Data Security & eIRB Tips & TricksSchool of Nursing Office of Research Affairs
Brown Bag Series
Denise Snyder, MS, RD, CSO, LDN Director, Research Management Team (RMT)
Research Practices Manager, SON Site Based Research (SBR)
SBR Functions
• Responsible for the integrity, financial accountability, regulatory compliance, quality, and academic productivity of the projects conducted in their groups
• Provide day-to-day management of site-based research activities including:– Feasibility assessment of potential studies– Study selection decisions– Personnel management (hiring/supervision) of non-
faculty research staff– Protocol-specific training and study execution– Financial management
• Privacy is about protecting the person
• Confidentiality is about protecting the private information (DATA) you collect or access
How do Privacy and Confidentiality Differ?
PHI – 18 Identifiers
• Names • All geographic subdivisions smaller than a state, including:
street address, city, county, precinct, ZIP Code, and their equivalent geographical codes, except for the initial 3 digits of a ZIP Code if, according to the current publicly available data from the Bureau of the Census
• All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older
• Telephone Number • Fax Number • E-mail Address • Social Security number
PHI – 18 Identifiers
• Medical Record number • Health Plan Beneficiary number • Account numbers • Certificate/License number • Vehicle Identifiers and Serial numbers (including license
plates) • Device identifiers and Serial numbers • URL Address • IP Address • Biometric identifiers, like fingerprints and voiceprints • Full-face Photos and Any Comparable Images • Any other unique identifying number, characteristic or code
Data Security – What does it mean?
• Securing systems & data behind the Duke firewall (HIPAA compliance)
• Scheduled backups (prevent loss of valuable data)
• Email communications (more than just password protection of your email –email within Duke vs. leaving Duke)
• Partnering with your IT department(ensuring your data collection and storage methods conform to the HIPAA and institutional guidelines)
Know Your Data
• What are you storing? • Do you have IRB approval for storing it?• Where are you storing data? • How do you send/transfer/transmit it? • What systems or software are you using to collect
data – where are they located?• Who has access to your data? What are they
permitted to have access to?• Who can administer your data? Only the PI or a
chosen administrator can approve/ rescind access
Keep Data Where it’s Safe
• Secure server (SED-PHI or Limited Access)
• Secure network (Duke is secured – your desktop and laptop are not)
• Secure remote access (VPN or Citrix)
• Paper files should be stored in a locked cabinet in a locked room
• Never keep identifiable subject data on a laptop or a flash drive, desktop or any other portable media (unless it is encrypted by CITDL or an IRONKEY flashdrive)
Sensitive Electronic Information – check the box, it will prompt the recipient for a password that they will set up and it takes them to a secure mail area to pick up the message.
Data Collection Tools
• Password encryption on MS Access or Excel is not HIPAA compliant (use SED folder)
• REDCap – Electronic Data Capture database• Survey tools – do not use Survey Monkey for any
sensitive electronic information (name, etc)• Survey monkey is not backed up or stored behind
the Duke firewall• Alternative survey tools –
– Viewsflash (requires knowledge of html)– REDCap Survey (coming soon – undergoing validation &
testing)
REDCap Electronic Data
• Suitable for research projects with low to medium-low complexity data collection requirements
• Targeting researchers currently using spreadsheets or MS Access to store data
• Advantages:– System and data security– Scheduled data backups– HIPAA Compliance – Web based access– Knowledgeable support (RMT & DTMI)
REDCap Survey
• Designed to collect study participant self-report outcomes
• Survey results can be exported to MS Excel or a variety of statistical analysis packages
• Links to a survey may be distributed via e-mail or posted to a web page
• Responses may be kept anonymous or tracked by individual
First step – log in
MyHome – Workspace for …Do you have dual roles (dept reviewer +
study personnel)?– “Current Workspace” tells you what hat you are wearing.
MyHome – Items in Presubmission
New Study Application (submitting a new study)NEW
STUDY
All Other Studies – PI or Key Personnel
Approved Studies
Current Status of Study
“Create New” or “Actions Available”
Expiration Date Approval – initial review
View Study
Use these tabs to look at information related to
this study
Study Documents
Choose amendment that you want to view
Status of Amendment #9
View Amendment #9
View Current Approved Study
View Modified Study (changes made during the
amendment)
Select the most recent continuing renewal (CR#) to pull your approval
notice-click [view]
Expiration dates – you can find your current expiration date on your CR
and in your original study workspace
For NEW studies…
If research is done at Duke (this can be at
SON, in DUHS, in clinic etc), select yes,
otherwise choose no (e.g. receiving
deidentified data from another site – such as UNC – nothing is done
here).
For NEW studies…exempt or those requiring review – all studies belonging to SON SBR should check YES to: Does this study require SBR oversight for any other reason?
Studies – In Progress – A Submission that I’m working on
Status of In Progress Study
View/Edit Study – to continue to work on your new study
prior to submission
Actions Available – important to choose submit when you are ready
for it to go to Dept Review/IRB
Here’s a shortcut to jump through to specific pages
Choose Regular Study Application unless you think your study meets exemption
These gray boxes give instructions and
links to forms
Upload research summary here – when adding New
documents choose “Add” –when you are amending or
making changes to the current document, you should use
“Edit” and indicate those edits by track changes -
When you select “Edit” – this box pops up allowing you to “browse” to find the file you
want to upload in this document’s place
Making changes to key personnel
This button is used for changing key personnel’s role on the study or edit
rights for eIRB
To add new key personnel or remove people who’ve
moved on – choose Personnel Change Request
eIRB Homepage
Forms-download current renewal forms, consent
templates, etc
MyHome – your study workspace
Important links & information
• DUSONnet – IT tools→NewFolder/Accesshttps://dusonnet.nursing.duke.edu/it-support/
• Duke IRB main page – policies, contactshttp://irb.mc.duke.edu
• Duke eIRB page – all study paperwork is managed herehttps://eirb.mc.duke.edu
• HRPP (CITI) traininghttp://www.citiprogram.org/
Thank you!
Contacts for questions:• Denise Snyder (SBR– Research Practices)
• Leslie Fife (SON ORA Administrator)[email protected]
• Glenn Setliff (Director, CITDL)[email protected]
• Scott Neal (Data Security –CITDL)[email protected]
• Kasie Barrett (SON IRB Specialist)[email protected]