Home / Division of Research / Research Integrity / Research Data Security / Internet Data Human Research

Research Integrity


Illustration of people

Internet-Based Human Subjects Research

Computer and internet-based research protocols must address the same risks (e.g., violation of privacy, legal risks, and psychosocial stress) and provide the same level of protection as other types of research involving human participants.

All studies, including those using computer and internet technologies, must:

  • 1. Ensure that the procedures fulfill the principles of voluntary participation and informed consent.
  • 2. Maintain the confidentiality of information obtained from or about human participants.
  • 3. Adequately address possible risks to participants.

Recruitment

One-way ads that do not involve direct communication with potential subjects (i.e. paid Facebook Ads), are reviewed according to existing IRB review policies. See IRBNET Library: Appendix 1a_ Basic Protocol Format and Reference 7 - Recruitment Flyer Template V.2.doc.

Recruitment material should include:
  • Principal Investigator's contact information.
  • Purpose of research.
  • Inclusion/exclusion criteria in summary form.
  • A brief list of procedures involved.
  • Details on how to enroll, including time as well as other required commitments (number of visits, total duration during follow-up visits, etc.).
  • Location of research and contact person for further information.

Database Storage and Disposal Recommendations

Social Media Posts

social media tree

When recruiting through social media please include the following in the IRB application:

  • The text of researcher-initiated posts and planned responses.
  • Ensure that the language used follows the language included under the recruitment section.
  • Clear description of the target population and rationale for targeting that population.
  • Specification of whether data will be collected as part of the recruitment process via social media.
  • Description of how you will communicate to potential subjects that information shared via social media is not secure.
  • Refer to the IRB-approved template language about privacy, confidentiality and social media in the IRBNet Library. 8
  • The method of communication (i.e. private Facebook messages), a plan for the frequency of messages, and the process for responding to incoming messages.
  • Specification of which study personnel will be in charge of communicating and monitoring the recruitment account as well as any procedures to monitor the activity of those personnel.
  • When using social media as recruitment strategy, use social media recruitment flier template in IRBNET Library. 9

Chat rooms/Discussion Boards/Text groups

Some study teams choose to recruit subjects through two-way communication via researcher-initiated social media accounts. This type of recruitment involves sustained and focused outreach to potential research subjects through direct messages on social media platforms (i.e. Facebook messages or Twitter direct messages).

Importantly, the IRB discourages study teams from establishing a social media account simply for the purposes of recruitment. The IRB will consider this approach to interactive recruitment for studies/researchers that have developed a well maintained, self-sustaining and highly-trafficked online presence

Recruitment of subjects online whether by email, chat room, discussion board, or others—must be guided by the level of privacy expected by participants. Online privacy expectations are very subjective and depend on the person/group and the nature of the information being obtained online. Some sites are “fully public” whereas others require user login or invitation by a site administrator. For instance, discussion boards (e.g., Google Groups, Facebook Groups, Linkedin, etc) may have multiple “administrators” who have more privileges than people who post. These administrators may be cautious about responding to requests for permission to analyze their discussion board posts.

Researchers must ensure they obtain appropriate permission from a website or discussion board administrator and include a copy of that approval in his/her IRB submission.

Electronic mail

warning sign

The websites of many professional societies often have guidelines for contacting (or not contacting) its members to participate in research, even if the members’ names/emails appear on that organization’s website.

When using a list of email addresses, please inform the IRB how you obtained the email list and if the organization owner of the email list has provided permission to use their email addresses.

If using email as a recruitment tool, the content of this email should include information about how the person was identified to be sent the email, what is involved if the person participates and an overview of any risks or potential benefits.

It should also let the person know how to inform someone if he or she wants to participate, not participate, or where to get answers to additional questions, and, of course, who is conducting the study and for what purpose. All scripts or guides that will be used for recruitment must have IRB approval prior to distribution.

art of signing document

Informed Consent in Internet-Based Research

Obtaining Consent

Informed consent is one of the fundamental principles of ethical conduct in human subjects research. It is mandated by Federal regulations 45 CFR 46.116 and 46.117, as well as 21 CFR Subpart B.

Obtaining consent for a research project is a PROCESS and not the act of simply signing a form. Whenever required by federal regulations, informed consent must be obtained and documented. The language of the consent must be designed in a way that will be understood by the age group as well as reading and comprehension level of the target audience.

Documenting Consent

Usually, consent is documented when the research participant signs a form. Other mechanisms include audio- or videotaping the subject’s agreement to participate. However, this is often difficult in internet-based/online research.

Under certain circumstances, for low risk studies, the requirement to document (obtain signatures or record the consent process) informed consent for online research activities can be altered or waived. See FAU IRB Policy “Waiver of Informed Consent” for guidance on this topic. 10

Excluding Minors Who Cannot Consent

Image of person at computer

People under the age of 18 cannot legally consent to participate in a research study. However, researchers recruiting from the internet cannot know the exact age of respondents. For this reason, it is best to limit online research studies to minimal risk research that would typically qualify for a waiver of parental consent under federal regulations (See section IV of FAU IRB policy “Children in Research” ) 11 unless you are able to authenticate the identity and age of your respondents through reliable means.

For internet research involving confidential and sensitive information, researchers must obtain written consent (on-line or hard copy) and within the studies procedure, include the proper methodology to verify the identity and age of the participant as well as to assure the security of the data.

Ensuring Understanding

When anyone who has access to the internet is a potential research subject, it may be difficult to ensure that he/she understands the consent information. One method of enhancing comprehension includes incorporating short questionnaires within the consent process to assess understanding of the information presented, and direct the subjects to additional explanatory material. Another method is to design and implement an interactive consent process tailored to the potential subjects’ characteristics or primary language.

Right to Withdraw

The principle of respect for persons requires that subjects be allowed to withdraw from a research study without negative consequences. Online survey instruments must explain at the outset what options are available, if any, for retrieving and discarding responses, and for some studies, it may be appropriate to provide a “no response” option for questions subjects may consider to be sensitive or intrusive.

Deception & Debriefing

The internet provides unique opportunities for conducting observational research in “private” settings. For example, a researcher can join a closed group (e.g. a “members only” chat room devoted to a mutual topic of interest) with relative ease to observe interactions among the members while concealing his/her identity. Such research can only be approved if the IRB determines that the deception is justified. Any research involving deception should have a plan for debriefing subjects, so they may learn about the research that occurred and have the opportunity to withdraw use of their data if they choose.



Electronic Data Collection

Research involving the collection of data about people from medical records, through social media or networking sites involves the same considerations as any other research with human participants.

These considerations include:

  • Determining an appropriate and effective informed consent process;
  • Assuring that participation is voluntary;
  • Protecting privacy and confidentiality of individuals and the data collected;
  • Minimizing risks and maximizing benefits; and
  • Assuring equitable selection of participants.

However, with the dynamic and evolving nature of norms and technologies in social media use, translating these principles into real practice can be challenging.

Please consider the following aspects when collecting electronic data:

Jurisdictional authority

  • On-line research id different geographical areas adds an additional level of complexity (researcher located in one area, participants in another (or multiple locations) and the data is stored in another location.
  • COPPA regulations

Authentication for internet-based research

  • Researchers should take steps to authenticate online research participants.

Survey Software

  • All surveys conducted at FAU should preferably be conducted using Qualtrics or REDCap. If researchers are interested in using other survey software OIT should review the software data security and purchasing process to assure they are following the appropriate university XXXXXXXXXXXXXXXXXX should this be "university guidelines.

Individual Identifiable Health Information (PHI) - HIPAA regulated

  • The FAU - HIPAA website provides information and guidance on the policies, procedures and forms related to HIPAA compliance at FAU: www.fau.edu/hipaa/.
  • Encryption: strongly recommended for PHI data.
The FAU - HIPAA website provides information and guidance on the policies, procedures and forms relat-ed to HIPAA compliance at FAU, see site here.Encryption: strongly recommended for PHI data. Individual Identifiable Health Information (PHI) - HIPAA regulated Jurisdictional authority On-line research in different geographical areas adds an additional level of complexity (research-er located in one area, participants in another (or multiple locations) and the data is stored in an-other location. COPPA regulations Authentication for internet-based research Researchers should take steps to authenticate online research participants. Survey Software All surveys conducted at FAU should preferably be conducted using Qualtrics or REDCap. . If researchers-ers are interested in using other survey software OIT should review the software data security and purchasing process to assure they are following the appropriate university channels.

When to use Qualtrics or Redcap?

QUALTRICS

Qualtrics logo

FAU now maintains a license for Qualtrics to conduct online surveys. All administrators, faculty, staff, and students have access to use the software using their FAU Net ID and password. All surveys conducted at FAU should now be conducted using Qualtrics at the site below. Qualtrics is a very common tool to conduct surveys, but is less secure. It CANNOT be used to collect PHI.

Surveys conducted at FAU require the approval of a dean or vice president, with certain limited exceptions. In addition, the survey will also need approval of the university’s survey research committee, led by the Assistant Vice Provost for Institutional Effectiveness & Analysis. Requests for such approval can be submitted to the committee by submitting a ticket using the Submit a Request button.

Surveys must also comply with the university policy on the administration of surveys and questionnaires.

If you have any questions related to creating a Qualtrics account and using this site please contact John Cahill at jcahill@fau.edu or by phone at 561-297-0244.

Source: helpdesk.fau.edu

REDCAP

Qualtrics logo

REDCap is a secure Research Electronic Data Capture service provided by the Office of Information Technology (OIT). Sponsored by the Division of Research, REDCap provides electronic data capture services to researchers, faculty, employees and students. REDCap is the choice recommended for electronic capture of PHI. Redcap is less common, but it is the secure alternative to collect PHI.

Human Subject Research

Studies requiring IRB approval will typically need to submit data collection instrumentation as part of the approval process. FAU – Office of Information Technology encourages users planning on using REDCap to design their instruments prior to requesting IRB approval as instrumentation changes typically do require re-authorization.

If a study meets the requirements for IRB review and approval such approval must be granted prior to the research project being published in REDCap. It is the responsibility to the researcher to obtain any and all approvals.

For more information about RedCap visit here.


Use of Mobile Apps in Research

FAU Researchers should seek expert IT review when purchasing a mobile app or building their own app for collection of data from research participants. If the app is commercially available, FAU central university purchasing needs to be part of the process to assure legal and data security review occurs. It is the researcher’s responsibility to understand known or potential risks of any downloaded app, whether free or at a cost and disclose those risks to study participants. App downloads frequently collect data stored or linked on the phone on which the app is installed. Researchers must clearly delineate such risks to participants. The “terms of service” of commercially available apps must be understood by the researcher utilizing the app and communicated to the study participants.

Copyright of Materials

In addition to the above mentioned security aspects, research instruments are often copyrighted. When obtaining a copy of the instrument(s) to be used in research, researchers should also ensure they obtain permission to use the instrument. If someone posts a published test or instrument without the permission of the copyright holder, he or she is violating copyright laws and could be legally liable. Contact the copyright holder in writing (print or email) to obtain permission to use a research instrument.

The person should be able to state in writing that they are indeed the copyright holder and that they grant you permission to use the instrument.



 Last Modified 6/15/17