Preparing your IRB Submission

image of a lock

In the IRB application protocol, researchers must address and describe the data security procedures of their collection and storage of data especially when working with data that is of higher risk to participants.

Researchers should consider using computer software to protect against malware, ensure that all software updates and patches are maintained, apply appropriate data collection, transmission and storage methods and collect only the data necessary to answer the research question. Storing de-identified data separately from codes so as to protect from re-identification is also a very important aspect for researchers to address.

Please refer to Florida Atlantic's OIT policies related to ensure compliance located here.

Data Management and Security Checklist

For Florida Atlantic – HIPAA Covered Entities, the IRB submission should be accompanied by the data management and Security Checklist. For research conducted in Colleges that are not HIPPA covered entities, Form -11 should be submitted.

For the IRB application:

▢ Researchers are encouraged to incorporate data security procedures in their research methodology and provide a detailed description of activities that research participants will perform that involve the use of electronic data.

▢  Researchers should provide the IRB with a data security plan that outlines how the data will be protected during collection, storage, transmission and destruction.

▢  The IRB will review the procedures and plan to determine the level of risk and recommend if additional procedures are needed to minimize such risks.

▢  Participants are frequently asked to participate in research by accessing websites, downloading apps, text messaging or completing online surveys and these procedures need to be evaluated in regards to their risk to the participants.

▢  Researchers must clearly explain to participants how they will protect the privacy and confidentiality of the participant's data as part of this consent process, usually in the informed consent document.

▢  Language should be carefully scripted to be honest and precise and not promise confidentiality when it cannot be guaranteed.

▢  Sample language to be used on consent forms: Confidentiality of data collected through internet communication cannot be guaranteed. The possibility exists that information not associated with this research could be captured through the internet connection and used by persons not associated with this study. However, please be aware that the researchers have taken considerable effort to maintain your confidentiality. When collecting data via the internet there is a possibility that persons not associated with the study may be able to intercept and use information as texts are not encrypted or secure during their transmission.

▢  Share IRBNet project submission with your IT representative as applicable, review “Classifications for Data” for more information.

Contact the IT expert in your College

Researchers are encouraged to coordinate with their college IT representatives regarding their research and data security needs.

Click here to view the IT representative for your college.

For additional questions, please contact Research Integrity Office at or 561-297-1383.