Research and research data on and about people is highly regulated and must be handled with care. Privacy laws must be followed and if your research involves and is about living people, you must coordinate with the Office of Research Ethics and the Institutional Review Board (IRB) to obtain approval prior to starting your research. If you are unsure if your project needs oversight, the IRB provides resources to help you decide if IRB approval is required, and you can contact IRB staff with questions.

Human Subjects Research

Human subjects research must follow an approved Institutional Review Board (IRB) protocol which minimizes potential harm to subjects and ensures regulatory and ethical research considerations are met. Choices made during the development of the IRB protocol have a direct effect on what data is collected, how it is collected, what can be shared, who it can be shared with, how people can access it, and more. 

The Office of Research Ethics can help researchers create and follow IRB protocols that allows for legal and ethical data sharing.

Need help?

The Office of Research Ethics (ORE) has you covered.

 

Privacy Laws and Regulations

Health Data (HIPAA)

The Health Insurance Portability and Accountability Act (HIPAA), 45 CFR Part 160 and Part 164, Subparts A, C & E, controls the use and release of Electronic Private Health Information (e-PHI).

Privacy Act

The Privacy Act of 1974, 5 U.S.C. § 552a, governs the collection, maintenance, use and dissemination of information about individuals that is maintained in systems of records by federal agencies.

European Union General Data Protection Regulation (GDPR)

The European Union General Data Protection Regulation (GDPR) regulates the processing of personal data in any format of a living individual residing within the European Union (EU). “Processing” is any activity involving personal data, including holding and storing. See the university policy for Compliance with the European Union General Data Protection Regulation.

Student Data (FERPA and PPRA)

The Family Educational Rights and Privacy Act (FERPA) 34 CFR Part 99 and the associated Protection of Pupil Rights Amendment (PPRA) protects individual’s educational records and controls the information that can be gathered and released concerning students in US educational institutions. FERPA and PPRA impacts research carried out with students in K-12 and institutions of higher education.

Need Help?

The IT Security Team can help you safeguard your data.

This page is not intended to replace policy or consultation with the appropriate university offices.