| Resource | Description |
|---|---|
| HIPAA in Research | A comprehensive webpage that provides additional tools and information on Covered Entities, HIPAA Identifiers, and Waiver of Authorization. |
| Family Educational Rights and Privacy Act (FERPA) Guidance | UK ORI guidance for Researchers and IRB Members on accessing educational records. |
| General Data Protection Regulation (GDPR) Guidance | UK ORI guidance on the General Data Protection Regulation (GDPR), which affects the way data is processed in the European Economic Area (EEA). |
| UK ORI Confidentiality and Data Security Guidelines for Electronic Data | UK ORI guidance on studies with identifiable information that involve electronic data collection and data maintenance. Provides information on data security and confidentiality protections. |
| UK ADVANCE AI |
See “What privacy concerns arise in using generative AI in research?” on the AI in Research Recommendations webpage. Unless the UK HealthCare InfoSec Data Sharing Committee has confirmed the AI tool is HIPAA-compliant and supports PHI input, do not put research data containing PHI into a generative AI tool or other software. Additionally, other non-public or proprietary research data should not be placed into an open-source AI tool without UK ITS GRC approval. Consult the UKITS (UK Information Technology Services) Governance, Risk and Compliance (GRC) team. For software-specific limitations, see UK Approved Software. |
Data Security
Additional Resources
- Methods for De-identification for Honest Brokers
- UK Information Technology Services Information Security Policy & Procedures
- Considerations for Protocol Design Concerning Digital Data [D132.0000]
- UK ORI Children's Online Privacy Protection Act (COPPA) Guidance
- Cybersecurity Compliance at the University of Kentucky
- UK Information Technology (ITS) Approved Software