Does IRB approval mean my research meets all data security and compliance requirements?

IRB approval does not automatically mean that a research proposal meets all data security and compliance requirements. The RCInstitutional Review Board (IRB)Compliance policies for human subjects research RC Institutional Review Board (IRB) primarily focuses on the ethical treatment of human subjects, ensuring that participant privacy and confidentiality are considered. However, the IRB’s review of data security is often cursory and does not involve an in-depth technical evaluation of storage, security controls, or compliance with university-wide data governance policies, as that is beyond the scope of the IRB’s role. 

For instance, the IRB ensures that adequate provisions exist to protect participant confidentiality, but it does not determine whether a research project meets all institutional security standards, regulatory requirements, or technical safeguards for data management. Principal investigators and their study teams are responsible for adhering to all standards and policies and ensuring that protections are implemented on behalf of participants.