Your IRB will approve itsecure_data

mEMA data are secure, private and HIPAA compliant. The mEMA System data collection and storage proceeders have been approved by many US and European university and medical school IRBs due to these key design points:

  • De-Identification of Data: The mEMA platform does not require any personally identifying information (PII) from participants. The mEMA platform automatically generates a unique identifying code that is given to the user to enter into their mobile App. They key linking this code to any PII will be stored outside the mEMA system by the investigators. In some cases it is necessary to enter PII into the mEMA system, for instance if you intent to use the system to communicate with your participants by SMS (text message) or email. In this case all the PII data will be stored in a database separate from the data entered into assessments by your respondent. When the research team downloads the aggregated dataset it will contain no PII.
  • Secure Data Storage: All data collected from the mobile Apps are encrypted before being pushed to the cloud-based storage database. No data are ever stored on the server’s file server but always in the database. Access to the database is gated so entry is only permitted to users entering through the approved route (i.e. you can’t hack your way into the database by guessing at the url). Our servers are located in the USA. Data are made accessible to the researchers only by directly accessing the secure site
  • No unauthorized data access:  In the case where respondents are completing assessments via the mobile Apps then they will never be able to access the web-platform. In the case where you have given respondents access to the web-platform so they can complete assessments form a web-browser then each user can only access the site with a verified email address. Each user has the ability to change their own password. A notification is sent to that user’s verified email-address if the associated password is changed. Users can only access their own data (except authorized users as determined by the Primary Investigator.
  • Informed Consent: If necessary, you can add your Informed Consent forms to the beginning of your first assessment so each respondent must acknowledge receipt of this before continuing with the assessments.