Research Compliance

Overview:


Regardless of where or in what form (paper, electronic or otherwise) research data is stored, researchers are responsible for ensuring proper protection, including compliance with our BU Data Protection Standards (see link below).

BU reviewed and cleared Storage Options:

BU reviewed and cleared Apps:

BU REDCap

  • HIPAA compliant
  • Robust and powerful survey tool.
  • Can be used to send videos and brief messages to research subjects.
  • Surveys can be simple as one question, to extremely advanced.
  • You can also schedule reminders for surveys.
  • Has built-in scheduling module and project calendar.
  • You can access more information about the application at:

BU Office 365

  • HIPAA compliant
  • Can be used to share larger files with BU and non-BU collaborators.
  • We recommend that:
    • Research teams use SharePoint sites that can have multiple subsites.
    • Individual team members use OneDrive to share files and folders, even with non-BU collaborators.
  • Office 365 provides the following HIPAA compliant services:
    • OneDrive, SharePoint, Teams, Power Apps, Power BI, Access Online, Bookings, Dynamics, Flow, Forms, Graphs, InTune, MyAnalytics, Office Delve, Office Online, Planner, Power Apps, Project Online, StaffHub, Stream, Sway, To-Do for Web, Video, Whiteboard, Yammer
  • NOTE: This is a BU managed service provided by Microsoft.
  • You can access more information about the application at:

BU Teams

BU Zoom

  • Can be used for collaboration and meetings.
  • We have two types of accounts:
    • Standard
    • HIPAA – it cannot record or transfer data
  • NOTE: This is a BU managed service provided by Zoom.
  • You can access more information on the application at:

BU Data Motion

  • HIPAA compliant
  • It secures emails containing Restricted Use data.
  • There is a normal data transfer amount but you can ask to increase it to 100 Mb.
  • NOTE: This is a BU managed service provided by Data Motion.
  • You can access more information on the application at:

BU Qualtrics

  • HIPAA compliant
  • Simple survey tool for research and general purposes
  • NOTE: This is a BU managed service provided by Qualtrics
  • You can access more information about the application at:

BU Freezer Pro

  • HIPAA compliant
  • Sample management tool for research purposes
  • You can access more information about the application at:

BU GoReact

  • HIPAA compliant
  • Platform for recording and commenting on videos
  • Reach out to ithelp@bu.edu to be given access through Blackboard

Apps not managed by BU:

Since these apps are not managed by BU, research project faculty and staff accounts need to be removed or disabled when they leave the project.

Asana

  • Can be used for project management.
  • Can not be used for restricted use data (confidential only).

Agile

  • Can be used for patient or research subject communication, usually for health reminders.
  • A coordinator must be appointed to complete quarterly access audits.

Seqster 

  • Can be used to collect patient medical records from multiple sources (e.g., BMC or Partners Healthcare)
  • Allows the research subject to share all of their records with the research project.
  • Can also be used to replace the use of HIPAA authorization forms.

Wellpepper

  • It is an exercise tracker to engage and connect with patients and research subjects.
  • It can be used for Restricted Use data if passwords are changed every 3 months.

Washington University in St. Louis REDCap

  • The use and collaboration with other researchers must be approved by the Institutional Review Board.
  • It has the same features as the BU REDCap.

    Apps we are reviewing:

    WhatsApp

    • Our ongoing review of WhatsApp indicates communication between you and your contact is encrypted. So neither Facebook, WhatsApp, or a third party can see your communication.
    • PLEASE BE AWARE, WhatsApp, Facebook, and third parties have access to personal information on phones used by your research subjects. This should be noted in the research consent form.

    Twilio

    • NOTE: If you want to know more about this app, send an email to bumcinfosec@bu.edu.

    Consulting Services:

    In addition to security reviews, we offer consultation for security related questions. To engage us, contact us here.