Title
Office of Human Research Ethics SOP 1901: Information Security
1. Purpose
The University of North Carolina at Chapel Hill (UNC-Chapel Hill) has established standards and safeguards to protect patient’s information and to ensure compliance with federal and state information security regulations.
2. Procedure
It is the responsibility of investigators to familiarize themselves with and comply with these standards. The use of personal laptops, desktops, portable/USB drives, and other non-UNC- Chapel Hill devices for storage of research data is discouraged. In the instances when a non UNC-Chapel Hill computer or device must be used for the purposes of storing, even temporarily, or transmitting PHI or PII (Personally Identifiable Information) for research, the safeguards of the device must be verified by the person within the department who is responsible for data security. Additionally, all potential or known breaches of research data must be immediately reported to the IRB so that appropriate steps can be taken to assess the situation, protect the information, and comply with regulations. Lost or stolen the UNC-Chapel Hill devices containing research data must also be reported to the IRB.
Provisions for Data Security must be described in applications to the IRB and updated as necessary. When information containing direct identifiers such as Social Security numbers or PHI including data considered sensitive is to be transferred outside of the institution, the provisions for data security may be subject to further review and approval by the by School IT Directors (also the Information Security Liaison) in consult with ITS Security.
In the event of a security breach, as defined by the University’s “Data Security Breach Protocol”, the matter must be reported immediately to the Information Technology Resources Center at 919-962-HELP or Campus Police at 919-962- 8100, as specified in the Protocol.
See the UNC-Chapel Hill Policies on Patient Privacy and Information Security for further information: http://its.unc.edu/about-us/how-we-operate/
Contact Information
Policy Contact
Name: Carley Emerson
Title: Director
Unit: Office of Human Research Ethics (OHRE)
Email: carley_emerson@unc.edu