Sensitive Identifiable Human Subject Research

Key: Permission Levels

  • Permitted
  • Permitted with Information Assurance (IA) Consultation
  • Not Permitted

For IA consultation, please contact the ITS Service Center

Protecting sensitive data is a shared responsibility. You are responsible for ensuring that your use of permitted services complies with laws, regulations, and policies where applicable.

Permitted

Not Permitted

Data Type Description 

Sensitive identifiable human subject research data is regulated by the Federal Policy for the Protection of Human Subjects (also called the “Common Rule”). Among other requirements, the Common Rule mandates that researchers protect the privacy of subjects and maintain confidentiality of human subject data.

A human subject is defined by federal regulations as a "living individual about whom an investigator (whether professional or student) conducting research obtains (1) data through intervention or interaction with the individual, or (2) identifiable private information.”

“Identifiable” means the information contains one or more data elements that can be combined with other reasonably available information to identify an individual (for example, Social Security number, health care record).

Personally identifiable data is sensitive if disclosure of such data would pose increased social/reputational, legal, employability, or insurability risk to subjects.

Data Steward: U-M Research Ethics and Compliance, Human Research Protection Program (HRPP): [email protected]

Examples 

Sensitive identifiable information may include research data referring to

  • Illegal behaviors
  • Drug or alcohol abuse
  • Sexual behavior
  • Mental health or other sensitive health or genetic information

Any data collected under a National Institutes of Health (NIH) Certificate of Confidentiality is considered sensitive.

Andrew File System (AFS): 
Not Permitted
Canvas: 
Permitted
Cloud Storage Included with Software: 
Not Permitted
Data Warehouse: 
Permitted
Desktop Backup (Powered by Code42): 
Permitted
MiDesktop: 
Permitted
Digital Signage: 
Not Permitted
Echo360 - Lecture Capture and LectureTools: 
Not Permitted
eResearch: 
Not Permitted
Globus: 
Not Permitted
Amazon Web Services GovCloud at U-M: 
Permitted
Amazon Web Services (AWS) at U-M: 
Permitted
Google Non-Core Services: 
Not Permitted
Google Drive at U-M: 
Permitted
Google Mail and Calendar at U-M: 
Not Permitted
Google at U-M Core Services: 
Not Permitted
MiDatabase: 
Permitted
MiServer: 
Permitted
MiShare: 
Permitted
MiStorage CIFS with AWS S3 Cloud Storage Integration: 
Permitted
MiStorage (NFS): 
Not Permitted
MiVideo: 
Permitted
MiWorkspace: 
Permitted
Personal Accounts: 
Not Permitted
Personally Owned Devices (phone, tablet, laptop, etc.): 
Permitted
Qualtrics: 
Permitted
ServiceNow at Michigan Medicine: 
Permitted
MiBackup: 
Permitted
Turbo Research Storage: 
Permitted
Michigan Medicine Exchange/Outlook Email and Calendar: 
Permitted
Document Imaging System: 
Permitted
E-signature Service - SignNow: 
Permitted
Piazza Q&A: 
Not Permitted
Gradescope: 
Not Permitted
Electronic Research Notebook at U-M: 
Permitted
Microsoft Azure at U-M: 
Permitted
Google Cloud Platform (GCP) at U-M: 
Permitted
Perusall: 
Not Permitted
Secure Enclave Service (formerly Yottabyte Research Cloud): 
Permitted
Microsoft Office 365 at U-M: 
Not Permitted
Armis2: 
Permitted
Great Lakes Cluster: 
Permitted
Adobe Cloud Storage: 
Not Permitted
Zoom at U-M: 
Permitted
TeamDynamix at U-M: 
Permitted
Dropbox at U-M: 
Permitted
Virtru at U-M: 
Permitted
Microsoft Teams at U-M: 
Not Permitted
Denodo at U-M: 
Permitted
Slack at U-M: 
Permitted
Microsoft 365 at Michigan Medicine: 
Permitted
Lighthouse HPC Cluster: 
Permitted
MyDataHelps: 
Permitted
REDCap MICHR Academic License: 
Permitted
GitHub Enterprise SaaS: 
Not Permitted
Data Den Research Archive: 
Permitted
Locker Large-File Storage: 
Permitted
ITS AI Services: 
Not Permitted