Breaches of confidentiality and other data security incidents are some of the major risks associated with social, behavioral, and educational research (SBER) with human subjects. Research that involves using protected health information regulated by the Health Insurance Portability and Accountability Act (HIPAA) raises the stakes even more. The proliferation of data exchanged through cloud services, websites, and email has made it easier for accidents to occur and hackers to capture data. Federal and state laws have established harsh penalties for security failures and, indirectly, for poor responses to breaches.
The potential for data security incidents in research with human subjects requires institutional review boards (IRBs) to work closely with information security experts both to prevent these types of incidents and, if they do occur, to respond effectively to meet the strict reporting requirements. Regulators look closely at an institution’s response to data security incidents, including the quality of the analysis of the event and the institution’s efforts to mitigate further incidents.
In this webinar, experts in information security and research ethics explained reporting requirements and regulatory definitions, define the roles of the IRB and information security department, and describe procedures to coordinate response to security breaches. These procedures can ensure timely reporting by researchers, prompt response by information security and/or the IRB, accurate documentation, and prevention of additional incidents.
What Will I Learn?
By the end of this intermediate-level webinar, participants were able to:
- List the information that study protocols should include to facilitate incident response
- Classify common types of incidents based on regulations governing human subjects research and information security
- Identify roles of IRBs and information security and determine courses of action in reporting data security incidents
- Form effective working relationships between the data security department and the IRB
Who Should Attend?
IRB chairs, members, administrators, and staff who review SBER protocols and other protocols that involve sensitive data (e.g., data covered by HIPAA), as well as institutional officials, compliance personnel, and investigators benefited from this session.