2015 Webinar - Data Security Incidents

Webinar Archives - Members  Webinar Archives - Non-Members


Breaches of confidentiality and other data security incidents are some of the major risks associated with social, behavioral, and educational research (SBER) with human subjects. Research that involves using protected health information regulated by the Health Insurance Portability and Accountability Act (HIPAA) raises the stakes even more. The proliferation of data exchanged through cloud services, websites, and email has made it easier for accidents to occur and hackers to capture data. Federal and state laws have established harsh penalties for security failures and, indirectly, for poor responses to breaches.

The potential for data security incidents in research with human subjects requires institutional review boards (IRBs) to work closely with information security experts both to prevent these types of incidents and, if they do occur, to respond effectively to meet the strict reporting requirements. Regulators look closely at an institution’s response to data security incidents, including the quality of the analysis of the event and the institution’s efforts to mitigate further incidents. 

In this webinar, experts in information security and research ethics explained reporting requirements and regulatory definitions, define the roles of the IRB and information security department, and describe procedures to coordinate response to security breaches. These procedures can ensure timely reporting by researchers, prompt response by information security and/or the IRB, accurate documentation, and prevention of additional incidents.

What Will I Learn?

By the end of this intermediate-level webinar, participants were able to:

  • List the information that study protocols should include to facilitate incident response
  • Classify common types of incidents based on regulations governing human subjects research and information security
  • Identify roles of IRBs and information security and determine courses of action in reporting data security incidents
  • Form effective working relationships between the data security department and the IRB

Who Should Attend? 

IRB chairs, members, administrators, and staff who review SBER protocols and other protocols that involve sensitive data (e.g., data covered by HIPAA), as well as institutional officials, compliance personnel, and investigators benefited from this session.


Teresa Doksum, PhD, MPH, is the director of research ethics and IRB chair at Abt Associates Inc. She is a health services researcher with more than 30 years of experience conducting social behavioral research and evaluation studies that involve primary data collection (e.g., surveys, interviews, focus groups) as well as analysis of medical records. She is a member of Abt’s Information Risk Management initiative, a cross-functional team that ensures employees and outside research partners have the tools, training, and resources required to protect sensitive information.  Along with information security expert Sean Owen, she has presented on this data security initiative at national conferences. She received her PhD from the Johns Hopkins University Bloomberg School of Public Health and her master’s from the University of California, Berkeley, School of Public Health.

Sean Owen, CISSP CAP, CRISC, is the director of the client cybersecurity center at Abt Associates Inc. and has more than 12 years of experience developing, assessing, and auditing security requirements and compliance for federal and commercial clients. He has held positions with KPMG, Department of Labor, Department of Energy, and Department of Commerce with a specialty in Federal Information Security Management Act (FISMA) compliance, certification and accreditation, Federal privacy requirements including Privacy Impact Assessment, and National Institute of Standards and Technology 800 series special publications. Mr. Owen currently serves as a member of Abt’s IRB and is a member of Abt’s Information Risk Management initiative. He holds the Certified Information System Security Professional (CISSP), Certified Authorization Professional (CAP), and Certified in Risk and Information Systems Control (CRISC) certifications.

Certificates of Attendance

Certificates of attendance will be made available at the conclusion of the webinar. To access the certificate, you must first complete the online evaluation. Such certificates are useful for obtaining continuing education (CE) credits (not Continuing Medical Education credits) from professional associations. Note that guidelines concerning CE credits may differ, and you should consult the appropriate professional association representative for further guidance.

If you would like to receive a certificate of attendance for a previous PRIM&R educational program, please email info@primr.org or call 617.423.4112, ext. 0.

CE Credit for Certified IRB Professional (CIP®) Recertification
Webinar participants holding the CIP® credential who wish to apply credits from this webinar toward CIP® recertification may submit the Certificate of Attendance they received upon completing the online evaluation as documentation of their participation. Participation in this 90-minute webinar counts as 1.5 CE credit hours.

For recertification by CE, CIPs must complete 30 documented hours of continuing education. At least 15 of the 30 hours must either carry credits issued by a recognized accrediting body or have received advanced recognition from the Council for Certification of IRB Professionals (CCIP). Credits from PRIM&R webinars have received such advance recognition, and may be counted towards these 15 hours. 

Additional information about CIP® recertification can be found here.