Bioethics Blogs

The Role of the IRB and Information Security

By Alexandra Shlimovich, webinar and publications specialist

On February 26, 2015, PRIM&R hosted a webinar titled Data Security Incidents: the Role of the IRB and Information Security. This topic was submitted by Teresa Doksum, PhD, MPH, and Sean Owen, CISP, CAP, CRISC, through the 2014 Call for Webinar Proposals. The potential for data security incidents in research with human subjects requires institutional review boards (IRBs) to work closely with information security experts to prevent these types of incidents and, if they do occur, to respond effectively to meet the strict reporting requirements. Topics covered during the webinar included reporting requirements and regulatory definitions, the roles of the IRB and information security department, and procedures to coordinate response to security breaches. Following a lively question-and-answer period at the conclusion of the webinar, Teresa and Sean kindly agreed to respond to some additional questions in writing to share with the readers of Ampersand.

1. Would you be willing to share your data security template?
Yes! You can download our guide with instructions for developing a detailed data security plan, along with sections you can copy/paste to create your own.

2. What procedures should be in place in case research data is confiscated by officials at international sites?
Study teams should always follow the local laws and contractual requirements of their international studies. If your data has been confiscated, you may be dealing with issues that are not security related, but potentially legal or contractual. If your computers or devices have been confiscated, you probably need to work with the customs or other authorities to get the devices released.

The views, opinions and positions expressed by these authors and blogs are theirs and do not necessarily represent that of the Bioethics Research Library and Kennedy Institute of Ethics or Georgetown University.