Sona Systems is in compliance with all major research regulations and guidelines worldwide. Participant data is safe and secure, guarded 24/7 at our data facility, and we take extra steps to protect universities across the globe. We have “Business Associate” contract provisions in our service agreements for universities needing to comply with HIPAA and HITECH. We also have no-show handling options that are in compliance with OHRP guidelines, and meet all EU data privacy guidelines, including certification under the EU-U.S. Privacy Shield Framework.
In addition to meeting compliance regulations, we provide full access control so researchers can only view sign ups for their own studies, and participants can never see information about other participants. To ensure studies cannot recruit participants past their approval date, we enforce IRB (ethics) approvals and expiration dates. We also supply electronic acknowledgements for human subject policies, privacy policies, SSL encryption, and anonymous ID codes for added privacy. And, for universities needing data to reside outside of the U.S., we provide alternative data facilities in Europe, Canada, and Asia so that data never resides on U.S. soil.
Participants using accessibility tools like screen readers can use our system with ease, and we can provide a VPAT certification upon request.
Like acronyms? We help customers comply with: Common Rule (45 CFR 46), HIPAA, HITECH, PIPEDA, Tri-Council Policy, EU Data Privacy, SSL, FERPA, Section 508, VPAT, EU-U.S. Privacy Shield, US-Swiss Safe Harbor, and ISAE3000/AT101 Type 2 with SOC 2 TSP 100 adaptation (formerly SAS 70).