Skip to main content

Operational Research Data

The Research Office provides the following guidance related to the data used, collected, or transmitted during the conduct of research at WVU.

Note that products used for data storage, transmission, collection are approved and provided by the WVU ITS departments. New products must be purchased and approved using the WVU standard process.

WVU Policy

WVU policy related to information security, privacy and data classification. If additional information is needed, contact the WVU Information Security Office.


WVU Classifications for Identifiable Research Data

How identifiable research data is classified at WVU. 

For human subjects research use the Research Data Protection Request Form to automatically receive a determination of the classification for your research data BEFORE submitting an INITIAL protocol application or requesting a data agreement from OSP.


Data Collection

A list of approved software for collecting identifiable research data directly from research participants. Identifiable means that the researcher knows the identity of the participant at the time the data was collected. Data can later be de-identified for publication and other purposes, however this is considered as Data Collection- Identifiable. Use of data collected by a secondary source is not considered data collection. 

For human subjects research use the Research Data Protection Request Form to automatically receive a determination of the classification for your research data BEFORE submitting an INITIAL protocol application or requesting a data agreement from OSP.


Data Storage

Storage options for data classified as sensitive under WVU policy are listed below. If your research requires storage that is not listed here, please send an email to researchdataprotectionsupport@mail.wvu.edu.

For human subjects research use the Research Data Protection Request Form to automatically receive a determination of the classification for your research data BEFORE submitting an INITIAL protocol application or requesting a data agreement from OSP.


Data Agreements

Depending on the type of research and the data requirements, a Data Use Agreement may be needed to transmit data in/out of the institution or share PHI (HIPAA) or other types of sensitive or identifiable data with other entities

For human subjects research use the Research Data Protection Request Form to automatically receive a determination of the classification for your research data BEFORE submitting an INITIAL protocol application or requesting a data agreement from OSP


Data Protection Request Form

Information about the WVU Research Data Protection Form. WVU provides this automated form to assist the researcher with the following steps in safeguarding the data during the conduct of Human Subjects Research and efficiently obtaining required approvals. 

The automated form will:

You will receive a Data Protection Certificate within minutes for Low and Medium Risk Data or for high-risk data it may take 3-6 days for approvals to be complete to receive the Data Protection Certificate. Approvals for software, international components and data agreements will be completed separately and may take additional time depending on the request. We ask that you plan accordingly when beginning your project. The Data Protection Certificate must be attached to the INITIAL protocol submission for human subjects research. Approvals for software, participant payment methods, data agreements can be uploaded when received.


WVU Data and Information Security Policies

Data Storage

Based on risk, the currently approved storage plans are:

Low Risk - WVU/HSC

The research does not include collecting, using, or transferring identifiable data. You may collect and/or store project data using the following technology solutions:

Approved Storage/Technology

WVU Qualtrics, RedCAP, or HSC Qualtrics may be used for collection of information

Medium Risk - WVU

The research includes the collection or use of personally identifiable information by a WVU Non-Covered Entity (Defined as Research PII and considered CONFIDENTIAL according to WVU policy)

Approved Storage/Technology:

WVU Qualtrics, RedCAP, or HSC Qualtrics may be used for collection of information 

High Risk - Sensitive Data (PHI)

The research includes the use or collection of HIPAA Protected Health Information

HSC ITS Approved Storage/Technology

HSC Plan A - WVU HSC Managed Network Server
Requirements

HSC Plan B - HSC VDI

Requirements

HSC Plan C - WVCTSI RedCap Server

Requirements

HSC Plan D - Oncore / Advarra

Clinical Trial management system

Requirements

Requirements are based on CRU policies.

HSC Plan E - HSC Qualtrics

Requirements

HSC Plan F - Sponsor's Database

Requirements

HSC Plan G - HSC SharePoint

Requirements

Pursuant to the Sensitive Data Protection Standard, Sensitive Data requires strict data protections. The use of unapproved technology solutions such as GoogleDrive, University OneDrive/SharePoint, Dropbox, SurveyMonkey, or Wufoo is not approved and should never be used to interact with study participants.