Research Compliance

Overview:


Regardless of where or in what form (paper, electronic or otherwise) research data is stored, researchers are responsible for ensuring proper protection, including compliance with our BU Data Protection Standards (see link below).

BU reviewed and cleared Storage Options:

BU reviewed and cleared Apps:

BU REDCap

  • HIPAA compliant for both BU and BMC
  • Robust and powerful survey tool.
  • Can be used to send videos and brief messages to research subjects via email.
  • For an additional cost, Twilio can be used to send surveys and messages by text messages.
  • Surveys can be simple as one question, to extremely advanced.
  • You can also schedule reminders for surveys.
  • Has built-in scheduling module and project calendar.
  • You can access more information about the application at:

BU Office 365

  • HIPAA compliant for BU
  • Can be used to share larger files with BU and non-BU collaborators.
  • We recommend that:
    • Research teams use SharePoint sites that can have multiple subsites.
    • Individual team members use OneDrive to share files and folders, even with non-BU collaborators.
  • Office 365 provides the following HIPAA compliant services:
    • OneDrive, SharePoint, Teams, Power Apps, Power BI, Access Online, Bookings, Dynamics, Flow, Forms, Graphs, InTune, MyAnalytics, Office Delve, Office Online, Planner, Power Apps, Project Online, StaffHub, Stream, Sway, To-Do for Web, Video, Whiteboard, Yammer
  • NOTE: This is a BU managed service provided by Microsoft.
  • You can access more information about the application at:

BU Teams

  • HIPAA compliant for BU
  • Can be used for communication within research subjects.
  • A link can be sent to any email address.
    • Does not have to be a BU email.
  • NOTE: This is a BU managed service provided by Microsoft.
  • You can access more information about the application at:

BU Zoom

  • Can be used for collaboration and meetings.
  • We have two types of accounts:
    • Standard
    • HIPAA – it cannot record or transfer data (HIPAA compliant for BU).
  • NOTE: This is a BU managed service provided by Zoom.
  • You can access more information on the application at:

BU Data Motion

  • HIPAA compliant for BU
  • It secures emails containing Restricted Use data.
  • There is a normal data transfer amount but you can ask to increase it to 100 Mb.
  • NOTE: This is a BU managed service provided by Data Motion.
  • You can access more information on the application at:

BU Qualtrics

  • HIPAA compliant for BU
  • Simple survey tool for research and general purposes
  • NOTE: This is a BU managed service provided by Qualtrics
  • You can access more information about the application at:

BU Freezer Pro

  • HIPAA compliant for BU
  • Sample management tool for research purposes
  • You can access more information about the application at:

BU OnBase

  • HIPAA compliant for BU
  • OnBase is a full featured, fully integrated enterprise document management system for capturing, imaging, routing, managing, sharing, and archiving documents online.
  • NOTE: This is a BU managed service provided by OnBase.
  • You can access more information about the application at:

BU GoReact

  • HIPAA compliant for BU
  • Platform for recording and commenting on videos
  • NOTE: This is a BU managed service provided by GoReact.
  • Reach out to ithelp@bu.edu to be given access through Blackboard

BU Code42 Backup Service (formerly Known As Crashplan)

BU FileMaker

Apps not managed by BU:

Since these apps are not managed by BU, research project faculty and staff accounts need to be removed or disabled when they leave the project.

Asana

  • Can be used for project management.
  • Can not be used for restricted use data (confidential only).

Agile

  • Can be used for patient or research subject communication, usually for health reminders.
  • A coordinator must be appointed to complete quarterly access audits.

Monday

  • Can be used for team management and research subject communications.
  • If identifying patients using Monday (e..g, email, address) must use strong passwords and two-factor authentication.

Seqster 

  • Can be used to collect patient medical records from multiple sources (e.g., BMC or Partners Healthcare)
  • Allows the research subject to share all of their records with the research project.
  • Can also be used to replace the use of HIPAA authorization forms.

Sfax by Scrypt

  • HIPAA compliant for BU
  • Electronic faxing service

Wellpepper

  • It is an exercise tracker to engage and connect with patients and research subjects.
  • It can be used for Restricted Use data if passwords are changed every 3 months.

Washington University in St. Louis REDCap

  • The use and collaboration with other researchers must be approved by the Institutional Review Board.
  • It has the same features as the BU REDCap.

    Services not managed by BU:

    Daily Transcription

    • HIPAA compliant for BU
    • Transcription services

    Interpreters and Translators

    • HIPAA compliant for BU
    • Interpretation, Translation and Transcription services

    Consulting Services:

    In addition to security reviews, we offer consultation for security related questions. To engage us, contact us here.