Will our IRB accept Ripple?

IRBs vary in how they interpret the applicable regulations regarding the maintenance and storage of participant personal identifiable information. So we encourage you to contact your IRB to discuss your potential use of Ripple.

Ripple is significantly more secure than the method used by most investigators to keep participant information (excel, SPSS, Access, local servers) and thus IRB should approve the use of Ripple. Our security features meet or exceed most HIPAA guidelines and some of our plans are fully HIPAA compliant. Furthermore, IRBs have usually accepted the use of web-base utilities as long as they comply with enterprise-level security standards, which is the case for Ripple. For example, IRBs usually approve the use of web-based data and clinical trials management systems (e.g., RedCap), web-base patient registries (e.g., SONA), and web-base data capturing systems (e.g., Qualtrics, SurveyMonkey). Therefore, we do not anticipate that you will have any difficulties securing IRB approval for the use of Ripple. A suggested template for your IRB application can be found here.

Our security features include:

  • 2048-bit next generation data encryption during transfer (between your computer and the database server).
  • Full database encryption (i.e., encryption at rest).
  • Logical segmentation of customer data with separate dedicated databases (no access or sharing of data between customers)
  • Separate database and application servers.
  • Automatic user logoff.
  • Custom access permission (keep participant information from lab users who do not need access to participant data).
  • Daily database backup.
  • Dedicated Firewall.
  • Strong password required for all users.
  • Backend 24/7 monitoring of suspicious activities.
  • Access to audit logs and easy view of all data alterations (know who view,  added, deleted, or altered your data).
  • Certified database centers (your data is stored in data centers that have been certified as compliant with SSAE16 SOC2 guidelines).
  • Administrative safeguards.
  • Business Associate Agreements for HIPAA-compliant plans.
  • For HIPAA-Compliant plans, we utilize fully audited datacenters that are HITRUST certified and exceed HIPAA guidelines.

Please let us know if we can provide you with any additional information that would help in your discussion with the IRB.