List of OIT-Reviewed Apps and Software for Research using Identifiable Information
Below is a list of services that have been reviewed and approved by Emory for processing and storing Identifiable Information as electronic data, including ePHI. Even though these services have been reviewed, you are still responsible for ensuring that your use of them meets all of Emory’s applicable IT security and HIPAA policies, as well as any applicable rules of behavior.
For more information, please review the following policies:
- IT Security Policies: https://emory.ellucid.com/manuals/binder/1526/1
- HIPAA Security Policies: https://emory.ellucid.com/manuals/binder/1528/1
Data Storage
| Name | Description | Fee | Website |
| Emory Trusted Storage | ePHI and other types of sensitive data may be stored here. All data is encrypted at rest and access to all data is audited. Can be accessed on campus or through Emory’s VPN. | Yes | https://it.emory.edu/catalog/technical-infrastructure/storage-management.html |
| OneDrive | OneDrive is a cloud storage service available through Office365. Faculty, staff, and students with Emory e-mail addresses already have OneDrive accounts. All sensitive data types may be stored here except for PCI or FISMA related data. You must read and agree to the OneDrive rules of behavior: | Free for Emory Staff, Faculty and Students | https://email.emory.edu/ |
| OnBase | OnBase is a document imaging solution that may be used to store paper records with ePHI that need to be stored digitally. | Yes | https://it.emory.edu/onbase/ |
| Oracle Database |
| Yes | |
| MySQL Database |
| Yes | |
| Emory Box | No longer a storage option. Emory University and Emory Healthcare have decided to move away from Box as a storage offering, in favor of OneDrive. | Box to OneDrive migration FAQ here |
Data Collection
For collection of sensitive data that does not contain identifiers, investigators may use other tools as approved by the IRB, including Survey Monkey and Medidata's Patient Cloud ePRO (electronic patient-reported outcome) app, which is part of the Medidata Clinical Cloud platform.
| Name | Description | Fee | Website |
| RedCap | RedCap is a data collection platform that has been approved for storing ePHI related data. | Yes, $300 a year | https://it.emory.edu/catalog/data-and-reporting/redcap.html |
| Qualtrics | Qualtrics is a survey and data collection cloud service that has been approved for collecting and storing ePHI related data. | Free for all School of Medicine-affiliated faculty, staff, and students (unlimited projects and responses). Other Emory researchers may have different fees and terms under other Qualtrics agreements. | School of Medicine Qualtrics service: https://emory.sharepoint.com/sites/SOMITS/SitePages/Qualtrics.aspx |
Messaging and Conferencing
| Name | Description | Fee | Website |
| Office365 Email | Emory’s Office365 email system is approved for sending and receiving ePHI internally between Emory affiliated individuals. ePHI may not be sent to external recipients. | Free for Emory Staff, Faculty and Students | https://it.emory.edu/catalog/email-and-calendaring/index.html |
| Zoom | Video and teleconferencing service that may be used for the discussion of ePHI. HIPAA accounts are approved for Telemedicine. See this guidance on which Zoom account is appropriate. Emory Healthcare and Emory University HIPAA accounts are HIPAA compliant, but Emory University Main accounts are not. Most groups are auto routed to the appropriate enterprise account, but if you need a HIPAA compliant account, contact IT. | Free for Emory Staff, Faculty and Students | https://it.emory.edu/office365/ZOOM.html |
| Skype for Business (SFB) | SFB is an instant messaging and conferencing solution available to all Emory faculty, staff, and students. Emory users can hold calls and conferences with consumer Skype users, but the Emory user must initiate the communication. SFB is approved for discussing sensitive data, including ePHI. However, SFB is not an approved telemedicine solution. | Free for Emory Staff, Faculty and Students | https://it.emory.edu/office365/skype-for-business.html |
| Spok Mobile | Emory’s paging system, and can also be used for secure texting, including ePHI. The secure texting function will only work between individuals who are affiliated with Emory, and is not suitable for communicating with non-affiliated individuals. | Free for Emory Staff, Faculty and Students | http://it.emory.edu/mobileconnect/ |
| Office 365 Message Encryption (OME) | Emory is now using Office 365 Message Encryption (OME) to encrypt outgoing email messages. OME allows Emory users to send emails to external users, ensure the message is transmitted securely, and visible only by the intended recipient. | Free for Emory Staff, Faculty and Students | https://it.emory.edu/office365/ome.html |
Clinical Data
| Name | Description | Fee | Website |
| i2b2 |
| For data with identifiers, you will need an IRB approval letter. The service center charges an hourly rate. |
Electronic Signatures for electronic informed consent
NOTE: eSignLive is no longer recommended. If you are using it currently for an already approved study, you may continue. Do not use eSignLive for new studies starting on or after 3/31/2020.
| Name | Description | Fee | Website |
| RedCap | RedCap is a data collection platform that has been approved for storing ePHI related data (not for studies that required to be Part 11 compliant). | Yes, $300 a year | |
| DocuSign | Emory has selected DocuSign as our electronic signature solution. DocuSign is an easy-to-use, full-featured, web-based application:
For studies which are required to comply with the FDA's CFR 21 Part 11, use DocuSign Part 11 compliant envelopes. | Enterprise agreement envelopes (non-CFR 21 Part 11): Free for Emory University Staff and Faculty (and approved students) Emory Healthcare personnel can sign an envelope, but cannot send envelopes with the DocuSign enterprise agreement
For CFR 21 Part 11 signatures: $1.50/envelope |