RESEARCH DATA
The Research Office provides the following guidance related to the data used, collected, or transmitted during the conduct of research at WVU. Note that products used for data storage, transmission, collection are approved and provided by the WVU ITS departments. New products must be purchased and approved using the WVU standard process.
Click the button above for links to WVU policy related to information security, privacy and data classification. If additional information is needed, contact the WVU Information Security Office.
Click the button above for information how identifiable research data is classified at WVU.
For human subjects research use the Research Data Protection Request Form to automatically receive a determination of the classification for your research data BEFORE submitting an INITIAL protocol application or requesting a data agreement from OSP.
Data Collection
Click the button above for a list of approved software for collecting identifiable research data directly from research participants. Identifiable means that the researcher knows the identity of the participant at the time the data was collected. Data can later be de-identified for publication and other purposes, however this is considered as Data Collection- Identifiable. Use of data collected by a secondary source is not considered data collection.
For human subjects research use the Research Data Protection Request Form to automatically receive a determination of the classification for your research data BEFORE submitting an INITIAL protocol application or requesting a data agreement from OSP.
Data Storage
Click the button above for storage options for data classified as sensitive under WVU policy are listed below. If your research requires storage that is not listed here, please send an email to researchdataprotectionsupport@mail.wvu.edu.
- NIST 800-171: WVU will soon have approved cloud-based storage for NIST 800-171 data. Contact ResearchDataProtectionSupport@mail.wvu.edu.
- HIPAA Protection Health Information (PHI) - Storage Options are available from WVU Health Sciences ITS. HIPAA Identifiers
- Research Personally Identifiable Information (RPII) - Classified as confidential by the University - Storage options are available from WVU ITS. Research PII Identifiers
- Anonymous or data received as de-identified (the researcher will never know the identity of a participant)
Data Agreements
Depending on the type of research and the data requirements, a Data Use Agreement may be needed to transmit data in/out of the institution or share PHI (HIPAA) or other types of sensitive or identifiable data with other entities
For human subjects research use the Research Data Protection Request Form to automatically receive a determination of the classification for your research data BEFORE submitting an INITIAL protocol application or requesting a data agreement from OSPData Protection Request Form
Click the button above to review information about the WVU Research Data Protection Form. WVU provides this automated form to assist the researcher with the following steps in safeguarding the data during the conduct of Human Subjects Research and efficiently obtaining required approvals.
The automated form will:
- Classify the Identifiable Data According to University Policy
- Facilitate approvals for access to medical/dental records/PHI and approved storage
- Facilitate approval for storage plans (approved and unapproved)
- Facilitate review of international components, unapproved software, new technology
- Facilitate the review and approval of Data Use Agreements and other agreements by WVU OSP
WVU Data and Information Security Policies
BOG Governance Rule 1.11 - Information Technology Resources and Governance
Sensitive Data Policy (NIST, HIPAA-PHI)
Sensitive Data Protection Standard
HIPAA Hybrid Entity Designation Policy
WVU Office of Human Subjects Research SOPs
Data Storage
Based on risk, the currently approved storage plans are provided below:
Low Risk - WVU/HSC
The research does not include collecting, using, or transferring identifiable
data. You may collect and/or store project data using the following technology
solutions:
Approved Storage/Technology:
WVU Qualtrics, RedCAP, or HSC Qualtrics may be used for collection of information |
Medium Risk - WVU
The research includes the collection or use of personally identifiable information
by a WVU Non-Covered Entity (Defined as Research PII and considered CONFIDENTIAL
according to WVU policy)
Approved Storage/Technology:
WVU Qualtrics, RedCAP, or HSC Qualtrics may be used for collection of information |
High Risk - Sensitive Data (PHI)
HSC Plan A - WVU HSC Managed Network Server
This solution requires the following:
HSC Plan B - HSC VDI
This solution requires the following:
HSC Plan C - WVCTSI RedCap Server
This solution requires the following:
HSC Plan D - Oncore / Advarra Clinical Trial management system
This solution requires the following: Requirements are based on CRU policies.
HSC Plan E - HSC Qualtrics
The solution requires the following:
HSC Plan F - Sponsor's Database
This solution requires the following:
HSC Plan G - HSC SharePoint
Requirements:
|
Pursuant to the Sensitive Data Protection Standard, Sensitive Data requires strict data protections. The use of unapproved technology solutions such as GoogleDrive, University OneDrive/SharePoint, Dropbox, SurveyMonkey, or Wufoo is not approved and should never be used to interact with study participants. |