Office of Human Research Ethics SOP 1901: Information Security


Office of Human Research Ethics SOP 1901: Information Security

1. Purpose

The University of North Carolina at Chapel Hill (UNC-Chapel Hill) has established standards and safeguards to protect patient’s information and to ensure compliance with federal and state information security regulations.

2. Procedure

It is the responsibility of investigators to familiarize themselves with and comply with these standards. The use of personal laptops, desktops, portable/USB drives, and other non-UNC- Chapel Hill devices for storage of research data is discouraged. In the instances when a non UNC-Chapel Hill computer or device must be used for the purposes of storing, even temporarily, or transmitting PHI or PII (Personally Identifiable Information) for research, the safeguards of the device must be verified by the person within the department who is responsible for data security. Additionally, all potential or known breaches of research data must be immediately reported to the IRB so that appropriate steps can be taken to assess the situation, protect the information, and comply with regulations. Lost or stolen the UNC-Chapel Hill devices containing research data must also be reported to the IRB.

Provisions for Data Security must be described in applications to the IRB and updated as necessary. When information containing direct identifiers such as Social Security numbers or PHI including data considered sensitive is to be transferred outside of the institution, the provisions for data security may be subject to further review and approval by the by School IT Directors (also the Information Security Liaison) in consult with ITS Security.

In the event of a security breach, as defined by the University’s “Data Security Breach Protocol”, the matter must be reported immediately to the Information Technology Resources Center at 919-962-HELP or Campus Police at 919-962- 8100, as specified in the Protocol.

See the UNC-Chapel Hill Policies on Patient Privacy and Information Security for further information:

Contact Information

Policy Contact

Office of Human Research Ethics
CB 7097
720 Martin Luther King Jr. Blvd.
Bldg # 385, Second Floor
Chapel Hill, NC 27599-7097

Ph: 919-966-3113
Fax: 919-966-7879


Article ID: 132237
Thu 4/8/21 9:26 PM
Tue 10/31/23 1:20 PM
Effective Date
If the date on which this document became/becomes enforceable differs from the Origination or Last Revision, this attribute reflects the date on which it is/was enforcable.
07/21/2021 12:00 AM
Issuing Officer
Name of the document Issuing Officer. This is the individual whose organizational authority covers the policy scope and who is primarily responsible for the policy.
Issuing Officer Title
Title of the person who is primarily responsible for issuing this policy.
Vice Chancellor
Last Review
Date on which the most recent document review was completed.
07/21/2021 12:00 AM
Last Revised
Date on which the most recent changes to this document were approved.
07/21/2021 12:00 AM
Next Review
Date on which the next document review is due.
07/21/2025 12:00 AM
Date on which the original version of this document was first made official.
06/02/2017 12:00 AM
Responsible Unit
School, Department, or other organizational unit issuing this document.
Research-IRB and Human Research Ethics