The Penn IRB has released a new document outlining requirements for electronic data protection for research involving the use of directly-identifiable protected health information. A companion guide has also been developed that outlines key features of IRB-approved mechanisms for data storage and transmission that comply with the new requirements. Go to the "How to Submit - Initial" page of this website to download copies.
The IRB will be deferring to these requirements as of August 1, 2016.
All new submissions received after August 1, 2016 that involve the use of directly-identifiable electronic protected health information will be required to include data confidentiality plans that align with the requirements outlined in this new document. A description of your data confidentiality plan and how it aligns with these new requirements should be included in response to the “Subject Confidentiality” question in HS-ERA.
Please Note: Changes to the wording of this question in HSERA are in production to better align with the new guidelines, however the timeline for release has yet to be determined.
Please note that after the August 1, 2016 release date, the IRB support staff will be reminding all research teams working on studies that involve the use of directly –identifiable PHI to assess their current data protection plan to determine if modifications are needed. While a reminder note may be included in your continuing review approval letter, the IRB will not withhold or delay re-approval based on the current description of data protection plans.