Customize Your Path

Select all filters that apply to your project, including its oversight and management. Applying the filters will customize your experience by: 1) removing topic-based pages and “Related Resources” that do not apply to your project, and 2) hiding non-applicable topic pages and resource links from any search results.
Project includes:
Project managed by:
Subtopic

Planning research involving apps, websites, and wearables

Since technologies are constantly evolving, it can be difficult to navigate all that is needed for research studies that involve web or mobile apps, websites, or wearable devices. Researchers should expect to be engaging with various offices to determine technical, financial, and contractual feasibility of the plan. In order to be as prepared as possible, use the guidance in the accordions below to help you navigate the challenges.

After reading the guidance below, engage the appropriate consultation service, available in the "Related Resources" section of this page under Consultations and Help.
If your research involves a mobile or web app

Before you get too far, here are things you need to know or have when having early conversations with support groups at Duke:

BASIC CHECKLIST

  • Who is paying for the app development? 
  • Who will build the app?
    • If not Duke, do you know if this is an approved vendor? [If not, expect the process to take longer!]
  • Has the app previously been reviewed by either of the Duke Information Security Offices? 
  • How (or will) will the app be used by research participants?
  • Where will the app live? (personal device, sponsor device, cloud hosted, etc.)
  • What kinds of device permissions will be required? (e.g., access to the camera, microphone, storage, etc.)
  • Who will maintain the app after it launches?  Has that been budgeted?
  • Will you be collecting and/or transmitting data with the app?
    • Where will the data be stored?
    • Are you subject to any specific regulations (HIPAA for patient data, FERPA for student data, etc.)?
    • How will the data be transmitted?
  • Will the app be Duke branded?

DOCUMENTS TO HAVE AVAILABLE

If your research involves a website

Before you get too far, here are things you need to know or have when having early conversations with support groups at Duke:

BASIC CHECKLIST

  • Who is paying for the website development? 
  • Who will build the website?
    • If not Duke, do you know if this is an approved vendor? [If not, expect the process to take longer!]
  • Has the ISO or ITSO run a security scan on the website?
  • How will participants access the website?  Is it secured in some way?
  • Where will the website be hosted?
  • What kinds of permissions will be allowed?
  • Who will maintain the website after it launches?  Has that been budgeted?
  • Will you be collecting and/or transmitting data to/from the website?
    • Where will the data be stored?
    • Are you subject to any specific regulations (HIPAA for patient data, FERPA for student data, etc.)?
    • How will the data be transmitted?  Does it need to be protected?
  • Will the website be Duke branded?

DOCUMENTS TO HAVE AVAILABLE

If your research involves wearable or other technologies

Before you get too far, here are things you need to know or have when having early conversations with support groups at Duke:

BASIC CHECKLIST

  • If this is a medical device, have you engaged ORAQ and/or Engineering?
  • Who purchased the wearable or technology (e.g., is it participant-owned, purchased by Duke, purchased by sponsor, etc.)?
  • Who is responsible for maintaining the wearable or technology? Are regular security updates available?
  • How will the wearable or technology be set up?  By whom?
  • What kinds of permissions will be allowed?  Does the wearable access personal devices (e.g., the participant’s phone or watch?)
  • Will you be collecting and/or transmitting data to/from the wearable or technology?
    • Where will the data be stored?
    • Are you subject to any specific regulations (HIPAA for patient data, FERPA for student data, etc.)?
    • How will the data be transmitted?  Does it need to be protected?

 

DOCUMENTS TO HAVE AVAILABLE