COVID-19 Research FAQs: Remote Work Environments
Q: How should research labs prepare for the impact of COVID-19?
According to a 3/23 memo from Provost Morrison: “Boston University research laboratories should stop normal operations and shift to basic maintenance only, ensuring safety and preserving future capabilities, other than COVID-19 research and essential biomedical research that cannot be stopped at this time. Only critical maintenance procedures that require regular attention in order to maintain laboratory viability should continue. For example, cell, plant, or animal colony maintenance, shared computational equipment maintenance, and maintenance of equipment that requires gas or cryogen monitoring/service, such as freezers, electron microscopes, mass spectrometers, and incubators can be performed. Any research operations that are deemed critical to continue, such as those listed above, must obtain proper approvals using this form and as previously outlined by Gloria Waters, Vice President and Associate Provost for Research. Access to labs will be limited to personnel approved to perform these essential procedures and processes. The Animal Science Center will continue to provide daily animal maintenance (feed, water, ensure clean/dry caging, etc.) and Environmental Health & Safety staff will continue to be on-site.”
Q: What happens if local, state, and/or federal government employees are unavailable to perform their duties (e.g., issue prior approvals or process awards)?
We expect that funding agencies will issue guidance in the event these circumstances become likely.
Q: If a student or a researcher needs to access a data set from home in order to keep working on a project, how do we address privacy requirements, if the data set contains sensitive or private information?
If BU cannot provide secure access to the data set (e.g., remote access via VPN or other means), then the data set should not be accessed, or analysis of risk should be considered. Researchers should work with their IT departments to explore whether a secure remote access option is viable for their project as well as the type of data that may be subject to a potential breach. Researchers should document the period of time they were unable to work on the data set for determining if they later need to request a no-cost time extension.
You can find information on the IS&T website on how to use the VPN.
You should use the BU SecureMail email service (free to use) unless the patient or research subject has agreed – ideally in writing – to use non-secure communications via email or text.
If your patients or research subjects are leaving you voicemail messages, it is a best practice to include language in your voicemail message discouraging them from including sensitive information. Likewise, when you are leaving voicemail messages, remember to avoid disclosing any sensitive information.
What about BU Teams and Zoom?
When using BU Teams on your computer or phone, calls, video meetings, and chat communications are automatically encrypted. And, like most BU Office365 apps (SharePoint, OneDrive, PowerBI), it is HIPAA compliant and meetings can be setup with patients or subjects.
Likewise, Zoom meetings are generally secure but you need to know that there are two types of Zoom accounts: Zoom and “Zoom Meetings for HIPAA.” Zoom Meetings for HIPAA is compliant but disables your ability to record a conversation as the recordings cannot be securely stored. If you need to record a conversation and it does not contain HIPAA information you can switch between Zoom and Zoom Meetings for HIPAA.
Go here to switch your account from regular Zoom to Zoom Meetings for HIPAA: https://www.bu.edu/tech/services/cccs/conf/online/zoom/zoom-hipaa/
Using best practices when communicating and leveraging the tools at your disposal will help keep your patient’s or research subject’s privacy intact and protected.
If you have any questions or concerns, please contact me or Information Security at buinfosec@bu.edu