Skip to main content

Webinar: (2015-02) Data Security Incidents: the Role of IRBs and Information Security

Breaches of confidentiality and other data security incidents are some of the major risks associated with social, behavioral, and educational research (SBER) with human subjects. Research that involves using protected health information regulated by the Health Insurance Portability and Accountability Act (HIPAA) raises the stakes even more. The proliferation of data exchanged through cloud services, websites, and email has made it easier for accidents to occur and hackers to capture data. Federal and state laws have established harsh penalties for security failures and, indirectly, for poor responses to breaches.

The potential for data security incidents in research with human subjects requires institutional review boards (IRBs) to work closely with information security experts both to prevent these types of incidents and, if they do occur, to respond effectively to meet the strict reporting requirements. Regulators look closely at an institution’s response to data security incidents, including the quality of the analysis of the event and the institution’s efforts to mitigate further incidents. (Presented on February 26, 2015)

In this webinar, experts in information security and research ethics explained reporting requirements and regulatory definitions, define the roles of the IRB and information security department, and describe procedures to coordinate response to security breaches. These procedures can ensure timely reporting by researchers, prompt response by information security and/or the IRB, accurate documentation, and prevention of additional incidents.

What Will I Learn?

By the end of this intermediate-level webinar, participants were able to:
  • List the information that study protocols should include to facilitate incident response
  • Classify common types of incidents based on regulations governing human subjects research and information security
  • Identify roles of IRBs and information security and determine courses of action in reporting data security incidents
  • Form effective working relationships between the data security department and the IRB

Who Should Attend?

IRB chairs, members, administrators, and staff who review SBER protocols and other protocols that involve sensitive data (e.g., data covered by HIPAA), as well as institutional officials, compliance personnel, and investigators benefited from this session.

Continuing Education
Webinar participants holding the Certified IRB Professional (CIP®) credential may apply 1.5 continuing education credits towards CIP recertification. Learn More »

Access Interval
Access to purchased content will be available for 90 days after the date of purchase. After 90 days, access to the content will be removed, but users will retain access to any certificates of attendance earned. Content purchased prior to January 1, 2021 will remain available indefinitely. After access has expired, users can purchase an additional 90 days of access.

If you'd prefer a paper form, please click here. Please send the completed form to