Skip to main content

Training & Education

UC San Diego conducts research studies according to FDA regulations and ICH guidelines. Standardized training and continuing skill development of all clinical research professionals is an important part of preparation for clinical research. It is the responsibility of all staff and investigators to know, understand and maintain sufficient knowledge of the federal, state and local requirements protecting research participants.

Education

Good Clinical Practice (GCP) & Human Research Training 

UC San Diego employs the web-based Collaborative Institutional Training Initiative (CITI) program to satisfy the training requirements for all personnel conducting human subject research at UCSD.

CITI offers two versions of the Basic Human Research Training course: one for Biomedical Investigators and one for Social & Behavioral Investigators. 

A module on Good Clinical Practice (GCP) is also required for individuals conducting clinical trials.

 Certification is valid for 3 years

Click here to learn more about UCSD'S GCP training information.

 

UC Mandatory Annual Training

UC Learning Center

UC Cyber Security Awareness Training & Refresher

As part of the University's efforts to address the increasing threats to the security of information systems and data, a comprehensive security awareness training program is required for all University of California (UC) Faculty, Staff, and Student Employees. One initially completes the full Training then subsequently completes annually the Training Refresher.

UC Sexual Violence & Sexual Harassment Prevention Training

Each member of the University community has a responsibility to help make our campuses safe.  This training is for UC employees who are not required to complete California’s AB1825-mandated training for supervisory employees.  It provides information on preventing and responding to sexual violence and sexual harassment and what each of us can to do tomake our UC culture safer for all.

UC Ethical Values & Conduct and Conflict of Interest for Researchers (COIR) Briefings

All paid UC Employees are required to complete ethical values and conduct briefing. Those in research positions will be required to complete Compliance & Conflict of Interest for Researchers Briefing (COIR), while all other employees will be asked to complete the Compliance Briefing: UC Ethical Values and Conduct. The purpose of these briefings is to reinforce the University of California Statement of Ethical Values and Standards of Ethical Conduct and provide information about conflict of interest and reporting instances of non-compliance.  Employees will automatically be assigned the appropriate training for their role with the University.

UC Annual Compliance and Fraud, Waste, and Abuse Training

All paid UC Health Sciences/Health Employees are required to complete this mandatory annual training. This training is designed to: 1) provide guidance on how to identify and report potential compliance issues. Examples include privacy violations, inaccurate or fraudulent documentation, billing or coding, and research compliance violations; 2) provide guidance on how to handle compliance questions and concerns; and 3) show you how to find Policies and Procedures. 

Systems

Velos eResearch is a secure integrated software system designed to assist Investigators in managing their clinical research trials/studies. The software links to the UCSD Health System’s Epic Electronic Medical Record System to provide improved information and integration for clinical research projects. A robust support team assists investigators in implementing their protocols, study calendars, coverage analysis and more.
 
Velos training must be completed before access will be granted. If you would like to reserve a space for a class, please send an email request to the CTRI Application Support Team at ctri-velos@ucsd.edu and provide the name and date of the class requested.  Upon receiving your request we will send you an confirmation calendar invitation.
  

Electronic Medical Record

All users of UC San Diego Health Epic EMR must complete an assigned training curriculum that is customized for each employee based on their job and role. Training may be in the form of eLearning modules, classroom instruction, or a combination of both.

 

Electronic Research Administration Program

The Electronic Research Administration Program is a campus-wide initiative to implement and maintain systems and services that improve sponsored research. Our mission is to reduce and simplify administrative procedures so researchers can spend more time doing research and less time on administrative tasks.

 

Kuali Research

All users who had ePD access have access to Kuali Research. If you are a new user who did not have access to EPD, please request access.

Kuali Research:

  • Replaced the previous contract and grant system (Coeus including Electronic Proposal Development (ePD), Institute Proposal (IP), Award) to fully support our research administration needs
  • Redesigns business processes to streamline and develop institutional best practices
  • Engages the research administration community throughout the project's lifecycle to ensure user needs are met

Read the all campus announcement or go to Enterprise Systems Renewal (ESR) to learn more about Kuali Research Project.

HIPAA | Health Insurance Portability & Accountability Act

Health Insurance Portability & Accountability Act | HIPAA


What is HIPAA?

HIPAA is the Health Insurance Portability and Accountability Act of 1996.  This federal law has an "Administrative Simplification" title within it that includes provisions for Privacy and Security of Personal Health Information (PHI), electronic standards for communicating claims data and unique identifiers for healthcare providers and organizations.  The provisions of HIPAA that most affect research are the Privacy Rule and a corresponding Security Rule.  Compliance was required as of April 14, 2003.  Newly enrolled participants in research studies affected by HIPAA will need to sign a separate HIPAA authorization form.  Permissions and authorizations executed prior to April 14, 2003 remain in place, and there is no need to re-consent participants already enrolled in studies as of that date. 

What is a HIPAA Covered Entity?

A covered entity is an organization that, by virtue of providing healthcare services and billing for them using electronic means, is subject to the provisions of HIPAA.  The University of California is a "hybrid covered entity" meaning that provides healthcare services but also has other functions, such as education and research. 

What is Protected Health Information (PHI)?

Protected Health Information (PHI) is a type of individually-identifiable information that arises out of a healthcare service context.  The protections of the HIPAA Privacy Rule apply to PHI.  However, not all individually identifiable information is PHI.  A study only uses or produces PHI if it is using medical records as a source of information or is providing a healthcare service to the research participant. 

What is de-identified information?

De-identified information is the term used for personal health information that has had identifying characteristics removed.  This form of data was historically called "anonymous" but the authors of HIPAA recognized that health information is so rich in potentially identifying characteristics that it can never be truly anonymous; there will always be some potential for re-identification of an individual.  HIPAA contains a "safe harbor" provision that states information is not subject to HIPAA restrictions on PHI if 18 different elements are removed. 

Is my research subject to HIPAA?

If the research involves review of person-identifiable medical records, or the study results in new information that is added to medical records (such a test of a new diagnostic or therapeutic agent or device), then it is using or creating PHI and is subject to HIPAA Privacy Rule provisions.  However, not all person-identifiable information acquired in a research setting is PHI.  For more information on this, see the University of California's HIPAA Task Force paper on the topic of when research data is and is not PHI.  When in doubt, contact the UCSD Office of IRB Administrationfor assistance. 

If my research is subject to HIPAA, what do I as a researcher have to do to comply?

Research projects that are subject to HIPAA will require the following:

a. A signed HIPAA authorization will be required for newly consented study participants starting April 14, 2003, or the project must have a Waiver of Authorization approved by the IRB.  Participants who signed consents prior to April 14, 2003 do not need to be reconsented. Although federal regulations allow the HIPAA language to be included in the consent, California law requires a separate "stand-alone" HIPAA authorization form, which is also available in a Spanish language version.
b.  Confidentiality of the information must be protected by physical security, access controls such as password-protected computer applications, and by the general principles of "minimum necessary" and "need to know".
c. When PHI created de novo in a research setting, such as by a clinical trial of a new treatment, is disclosed outside of the University of California, an audit trail log of what information was sent and to whom it was sent needs to be maintained, and an accounting of disclosures must be available to a research participant upon request, of disclosures that included their data. Note that this is not the case if medical records information is used for research pursuant to an authorization. The authorization essentially converts PHI into RHI as the information moves from the medical record into the research record, and subsequent use of the RHI is governed by the terms of the authorization, not by HIPAA. 

 

 

How does HIPAA affect language in Informed Consent documents?

For research studies that use or create PHI, HIPAA mandates that 7 additional elements be explained in a separately signed authorization for use of personal health information:

1.  Description of information to be used
2. Name of person(s) or class of persons (e.g., project staff) who will use the information
3. Name of persons or organizations to whom PHI information will be released (e.g., study staff, project sponsors and the central coordinating offices of multi-center trials)
4. Expiration date or event that ends authorization to use PHI (e.g., completion of the research) - OR - statement that authorization does not expire
5. Statement of right to revoke authorization (part of withdrawal from study procedures)
6. A statement that information may no longer be protected if information will be disclosed to other organizations
7. A statement that individual may inspect or copy the records (note: The researcher may stipulate records are not available until after study complete) 

What is a minimum data set?

A minimum data set is a partially de-identified dataset that has 8 elements removed rather than 18.  Because a minimum data set retains information that could be used to relatively easily re-identify an individual (such as medical record numbers and dates of hospital admissions), research involving use or disclosure of a minimum data set has to be accompanied by a Data Use Agreement specifying the researcher's agreement to use the data only for approved research purposes, and that the researcher will not attempt to re-identify individuals.  Although HIPAA does not require IRB review of research that uses HIPAA minimum data sets, at UCSD researchers should submit an application for Expedited Review to receive documentation of project approval for presentation to the Medical Records Department. 

Does the IRB need to review my project's HIPAA authorization?

As noted in the application instructions, item 11, a copy of the HIPAA authorization(s) that will be used on the study must be provided to the IRB. The IRB reviews the authorization to ensure information outlined as being collected in the Research Plan is appropriately requested on the authorization. Note that the authorization cannot be revised and is not stamped approved by the IRB because the authorization is a institutional document. 

Where can I get training on Research aspects of HIPAA?
HIPAA Research Privacy training is offered by the CITI Program and is now available to UCSD faculty and staff. This training will replace the legacy HIPAA training offered on OIA's old webpage which will be retired by August 2023. For additional information on available CITI training and instructions for accessing the training modules, please see the Office of Compliance and Privacy’s pulse page: Collaborative Institutional Training Initiative (CITI) Program

Where can I get more information on HIPAA and Research?
A good source is the HIPAA website maintained by the US Office of Civil Rights. If you are a faculty, staff or student of UCSD, you can also call or e-mail the UCSD Office of IRB Administration with your HIPAA-related questions.