Information Technology Services - nav image

1.2 Human Subject Information

Harvard Enterprise Security Policy:

Policy Excerpt
Under Federal law all research at Harvard that includes human subjects must be approved by a Harvard Institutional Review Board (IRB). Personally identifiable data collected for, used in, or produced by research involving human subjects must be protected from inadvertent or inappropriate disclosure. Proposals for all research projects that involve such data must include an acceptable, effective, and documented procedure for the protection of such data before the project can be approved or granted continuing approval by the IRB.

HLS Policy:

If any research involves a person, regardless of the collection of personally identifiable data, the IRB should be consulted.

Approved Solution:

Solutions will vary based on the research and data elements collected. Additional time should be allocated for the review and set up of new systems and business processes.

Frequently Asked Questions:

Q: How do I know if my research project collects personally identifiable information (PII)?
A: If you asked the question you are probably collecting PII. The definition of PII is very broad. As such you should contact Security@law.harvard.edu to discuss your project.

Q: I have been conducting surveys and have never heard of this before. It this a new policy?
A: No, Federal law requires universities and research institutions to create Institutional Review Boards (IRB) to review all human subject research. The Boards are responsible for ensuring that data collected in such research is properly protected. IRBs have been in existence at Harvard for some time.

Last modified: September 07, 2010

© 2014 The President and Fellows of Harvard College. All rights reserved.