjust our security policies as needed to keep the NW Tribal Data Hub protected. 

    Users may occasionally see messages about AI features in the QuickSight data visualization tool. These messages may pop-up but can be ignored because the AI features have been disabled. At no point in time does any generative AI model have visibility or access to any Tribal data through the NW Tribal Data Hub. 

    Centralized Auditing, Logging, and Monitoring 

    The NW Tribal Data Hub has a continuous log of all network traffic and user access and activities within the NW Tribal Data Hub. These logs are stored in a centralized, isolated, and immutable environment with restricted access.  

    Automated alerts inform our IT team immediately if suspicious activity, security issues, or issues with the health of the environment are detected.  

    Disaster Recovery 

    Disaster recovery refers to the ability to restore access and functionality to the system in the event of a disaster, whether this is a natural event (such as a fire), human error (such as deleting infrastructure by accident), or a technical failure (such as a health issue with a compute instance).  

    The secure NPAIHB server contains raw backups of data files. 

    These files are backed up: 

    • Locally: 
    • Twice a day 
    • To an external on-site storage nightly  
    • To a secured off-site storage location weekly  
    • In the cloud: 
    • Uploaded files are archived and retained in encrypted, secured storage for recovery purposes.  
    • Automated backups of the database are created multiple times a day. These backups are encrypted with protected keys that are automatically rotated.  
    • The database and other services are deployed in multiple availability zones, allowing for automated failover if a disaster were to impact one region.  
    • Automated scaling of multiple services allows the NW Tribal Data Hub to dynamically adjust to the needs of users. 

    For more information about how NWTEC manages and stewards data, see the NWTEC Data Governance Handbook. 

  • NPAIHB has a strict policy prohibiting the use of generative Artificial Intelligence (AI) to protect Tribal data sovereignty. While many companies and cloud providers such as AWS continue to push new AI features, the NW Tribal Data Hub has explicitly disabled the use of any of these features at the account, security group, and user level. We continuously monitor new features and adjust our security policies as needed to keep the NW Tribal Data Hub protected. 

    Users may occasionally see messages about AI features in the QuickSight data visualization tool. These messages may pop-up but can be ignored because the AI features have been disabled. At no point in time does any generative AI model have visibility or access to any Tribal data through the NW Tribal Data Hub. 

  • Tribal areas include the county or counties that form the Tribe’s Purchased/Referred Care Service Delivery Area (PRCDA) as defined by Indian Health Service (IHS). These areas may occasionally change and are listed on the IHS website and in the NW Tribal Data Hub Methods. This means that you will be able to view the combined data for all counties included in your PRCDA. If your PRCDA consists of only one county, you will be able to view data for that county. 

    Since many state and federal data systems do not collect reliable information on tribal affiliation or descendancy, the NW Tribal Data Hub reports data on all American Indian or Alaska Native people residing within a Tribe’s PRCDA. 

    What regions should I be able to see in the NW Tribal Data Hub? 

    Every user will be able to see data for the following regions: 

    • NW Region (Idaho, Oregon, and Washington combined), 
    • Idaho 
    • Oregon 
    • Washington 
    • Your Tribe’s Tribal Area  

     

  • Tribal areas include the county or counties that form the Tribe’s Purchased/Referred Care Service Delivery Area (PRCDA) as defined by Indian Health Service (IHS). These areas may occasionally change and are listed on the IHS website and in the NW Tribal Data Hub Methods. This means that you will be able to view the combined data for all counties included in your PRCDA. If your PRCDA consists of only one county, you will be able to view data for that county. 

  • Tribal areas include the county or counties that form the Tribe’s Purchased/Referred Care Service Delivery Area (PRCDA) as defined by Indian Health Service (IHS). These areas may occasionally change and are listed on the IHS website and in the NW Tribal Data Hub Methods. This means that you will be able to view the combined data for all counties included in your PRCDA. If your PRCDA consists of only one county, you will be able to view data for that county. 

    Since many state and federal data systems do not collect reliable information on tribal affiliation or descendancy, the NW Tribal Data Hub reports data on all American Indian or Alaska Native people residing within a Tribe’s PRCDA. 

    What regions should I be able to see in the NW Tribal Data Hub? 

    Every user will be able to see data for the following regions: 

    • NW Region (Idaho, Oregon, and Washington combined), 
    • Idaho 
    • Oregon 
    • Washington 
    • Your Tribe’s Tribal Area  

     

  • Tribal areas include the county or counties that form the Tribe’s Purchased/Referred Care Service Delivery Area (PRCDA) as defined by Indian Health Service (IHS). These areas may occasionally change and are listed on the IHS website and in the NW Tribal Data Hub Methods. This means that you will be able to view the combined data for all counties included in your PRCDA. If your PRCDA consists of only one county, you will be able to view data for that county. 

  • NWTEC includes all individuals whose records include AI/AN status or Tribal affiliation, alone or in combination with any other race or ethnicity. When possible, NWTEC uses the Northwest Tribal Registry to correct AI/AN records misclassified as non-AI/AN in a process called a record linkage. For more information about definitions of AI/AN and record linkage/racial misclassification, see the NW Tribal Data Hub Methods. 

    Since many state and federal data systems do not collect reliable information on tribal affiliation or descendancy, the NW Tribal Data Hub reports data on all AI/AN people residing within each region, including your Tribal Area PRCDA. While this is not a perfect system for reporting data on Tribal members or residents, this approach provides an approximation of health risks and outcomes for American Indian and Alaska Native people residing in the region.  

  • The NWTEC is dedicated to ensuring Tribes have timely data. The NW Tribal Data Hub team regularly updates the dashboard data as new data are received from state and federal data partners. Update times vary by data source (tribal, state, or federal), data sharing agreements, and the frequency at which data are received from the data source.  

    Currently, the dashboards available in the NW Tribal Data Hub use state death certificate data, which are updated approximately once per year after new records from each state are received and corrected by NWTEC for racial misclassification.  

  • If there is data that would be helpful for your public health needs, please let us know. The NW Tribal Data Hub prioritizes which data to add based on Tribal feedback. Tribes can provide feedback by emailing datahub@npaihb.org or completing the NW Tribal Data Hub Annual Evaluation and Priorities Surveysent out each summer 

Technical Assistance

The NW Tribal Data Hub staff provides Tribes in Idaho, Oregon, and Washington with technical assistance for the use of the NW Tribal Data Hub.

We have accumulated a list of frequently asked questions below. Click the question to expand the answer. If you need assistance you may submit a Support Request.

Click to expand.

Helpful Links