Protecting Participants and Data during Biomedical Research

The advancement of healthcare and medicine is frequently conducted through biomedical research programs with human participants at healthcare provider organizations. An Institutional Review Board (IRB) falls under the jurisdiction of the U.S. Food and Drug Administration (FDA) and includes provisions to protect the rights and welfare of the subjects. As research becomes increasingly more complex, so does the need for digitization and information sharing. Researchers who conduct the studies, and the IRB, which oversees the protocol and ethics compliance, rely on this critical and sensitive information. But that information, like much other PHI, is now susceptible to data breaches and cyberattacks. To that end, healthcare providers must integrate research and IRB into their cybersecurity risk programs. On Censinet CISO customer attributes 50% of his organization’s risk analysis to research-based programs.

“Biomedical research is a core pillar of how we advance the science of medicine and one of Intermountain’s core priorities. As a result, risk assessments around research represent a significant portion of the assessments we conduct.”

-Erik Decker, Assistant Vice President and Chief Information Security Officer at Intermountain Healthcare.


IRBs and Healthcare IT Executive Need to Ensure Continuous Coverage

Censinet RiskOps for Research & IRB is the first healthcare industry cybersecurity risk assessment workflows for research & Institutional Review Boards. It eliminates antiquated, risk-prone, or non-existent approaches to protecting participating patient data. It enables the introduction of intelligence and workflows that address the cybersecurity requirements of healthcare research, including research overseen by an IRB.

The addition of Research & IRB capabilities into Censinet RiskOps addresses a major vulnerability for many organizations and enables healthcare providers to deliver more continuous coverage to drive down their risk significantly. Health systems face a unique portfolio of risks in caring for patients. Our laser focus on healthcare enables us to continually deliver industry-driven solutions that general-purpose risk solutions just can’t. Censinet RiskOps for Research & IRB exemplifies that.

Censinet IRB Assesment


Why This Matters to the CIOs and CISOs

As part of the IRB review process, institutions contributing and managing subject data must ensure they manage it appropriately while ensuring that measures are put in place for protection. Too often, these research projects are run by professionals with limited or no experience with cybersecurity, repeatedly out of range of the CISO or risk IT team. In the too infrequent event that a cybersecurity risk assessment is done for research, it’s likely using the same antiquated spreadsheet methods now superseded by Censinet RiskOps. For research and IRBs, Censinet RiskOps for Research & IRB help assess and manage the cybersecurity risk to a hospital system’s sharing PHI with researchers. General IRB workflow tools do not cover this cybersecurity approach because they focus on study oversight, not on data protection.