STANDARD OPERATING Research Administration PROCEDURE
SOP No: Q016 SOP Title: Standard Review Assessment
Table 1
1
2
3
4
5
Is Children’s protected health information (PHI) being accessed, collected, stored, or transmitted (e.g. ePHI, PHI, HR, Financial, ePII, PII, etc.) outside of the covered entity (to external collaborators)?
Will the system, device, or interface connect to the Children’s Health internal network? If no, the system or device will need to connect the Guest/Business Guest networks.
Is technology (software, applications) being installed onto the Children’s Health environment?
Are non-Children’s systems/devices that produce Radio Frequency (RF) being provisioned within the Children’s environment? Examples of RF devices include: 1) wireless medical telemetry systems generally used to monitor a patient’s vital signs (e.g. pulse, and respiration) using radio frequency (RF) communication and 2) cellular/mobile phone to support health care delivery.
Are there any architectural changes or uses of an existing implementation or a previously reviewed request?
Yes
Yes
Yes
Yes
Yes
No
No
No
No
No
Standard Review assessment will be required if the responses to questions
1, 2 (internal network), 3, 4, or 5 is "Yes".
Standard Review assessment will not be required if the responses to 1, 2 (Guest or Business Guest), 3, 4, and 5 are “No”.
Devices that will be used to store, transmit, or collect identified data will need to be equipped with mobile device management technology (e.g., AirWatch, Zip) to ensure that the device is secure, and the data are adequately protected.
5. SPECIFIC PROCEDURE
For projects that qualify for SR determination, follow the steps as outlined in the QRG attached to this policy.
Version 5, 02-19-2021, 08-19-21, 05-31-22 Page 8 of 9