Security should be considered at beginning of study, otherwise it can cause delays in research project.
HIPAA and patient privacy
Do any of your projects involve PHI?
PHI needs to be encrypted in transit and ideally at rest.
Do your projects involve building or using systems that require sign-in? If your project requires participation by multiple institutions, is this accounted for by these systems?
What are the plans for keeping up-to-date on security patches and updates for tech stack.
How will patient consent be collected; does the consent form take into account where your data will live, and what data is collected. How are you collecting and tracking data about which patients signed which versions of the consent? If there are options within the consent, where are these digitally tracked?
IRB: Technology solution must be inline with Study protocol and IRB documentation.
Good news! These can be updated for a study.
Security Review: Systems generally have to have a security review.
Internally developed research systems as well as contracted solutions and third party services.
If not done at beginning of study, can cause delays in research project.
Security should be considered at beginning of study, otherwise it can cause delays in research project.
HIPAA and patient privacy
Do any of your projects involve PHI?
Do your projects involve building or using systems that require sign-in? If your project requires participation by multiple institutions, is this accounted for by these systems?
What are the plans for keeping up-to-date on security patches and updates for tech stack.
How will patient consent be collected; does the consent form take into account where your data will live, and what data is collected. How are you collecting and tracking data about which patients signed which versions of the consent? If there are options within the consent, where are these digitally tracked?
IRB: Technology solution must be inline with Study protocol and IRB documentation. Good news! These can be updated for a study. Security Review: Systems generally have to have a security review. Internally developed research systems as well as contracted solutions and third party services. If not done at beginning of study, can cause delays in research project.