Requirements for working with research data collected from human subjects

Indiana University's Human Research Protection Program (HRPP), consisting of the IU Human Subjects Office and campus Institutional Review Boards (IRBs), is responsible for protecting the rights and welfare of human research subjects at IU, and ensuring that IU researchers comply with all federal and state regulations and university policies governing the collection and use of research data collected from human subjects. The campus IRBs are responsible for reviewing and approving all research involving human subjects at IU. For information about federal and state regulations, IU policies, and requirements and responsibilities associated with research involving human subjects, see Guidance on the conduct of human subjects research.

New studies submitted for IRB review must include data management plans that include provisions for protecting the privacy of human subjects and maintaining the confidentiality of collected data. The Standard Operating Procedures' section on Confidentiality and Privacy defines the minimum requirements for protecting the confidentiality of human-subject data, and the circumstances under which protected health information (PHI) regulated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) may and may not be used or disclosed.

Principal investigators also must implement data retention, storage, and disposal protocols that protect the confidentiality of their human subjects while enabling reviews of their data by funding agencies supporting their projects and other researchers seeking to reproduce and test their findings. The Standard Operating Procedures' section on Data Management defines procedures for properly collecting, storing, sharing, and disposing of research data, and requirements for maintaining their security and integrity.

For more on requirements surrounding research involving human subjects, see the IU Human Subjects Office home page.

UITS provides consulting and online help for Indiana University researchers, faculty, and staff who need help securely processing, storing, and sharing data containing PHI. If you have questions about managing HIPAA-regulated data at IU, contact UITS HIPAA Consulting. For additional details about HIPAA compliance at IU, see HIPAA Privacy & Security on the University Compliance website.

This is document aklc in the Knowledge Base.
Last modified on 2018-05-03 13:33:02.

Contact us

For help or to comment, email the UITS Support Center.