Forum Rules:
- Be courteous and respectful.
- Ask questions and discuss topics of interest.
- Share your knowledge and experiences.
- Create connections and a sense of community.
Our IRB has seen an increase in investigator-initiated studies that are utilizing wearables, phone apps, algorithms, etc where data may be going out of the research/academic institution (e.g. Apple watch, or third-party phone app). Most studies are minimal risk, with data privacy considerations being the primary risk. We are benchmarking how institutional IRBs are reviewing similar studies and navigating any institutional requirements that may fall outside of the IRB purview (e.g. IT security or privacy/security office). We are specifically interested in how institutions navigate data privacy considerations for research studies where there will not be a contract in place with outside company (e.g. Apple, FitBit).
-What information is required for IRB review?
-How does the IRB handle the data privacy risks? e.g. disclosing in the consent form or utilizing required template language? Template language?
-Does the institution have specific requirements for reviews outside of IRB related to data privacy and security? If so, does that review occur in parallel with IRB? Before IRB review?
-Does the institution make the decision on whether the study can be conducted based on the data privacy risks?
Any policies or procedural information you can share would be greatly appreciated!
Thank you,
Lisa Schaffer
lisa.schaffer@louisville.edu
