Research Compliance

Overview:


Regardless of where or in what form (paper, electronic or otherwise) research data is stored, it remains the property of the University and researchers are responsible for ensuring proper protection, including compliance with our BU Data Protection Standards (see link below).

Information Security has reviewed and approved these data storage options.

BU reviewed and cleared Apps:

BU REDCap

  • HIPAA compliant
  • Robust and powerful survey tool.
  • Can be used to send videos and brief messages to research subjects.
  • Surveys can be simple as one question to extremely advance.
  • You can also schedule reminders for surveys.
  • Has built-in scheduling module and project calendar.
  • You can access more information about the application at:

BU Office 365 – SharePoint and OneDrive

  • HIPAA compliant
  • Can be used to share larger files with BU and non-BU collaborators.
  • We recommend that:
    • Research teams use SharePoint sites that can have multiple subsites.
    • Individual team members can use OneDrive to share files and folders.
  • NOTE: This is a BU managed service provided by Microsoft.
  • You can access more information about the application at:

BU Skype for Business

  • HIPAA compliant
  • Can be used for communication within research subjects.
  • A link is sent to whatever email address is provided.
    • Does not have to be a BU email.
  • NOTE: This is a BU managed service provided by Microsoft.
  • PLEASE NOTE: The meeting link might be intercepted by foreign entity or attacker. So verify the participants in the calls.
  • You can access more information about the application at:

BU Zoom

  • Can be used for collaboration and meetings.
  • We have two types of accounts:
    • Standard
    • HIPAA – it cannot record or transfer data
  • NOTE: This is a BU managed service provided by Zoom.
  • PLEASE NOTE: The meeting link might be intercepted by foreign entity or attacker. So verify the participants in the calls.
  • You can access more information on the application at:

BU Data Motion

  • HIPAA compliant
  • It secures emails containing Restricted Use data.
  • There is a normal data transfer amount but you can ask to increase it to 100 Mb.
  • NOTE: This is a BU managed service provided by Data Motion.
  • You can access more information on the application at:

BU Qualtrics

  • HIPAA compliant
  • Simple survey tool for research and general purposes
  • NOTE: This is a BU managed service provided by Qualtrics
  • You can access more information about the application at:

BU Freezer Pro

  • HIPAA compliant
  • Sample management tool for research purposes
  • You can access more information about the application at:

Apps not managed by BU:

Asana

  • Can be used for project management solutions.

Agile

  • Can be used for patient or research subject communication, usually for health reminders.
  • A coordinator must be appointed to complete quarterly access audits.

Wellpepper

  • It is an exercise tracker to engage and connect with patients and research subjects.
  • It can be used for Restricted Use data if passwords are changed every 3 months.

 

Apps we are reviewing:

WhatsApp

  • Our ongoing review of WhatsApp indicates communication between you and your contact is encrypted. So neither Facebook, WhatsApp, or a third party can see your communication.
  • PLEASE BE AWARE, WhatsApp, Facebook, and third parties have access to personal information on phones used by your research subjects. This should be noted in the research consent form.

Seqster, Telegram, Qlik, Twilio, QliqSoft, Spokeo

  • NOTE: If you want to know more about these apps, send an email to bumcinfosec@bu.edu.

Consulting Services:

In addition to security reviews, we offer consultation for security related questions. To engage us, contact us here.

Policy Resources:

The following links provide additional details related to University policy regarding HIPAA and data security in general.