More and more researchers are turning to online video conferencing to conduct research activities. In doing so there are several privacy considerations researchers should consider to ensure data and subject privacy are protected. These include:
Type of Data
What type of information will be discussed with the subject? If it is protected health information (PHI), you must use a HIPAA-compliant communication product. Even if it is not technically PHI, if the information is sensitive (e.g. illegal behavior, gender/sexual orientation, traumatic experiences) use of a HIPAA-compliant product (and the additional protections it affords) may be appropriate.
Recording of Data
If the video conference session will be recorded there are a few things to consider including:
- Whether consent will be obtained, or participants notified and how this is documented. For example, with many applications (e.g. Zoom) both the audio/visual and any chat sessions may be recorded. Subjects should be made aware of this. Note that for recordings made in WA State, WA State RCW 9.73.030 requires consent, with no option for a waiver.
- The need for a HIPAA authorization or waiver to use the data for research purposes if the information being recorded is considered PHI.
- Access to the recording. The location should only be accessible to authorized members of the research team. If you are storing data with the video conferencing software vendor and they have access to the recording, there should be a legally binding agreement in place that limits how that vendor can use or share the data.
Institutional Security Requirements
Whatever product is used must comply with the data security protections approved for the study by the IRB. For PHI, UW Medicine Compliance has its own requirements for how data is accessed, used, transmitted, and stored.
Minor-aged Research Participants
Some UW technology, e.g., Google Classroom and Panopto, cannot be used with minors for any purpose, including research. Others (e.g. Canvas) cannot be used with youth under the age of 13. University recommendations for safe virtual use of technology with minors, including a description of acceptable UW technology (e.g. Zoom, Microsoft Teams) can be found on the UW Privacy Office FAQ under Engaging Youth Virtually. Additional guidance on virtual programs/activities with minors can be found here. For technology questions please contact UW IT. For questions about safe youth engagement in a virtual setting, you can consult with the Office for Youth Programs Development and Support.
- Privacy Best Practices for Online Conferencing https://privacy.uw.edu/policies/best-practices-online-conferencing/
- Privacy Best Practices for Live Streaming https://privacy.uw.edu/policies/best-practice-live-streaming/
- Zoom (https://itconnect.uw.edu/connect/phones/conferencing/zoom-video-conferencing/)
- HIPAA Compliant Version FAQ (https://itconnect.uw.edu/connect/phones/conferencing/zoom-video-conferencing/uw-zoom-faq/zoom-hipaa-ferpa/)
- Zoom FERPA (https://zoom.us/docs/doc/FERPA%20Guide.pdf)
- Microsoft Teams (https://itconnect.uw.edu/wares/online-storage/uw-sharepoint-online/#microsoft_teams)