Here is a suggested template to use on IRB applications:
Participant personal information will be kept in Ripple™, a secure web application designed for the storing and management of personally identifying information of research participants. Ripple was initially developed at the University of Michigan to provide a user-friendly, web-based secure interface where research teams can centralize the storage and management of research participants’ personal information, including name, participant ID, demographics, and study workflow (e.g., appointments). Participant information managed with ripple is private and secure. This information is kept in fully encrypted format inside dedicated databases that are segregated from other Ripple accounts and thus only authorized study staff will have access to the study data. Likewise, Ripple infrastructure complies with the privacy and security guidelines of the Health Insurance Portability and Accountability Act (HIPAA), including 2048-bit data encryption in transit and at rest, automatic logoff, audit trail, daily backups in triplicate dedicated servers, firewall, custom access permission for lab members, zxcvbn password strength estimation, and enterprise administrative safeguards to prevent unauthorized staff from accessing participant information. Furthermore, Ripple is used only for storing personally identifiable information of participants and is not used to capture other research data (e.g., questionnaires, health records, etc.). This ensures that the personally identifiable information and research data are segregated.