Privacy Policy
We institute strict procedures to maintain confidentiality and will adhere to 2003 HIPAA Standards for Privacy of Individually Identifiable Health Information (the Privacy Rule). Patient names will not be abstracted and all of the data will be reported in aggregate. Data will be collected using electronic web-based forms, which will be completed by the study participant. The electronic web-based forms will be administered through REDCap surveys, which will be accessed via an encrypted connection using the internet browser on a computer, all PHI will be collected and stored on REDCap. Each study participant will be assigned a unique study identification number. The subject ID contains no personal identifiers. The sleep application (diary and sleep education) will thus contain no PHI. The link between the subject ID and PHI (such as name) will only reside in the password-protected, encrypted REDCap database.
A study database will be created in REDCap and maintained by study staff, with data entry by the subject directly into REDCap using the web-based forms. Other data, such as adherence phone call information, will be entered directly by the research staff into REDCap. Additionally, physiologic data (accelerometry) will contain no personal identifiers, only a deidentified email address (provided to participants by study staff). All data will be anonymous and no pseudonyms or other identifiers will be used except for a randomly assigned subject identification number maintained in a REDCap database. There will be no paper forms. Release of patient information to other parties not affiliated with the research team will be governed by the HIPAA Privacy Rule guidelines.
Database Security/Protection against Risk: To assure that patient confidentiality is preserved, individual identifiers (such as name) are stored on the University of Pennsylvania School of Medicine REDCap system which is protected by a secure firewall. Only study staff will have access to the data in this database. Once a participant is in this system, they will be given a unique study identification number (subject ID). Any datasets and computer files that leave the firewall will be stripped of all identifiers and individuals will be referred to by their subject ID. The subject ID will also be used on all analytical files. Social security numbers for all participants who are eligible for financial compensation, will be collected in REDCap at the end of the study to minimize the number of individuals who are asked to provide their SSN PHI (that is, subjects who are found to be ineligible will not receive financial compensation and thus there is no need to collect their SSN at the beginning of the study). No results will be reported in a personally identifiable manner. All data will be password-protected with several levels of protection. The first will allow access to the operating system of the University of Pennsylvania Health System (UPHS)-configured and managed computer by the research staff using their UPHS credentials via the UPHS Ethernet or VPN. The second will allow access to the REDCap database. Each investigator and staff member involved in the proposed study will sign and adhere to a Standard Operating Procedure for managing participant data through the REDCap database and has participated in required IRB/HIPAA compliance training. We will also continue to make use of password protection programs for all computerized records. In no instances will identifying information be publicly disclosed. Prior to conducting any analyses, all identifiers (e.g., names, etc.) will be removed. Results from this part of the investigation will be reported in aggregate. The Penn Medicine Academic Computing Services (PMACS) is the hub for the hardware and database infrastructure that supports the project and REDCap is built on this infrastructure. This data is stored in mySQL databases on a PMACS-operated blade server environment. The data center is housed in Information Systems and Computing at 3401 Walnut Street. All data are stored in a single relational database, allowing researchers to correct mistakes. Every SQL transaction, including accessing and changing data, is logged for auditing purposes. Data are entered into the database through several different mechanisms. Participants enter their own personal information and respond to surveys through a PHP-based web interface. Datasets are blinded of all personally identifiable information when exported for analysis. The REDCap web application automatically removes all identifiers when a researcher requests an analytic dataset. The only people with access to identifiable participant information are pre-specified Research Coordinators responsible for contacting participants for follow-up. Personal information and identifiable research data will be stored in REDCap tables and will be linked by a computer-generated ID number to sleep diary and actigraphy data. The data collected for the sleep diary, tapping adherence, and wrist-worn accelerometer on the smartphone/tablet is de-identified (only a subject ID is displayed) and is stored in a secure database which will be maintained by AME Inc., the company that has created the subject website and smartphone software. There is no PHI in the data stored on AME servers. The de-identified sleep diary and tapping adherence data will be available on the website for viewing by the subject and research team using the subject ID so they can see their progress. The subject will log into the website using their subject ID and a password assigned to them by the research team to ensure that the subject does not create a password that includes the subjects PHI by accident (i.e. some people create passwords based on their date of birth or address, to help them remember it).
The University of Pennsylvania Health System (UPHS) also has guidelines in place for mobile devices and software. These include documentation of information security controls, incident response program, compliance certifications (OWASP, etc.), privacy practices, physical data security, and subcontractors. These will be reviewed with AME to ensure that the mobile device software meets UPHS criteria.
This plan has been reviewed and approved by the University of Pennsylvania IRB. Additionally, these approaches have been used previously by our group for mobile device research to successfully maintain participant confidentiality.