|
|
|
|
|
|
Is this a new request form or a change to an existing form? | If this is a new project and you have never submitted a Data Protection Request
form for the project:
Select: New Request Form If this is an existing project that you have received a Data Protection Certificate for: Select: Change to an Existing Form Be sure to review the instructions for submitting a modified Data Protection Request Form |
|
|
Enter the number from your most recent Data Protection Certificate | If Change to an Existing Form was selected, enter the Certificate number located in the upper right corner of the DP Certificate. The number can also be found by viewing your form here. |
|
|
Provide a summary of the changes | Indicate the items in the form that will change, personnel, data variables,
data source.
|
| General Information | This section is always displayed. | |
|
|
All | The questions in this section are considered self explanatory, further guidance is not needed here. |
| Data Information
Data Source |
This section is always displayed. | |
|
|
Does your project require two data sources where one includes
identifiable data from a WVU medical/dental record? |
If you will use multiple
data sources for your project, the University's concern is for how high
risk data (e.g., medical/dental records) will be stored, even if the other
source also includes
identifiers.
If the second data source is the collection data from participants, you will have the opportunity to select a collection method in the Data Storage Plan section. If the second data source is not data collection, use the high risk data storage plan you will select later in the form to store all of the data. Select Yes: If multiple data sources will be used and one of them is IDENTIFIABLE data from a WVU medical or dental record. If you will requested fully-deidentified data, select NO. In the next field displayed, enter information about the other data source(s). Then continue to the Data Source list and select Medical/Dental Records. Select No: If medical/dental records are not one your data sources or if multiple data sources will not be used. If you will use multiple data sources, select the source with identifiers if applicable and continue on. If none of the data sources have identifiers, select a source and continue on. |
| Indicate the source of the data. | Click here for a summary table of for data sources. | |
|
|
Source = WVU Medical/Dental Record
The following options are displayed: Fully De-identified Data Set Limited Data Set Data Set with Identifiers |
Use the definitions on the form to select the appropriate option.
NOTES:
|
|
|
Source = WVU HSC Approved Data/Biospecimen Repository
The following options are displayed: Fully De-identified Data Set Limited Data Set Data Set with Identifiers |
Use the definitions on the form to select the appropriate option. NOTES:
|
|
|
Source = Other WVU Data Source | Use this option for any other data source where the data originated at WVU. The data can include identifiers or not include them. (excludes medical/dental records, HSC repositories) |
|
|
Source = External Data Source | Use this option when the data is provided by an external sources. The source data can include identifiers or not include them. This source should be used for identifiable healthcare data from external entities. |
|
|
Source = Public Data Set | Use this source for data sets provide by the WVU Library and all public data sets. The data can include identifiers or not include identifiers such as phone books. Identifiers included in public data sets do not warrant additional data protection. |
|
|
Source = Data Collection (Anonymous) | Use this source if you will not collect identifiers from participants. Click here to review the list of identifiers. |
|
|
Source = Data Collection (Identifiable) | Use this source if you WILL collect identifiers from participants. Click here to review the list of identifiers. |
|
|
Select the WVU Entity to which your department belongs | This question is related to the WVU departments that are considered
HIPAA covered entities.
If your department is not on this list, it is not considered as a HIPAA covered entity, therefore collecting variables that are on the PHI list does not require compliance with HIPAA. |
|
|
Is Data Transfer/Sharing required for your project? | If you will receive data OR if you will transmit data to other entities as part of the project select the applicable option. |
|
|
Are there international components or involvement in the research? | Select YES if you know you have international components that will require
WVU Export Control review or if you are unsure.
Enter a brief description of the international activities. The WVU Export Control office will receive a notification and will contact you with any requirements within 1-2 business days. This approval will not delay the protocol approval, but could delay the research, plan accordingly. The approval does not need to be attached to the protocol. |
|
|
Will you be using software, services, communications products to collect data, samples, distribute surveys, or communicate with participants. | The list is specific to:
Collecting and storing data and directly communicating with participants remotely. The list linked in this question not mean to be an inclusive list of all research-related software. If you answer NO, notification will be sent to the appropriate staff and you will be contacted regarding next steps. This approval will not delay the protocol approval but could delay the research, plan accordingly. The approval does not need to be attached to the protocol. |
|
|
Will participants be compensated? | The University's product for research participant payment is
Vincent. There are situations where this solution cannot be used.
If you answer NO, you will be prompted with anther list oif products that have been pre-approved by the University. If none of of the approved options will work for your project, you will receive an email to begin the approval process for the unapproved payment method. This approval will not delay the protocol approval but could delay the research, plan accordingly. The approval does not need to be attached to the protocol. |
|
|
Do you plan to request the procurement of a new (not currently owned or approved by WVU) product or service for data storage and analysis? | If you answer YES, the Data Protection Certificate you receive upon approval
of your request, will include a link to the
University's procurement form.
This form is the starting point for the purchase of all unapproved technology products and services. This approval will not delay the protocol approval but could delay the research, plan accordingly. The approval does not need to be attached to the protocol. |
| Research Information | This section is displayed when identifiers are selected from the variable list in the form. |
|
|
|
Describe how the data will be used in your research/project? | Provide sufficient detail regarding how the data will be used. |
|
|
WVU Protocol Number (if available) | The protocol number may not exist, however if you started the submission and
have the number, enter it.
This form is required to be attached to the protocol for approval or acknowledgement. . |
|
|
Does the project have a funding source? | Provides information needed for agreements and to assess risk. Answer YES or NO. If YES, answer the subsequent questions that are displayed. |
| Data Use and Storage | This section is only displayed if identifiers were selected from the variable list. | The questions in this section are self-explanatory on the form and do not warrant further explanation. |
| HSC ITS Data Protection Plan Selection | This section is displayed when the source data is considered HIPAA-PHI or the department is a HIPAA covered entity. | Multiple options are displayed for approved data storage for HIPAA and non-HIPAA
data.
Review the plans and select multiple options as applicable. For questions contact Contact the HSC IT Service Desk at (304) 293-3631 or hsc_helpdesk@hsc.wvu.edu . |
| WVU ITS Plan Selection | This section is displayed when the identifiers selected from the variable list are either Research PII or Sensitive PII AND when the department is NOT a HIPAA covered entity. | If the data source includes identifiers from the
variable list that are considered to be
sensitive data as classified by the University, high-risk data storage options
are displayed. This includes biometrics data.
If the data source includes identifiers from the variable list that are considered research personally identifiable information (RPII), medium-risk data storage options are displayed. If the approved plans do not meet the needs of the project, multiple reviews and approvals will be required. Follow the prompts to explain the solution that is required and to attach approvals from the Academic IT Support staff and an approved purchase request. *The Data Protection Request From cannot be approved until the approvals and approvals for the new storage plan are complete. |
| Data Agreements | This section is displayed when the answer to the Data Sharing question above is NOT N/A. |
|
|
|
Are any of the following in place or pending? | If the answer is "Other" or "No Data Use Agreements in place or pending,
or unsure"
WVU OSP will receive a notification with the contents of the form
and contact you within 1-3 business days to determine requirements for data
agreements.
Answer the next set of questions displayed regarding any known policies and restrictions for the data and the IRB of Record. Other agreements in place such as CTAs and BAAs do not need to be provided or uploaded with the protocol. |
| Data Transfer | This section is displayed if there are No Agreements in place, pending are unsure is selected. | The questions in this section are either considered self explanatory or sufficient guidance is provided on the form. |
|
|
|
|
|
|
