Sensitive Identifiable Human Subject Research

Individually identifiable research data containing sensitive information about human subjects. A human subject is a living individual about whom a researcher obtains data and information that can be used to identify him or her.

The researcher determines whether the data is sensitive or not based on privacy and ethical considerations and on whether a breach in confidentiality of this personally identifiable data would pose greater than minimal risk to subjects. 

This data type is governed by the Federal Policy for the Protection of Human Subjects (also called the “Common Rule”). Among other requirements, the Common Rule mandates that researchers protect the privacy of subjects and maintain confidentiality of human subject data.

Frequently Used by: 

Faculty
Staff
Students
Researchers

Category: 

Sensitive

Examples: 

Sensitive identifiable information may include research data referring to

  • Illegal behaviors
  • Drug or alcohol abuse
  • Sexual behavior
  • Mental health or other sensitive health or genetic information

Any data collected under a National Institutes of Health (NIH) Certificate of Confidentiality is considered sensitive.

Andrew File System (AFS): 

Not Permitted

Blue Jeans Video Conferencing: 

Permitted

Canvas: 

Permitted

Cloud Storage Included with Software: 

Not Permitted

CTools: 

Permitted

Data Warehouse: 

Permitted

Desktop Backup (Powered by CrashPlan): 

Permitted

Desktop Virtualization (VDI): 

Permitted

Digital Signage: 

Not Permitted

Echo360 - Lecture Capture and LectureTools: 

Not Permitted

eResearch: 

Not Permitted

Flux: 

Permitted

Globus: 

Permitted

ITS Exchange Email and Calendar: 

Permitted

M Cloud - Amazon Web Services GovCloud: 

Permitted

M Cloud Amazon Web Services (AWS): 

Permitted

M+Box Additional Apps (Non-Core): 

Not Permitted

M+Box Core Apps: 

Permitted

M+Google Additional Services (Non-Core): 

Not Permitted

M+Google Drive: 

Permitted

M+Google Mail and Calendar: 

Not Permitted

M+Google Sites, Talk/Hangouts, Groups, Tasks, Classroom: 

Not Permitted

MiDatabase: 

Permitted

MiServer: 

Permitted

MiShare: 

Permitted

MiStorage (for Some Sensitive Data) with CIFS: 

Permitted

MiStorage with NFS: 

Not Permitted

MiVideo: 

Permitted

MiWorkspace: 

Permitted

Personal Accounts (Dropbox, OneDrive, iCloud, etc.): 

Not Permitted

Personally Owned Devices (phone, tablet, laptop, etc.): 

Permitted

Qualtrics: 

Permitted

ServiceLink: 

Permitted

Sitemaker: 

Not Permitted

Statistics and Computation Service: 

Not Permitted

MiBackup: 

Permitted

Turbo Research Storage with NFS: 

Not Permitted

Turbo Research Storage (for Some Sensitive Data) with NFSv4+Kerberos or CIFS: 

Permitted

UMHS Exchange/Outlook Email and Calendar: 

Permitted

Virtualization as a Service (VaaS): 

Permitted

Armis: 

Permitted

Imaging Services: 

Permitted