Institutional Review Board (IRB): The Role and Responsibilities of Information Security Officers (ISOs)

1
Institutional Review Board (IRB) The Role and
Responsibilities of Information Security Officers
(ISOs)

• Presented by Randy Ledsome, Acting Director,
  Field Security Operations (FSO)

2
Discussion Topics

• What is the IRB?
• Why is the IRB Relevant to ISOs?
• What are ISO Responsibilities?
• Questions?
• Appendix

3
What is the IRB?

• The IRB specifically
• Enhances the quality of human research protection
  through consistent expert ethical and scientific
  review and,
• Enhances the efficiency of these reviews
• Established in accordance with the requirements
  of VHA Handbook 1200.05 requiring each facility
  conducting human research to have an adequate
  Human Research Protection Program (HRPP)
• Directed by the Veterans Health Administrations
  (VHA) Office of Research and Development (ORD)

4
Why Is the IRB Relevant to ISOs?

• ISOs are responsible for executing the IS review
  process
• ISOs serve as non-voting members and subject
  matter experts for information security (IS) on
  the IRB

5
What do ISO Responsibilities Include?

• Review of all studies submitted for approval by
  the IRB or Research and Development Committee
  (RDC)
• Identification that proposed research complies
  with IS policies
• The new Research Checklist facilitates
• this requirement
• The Checklist can be found in the "VA Research
  Security" folder on the FSS page of the IS
  Portal https//vaww.infoprotection.va.gov/fieldse
  curity/default.aspx

Responsibilities Include
6
ISO Responsibilities (cont)

• Recommendations for IS compliance in instances
  where proposed research does not meet standards
• Collaboration with the Research Information
  Protection (RIP) team to remediate IS incidents
  RIP members include
• Privacy Officers (POs)
• Associate Chiefs of Staff (ACOs)
• Research Compliance Officers (RCOs)
• Principal Investigator (PIs)

Responsibilities Include
7
Execution of the Review Process is the Most
Important ISO Responsibility

• The review process requires ISOs to
• Complete the new Research Checklist to ensure IS
  requirements are met
• Provide the Research Checklist or a summary
  report to the IRB or RDC
• Indicate whether IS requirements have been met
  and if not, provide recommendations for
  improvement

8
Questions?

• Contact Information
• Randy Ledsome, Acting Director, FSO
• Randy.Ledsome2_at_va.gov

8
9
Appendix A Resources

• There are a number of VA and VHA resources
  surrounding IS
• VA Directive and Handbook 6500, Information
  Security Program
• VHA Handbook 1200.12, Use of Data and Data
  Repositories in VHA Research
• VHA Handbook 1200.5, Requirements for the
  Protection of Human Subjects in Research
• VHA Handbook 1606.1 Privacy and Release of
  Information
• VA Handbook 6502, Privacy Program
• VA Directive 6212, Security of External
  Electronic Connections
• HIPAA Privacy Rule
• HIPAA Security Rule
• Each of these resources my be accessed on the FSS
  page of the IS Portal https//vaww.infoprotection
  .va.gov/fieldsecurity/default.aspx