Data Security & eirb Tips & Tricks School of Nursing Office of Research Affairs Brown Bag Series

Transcription

1 Data Security & eirb Tips & Tricks School of Nursing Office of Research Affairs Brown Bag Series Denise Snyder, MS, RD, CSO, LDN Director, Research Management Team (RMT) Research Practices Manager, SON Site Based Research (SBR)

2 SBR Functions Responsible for the integrity, financial accountability, regulatory compliance, quality, and academic productivity of the projects conducted in their groups Provide day-to-day management of site-based research activities including: Feasibility assessment of potential studies Study selection decisions Personnel management (hiring/supervision) of nonfaculty research staff Protocol-specific training and study execution Financial management

3 How do Privacy and Confidentiality Differ? Privacy is about protecting the person Confidentiality is about protecting the private information (DATA) you collect or access

4 PHI 18 Identifiers Names All geographic subdivisions smaller than a state, including: street address, city, county, precinct, ZIP Code, and their equivalent geographical codes, except for the initial 3 digits of a ZIP Code if, according to the current publicly available data from the Bureau of the Census All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older Telephone Number Fax Number Address Social Security number

5 PHI 18 Identifiers Medical Record number Health Plan Beneficiary number Account numbers Certificate/License number Vehicle Identifiers and Serial numbers (including license plates) Device identifiers and Serial numbers URL Address IP Address Biometric identifiers, like fingerprints and voiceprints Full-face Photos and Any Comparable Images Any other unique identifying number, characteristic or code

6 Data Security What does it mean? Securing systems & data behind the Duke firewall (HIPAA compliance) Scheduled backups (prevent loss of valuable data) communications (more than just password protection of your within Duke vs. leaving Duke) Partnering with your IT department (ensuring your data collection and storage methods conform to the HIPAA and institutional guidelines)

7 Know Your Data What are you storing? Do you have IRB approval for storing it? Where are you storing data? How do you send/transfer/transmit it? What systems or software are you using to collect data where are they located? Who has access to your data? What are they permitted to have access to? Who can administer your data? Only the PI or a chosen administrator can approve/ rescind access

8 Keep Data Where it s Safe Secure server (SED-PHI or Limited Access) Secure network (Duke is secured your desktop and laptop are not) Secure remote access (VPN or Citrix) Paper files should be stored in a locked cabinet in a locked room Never keep identifiable subject data on a laptop or a flash drive, desktop or any other portable media (unless it is encrypted by CITDL or an IRONKEY flashdrive)

9 Sensitive Electronic Information check the box, it will prompt the recipient for a password that they will set up and it takes them to a secure mail area to pick up the message.

10 Data Collection Tools Password encryption on MS Access or Excel is not HIPAA compliant (use SED folder) REDCap Electronic Data Capture database Survey tools do not use Survey Monkey for any sensitive electronic information (name, etc) Survey monkey is not backed up or stored behind the Duke firewall Alternative survey tools Viewsflash (requires knowledge of html) REDCap Survey (coming soon undergoing validation & testing)

11 REDCap Electronic Data Suitable for research projects with low to mediumlow complexity data collection requirements Targeting researchers currently using spreadsheets or MS Access to store data Advantages: System and data security Scheduled data backups HIPAA Compliance Web based access Knowledgeable support (RMT & DTMI)

12 REDCap Survey Designed to collect study participant self-report outcomes Survey results can be exported to MS Excel or a variety of statistical analysis packages Links to a survey may be distributed via or posted to a web page Responses may be kept anonymous or tracked by individual

13 First step log in

14 MyHome Workspace for Do you have dual roles (dept reviewer + study personnel)? Current Workspace tells you what hat you are wearing.

15 MyHome Items in Presubmission

16 NEW STUDY New Study Application (submitting a new study) All Other Studies PI or Key Personnel

17 Approved Studies

18 Current Status of Study View Study Create New or Actions Available Expiration Date Approval initial review

19 Use these tabs to look at information related to this study

20 Study Documents

21

22 Choose amendment that you want to view

23 Status of Amendment #9 View Amendment #9 View Current Approved Study View Modified Study (changes made during the amendment)

24

25

26 Expiration dates you can find your current expiration date on your CR and in your original study workspace Select the most recent continuing renewal (CR#) to pull your approval notice-click [view]

27 For NEW studies If research is done at Duke (this can be at SON, in DUHS, in clinic etc), select yes, otherwise choose no (e.g. receiving deidentified data from another site such as UNC nothing is done here).

28 For NEW studies exempt or those requiring review all studies belonging to SON SBR should check YES to: Does this study require SBR oversight for any other reason?

29 Studies In Progress A Submission that I m working on

30 Status of In Progress Study View/Edit Study to continue to work on your new study prior to submission Actions Available important to choose submit when you are ready for it to go to Dept Review/IRB

31 Here s a shortcut to jump through to specific pages

32 Choose Regular Study Application unless you think your study meets exemption

33 These gray boxes give instructions and links to forms

34 Upload research summary here when adding New documents choose Add when you are amending or making changes to the current document, you should use Edit and indicate those edits by track changes - When you select Edit this box pops up allowing you to browse to find the file you want to upload in this document s place

35 Making changes to key personnel This button is used for changing key personnel s role on the study or edit rights for eirb To add new key personnel or remove people who ve moved on choose Personnel Change Request

36 eirb Homepage Forms-download current renewal forms, consent templates, etc MyHome your study workspace

37 Important links & information DUSONnet IT tools NewFolder/Access Duke IRB main page policies, contacts Duke eirb page all study paperwork is managed here HRPP (CITI) training

38 Thank you! Contacts for questions: Denise Snyder (SBR Research Practices) Leslie Fife (SON ORA Administrator) Glenn Setliff (Director, CITDL) Scott Neal (Data Security CITDL) Kasie Barrett (SON IRB Specialist)