Human Subject Protection
Researchers must obtain approval from the Institutional Review Board (IRB) to ensure adequate measures are taken to protect participants.
Note: SMS conversations (two-way texting) are not considered a secure form of communication. Researchers must not administer surveys or collect personally identifiable information (PII) or protected health information (PHI) through SMS conversations unless specifically approved by the IRB.
Cybersecurity
The Information Security Office (ISO) has conducted a Security Planning Assessment (SPA) of Mosio. When used in conformance with Yale policies, Mosio meets HIPAA security requirements for high-risk data, including Protected Health Information (PHI).
Business Associate Agreement
Yale University has a Business Associate Agreement (BAA) with Mosio for HIPAA compliance.