Research Involving

• Investigational Devices
• Mobile Medical Applications
• Significant Versus Non-Significant Devices
• ChatGPT/ Large Language Models (LLM)/ Artificial Intelligence (AI)

Data Sharing

Data Security Risk Assessment and Data Transfer Agreement

A Data Security Risk Assessment by UCSF IT Security & Policy AND Data Transfer Agreement by the Office of Sponsored Research (OSR -- Industry Contracts Division) must be completed if your study involves: the collection, transmission, or storage of information when that data will be shared with or be accessible to any non-UCSF entity (e.g., pharmaceutical companies, UCSF Affiliated Institutions) or individual. This includes the use of third-party or vendor-hosted applications. UCSF or department-hosted applications may also need to be assessed in accordance with UCOP Policy IS-3 Electronic Information Security, particularly if they are new applications or have never been reviewed by UCSF IT Security & Policy.

• Third-party or vendor-hosted applications include cloud-hosted applications and applications hosted by collaborating institutions
• UCSF or department-hosted applications include any application managed by UCSF or developed by the department

These requirements apply for both identifiable and de-identified data for funded and unfunded research. Questions about these policies must be directed to UCSF IT and OSR, not to the IRB. 

• To determine if a Data Security Risk Assessment is required, contact the intake team at [email protected]. More information about the assessment process is available at https://it.ucsf.edu/service/it-security-risk-assessment
• For information about Data Sharing Reviews: Visit https://data.ucsf.edu/data-sharing or email [email protected]
• For information about establishing contracts for data sharing engagements: Visit https://icd.ucsf.edu/material-transfer-and-data-agreements or email [email protected]

Versa

UCSF Versa – a UCSF IT-supported Artificial Intelligence (AI) ecosystem that connects AI tools with UCSF data and systems. 

For initial applications:

• If the investigator expects to analyze data on the Versa platform, we’d like to know, but just so we have an idea of how widespread the use is. 
• Not applicable to new aims

Already Approved Protocols Now Using Versa Platform:

• There is no need to submit a modification if the study is approved to collect and analyze Electronic Health Record (EHR) or Personally Identifiable 

Resources

• FDA
  • Sponsor Responsibilities - Safety Reporting Requirements and Safety Assessment for IND and Bioavailability/Bioequivalence Studies
• UCSF
  • Eureka Research Platform - UCSF's Resource for Online, Mobile, and Hybrid Studies