Show
OverviewThe safeguarding of human subjects is of paramount importance to the UCSC Institutional Review Board (IRB) as the IRB is charged with protecting human subjects and their private identifiable information. Human subjects data stored on computers in text, photo, video or other formats can be compromised through theft or hacking, and subjects may be put at risk of harm from a data breach. In addition to the risk to subjects, the cost of reproducing, restoring, or replacing stolen or lost data highlights the need for a comprehensive data protection plan. Investigators should specifically address how they will safeguard human subject data stored in electronic and non-electronic formats in their study submissions. Protection of Electronic DataTheft and hacking are particular concerns with electronic data. Many research studies involve the collection and maintenance of human subjects data that could become the target of hackers. The following precautionary measures are recommended when dealing with electronic data:
Additional
Resources: back to top Access to Sensitive InformationWhen accessing restricted or confidential data and/or systems (e.g., health information protected under the HIPAA Privacy Rule, social security numbers, etc.) or other sensitive data as informed by the IRB/ORCA, use Protection Levels for UC Institutional Information to determine the protection levels of your human subjects research data. Be sure to follow appropriate Practices for Protecting Electronic P3 - P4 Data. back to top Additional Protections
If conducting study surveys, use an approved survey platform (i.e., Qualtrics). If a non-approved platform is to be used, be sure to review their data security measures and discuss with your ITS Divisional Liaison. If appropriate, a backup data source should be stored on a file on a UCSC secure server. back to top Report a Theft or Breach
back to top Researcher Record RetentionUCSC requires the study Principal Investigator to keep administrative and study records (approved IRB documents, signed consent forms, data collection documents, etc.) for a minimum of three years after the close of the study. Longer retention periods may be required, such as for records pertaining to Protected Health Information under the HIPAA Privacy Rule, FDA regulated studies, or based on sponsor contract requirements. Investigators are also required to take measures to prevent accidental or premature destruction of these documents. Once a study has been completed, study investigators may keep the data they collected, including identifiable private data, if consistent with the IRB-approved/exempt certified study. Study investigators should continue to honor any data confidentiality protections outlined in the IRB-approved/exempt certified study. Study investigators should also honor any other commitments that were agreed to as part of the approved/certified study. For example, providing information about the study results to research subjects, or honoring commitments for compensation to research subjects for research participation. For more information see UCSC IRB Policy on Records Retention. back to top What are some safeguards she could use to protect subject privacy and data confidentiality?Guidelines for data confidentiality. Encrypt sensitive files. ... . Manage data access. ... . Physically secure devices and paper documents. ... . Securely dispose of data, devices, and paper records. ... . Manage data acquisition. ... . Manage data utilization. ... . Manage devices.. How can we protect privacy from subjects?Breach of confidentiality is a potential risk of participating in research. To protect participants' confidentiality, you should encrypt computer-based files, store documents (i.e., signed consent forms) in a locked file cabinet and remove personal identifiers from study documents as soon as possible.
What are some ways to maintain and ensure privacy and confidentiality?How to Protect Client Confidentiality. Use a secure file-sharing and messaging platform. ... . Store Physical Documents in an Environment with Controlled Access. ... . Comply with Industry Regulations (SOC-2, HIPAA, PIPEDA) ... . Host Routine Security Training for Staff. ... . Stay Alert of New Security Threats.. What is an appropriate method for maintaining confidentiality of private information obtained from human subjects?What is an appropriate method for maintaining confidentiality of private information obtained from human subjects? Keeping data in a password-protected database. Storing data in a secured cabinet. Coding data or specimens and keeping the key to the code in a separate location.
|