SOP106: Privacy

  1. Summary

    A Subject's identity must not be publicly revealed. Data acquired from a Subject should not be coded with personal identifiers.

  2. Scope

    These policies apply to all investigators, research assistants, and MRI operators who conduct studies at the BIAC research scanners.

  3. Definitions

    • Subject - An individual who is participating in an experimental protocol at BIAC and has not taken the BIAC safety course.

    • Experimenter - The investigator, research assistant, or MRI operator who is responsible for the subject and conducting the experiment.

  4. Policies and Procedures

    The law regarding the protection of patient privacy is evolving. Investigators need to stay current with the law, and should be particularly aware of regulations found within the Health Insurance Portability and Accountability Act of 1996. HIPAA mandated regulations that govern privacy, security, and electronic transactions standards for health care information, and many of these regulations will apply to medical research. Investigators have a responsibility to stay informed about HIPAA regulations and how they may impact the electronic storage and transmission of research MRIs and other data.

    The BIAC maintains a secure, password-protected database that contains the names, exam numbers, and protocols for all Subjects run on the BIAC scanners. The web scheduling calendar is the investigator's interface to this database, and the calendar is the main entry form. With the exception of the director of BIAC and key personnel authorized to maintain the database, no one can view the records of a particular investigator's protocol except those authorized by that same investigator.

    Procedures to protect a research Subject's privacy:

    1. The Experimenter must ensure the confidentiality of the consent form and screening form documents. For example, public knowledge that an individual participated in a study of depression or of substance abuse might adversely affect the Subject and would be a violation of his or her privacy. These documents should never be left in plain sight, and must be stored in a locked cabinet.

    2. The Experimenter must ensure that Subjects' names are not stored in the GE data headers since these appear in plain text within the file. BIAC recommends that the Subject ID generated within the password-protected database described above be entered into the Subject name field on SIGNA. This numeric ID is thus the only link between the data and the Subject's identity.

    3. The Experimenter must not store unencrypted or plain text files containing Subjects' names on any computer that is connected to a computer network, or on an unsecured personal computer.

    4. The Experimenter must not identify the Subject by name or other personal identifier in any publication or presentation of his or her research.