Maintaining Neutrality and Objectivity: Outsourcing the IRB

dreamstime_xl_40028525Competitive organizations constantly seek ways to streamline costs and utilize resources effectively. For organizations involved in research, outsourcing the Institutional Review Board (IRB) to an external IRB can provide significant savings.

 

All IRBs must comply with Department of Health and Human Services and the Federal Drug Administration regulations in the review and approval of research. The federal regulations provide standards that define the structure and composition of the IRB and the policies and procedures to be followed.

 

The composition of the IRB requires a minimum of five members. The members must have the expertise and experience to conduct reviews and apply the federal regulations. The board should also have diversity of race, gender, culture and sensitivity. At least one member must be a non-scientist. Finally, if an IRB reviews research involving vulnerable categories of research, representatives knowledgeable with these populations should be included on the board.

 

Organizations with a limited number of studies to review face unique challenges. The composition of the IRB must be maintained as described above. Ongoing training of the board should be provided as part of best practice. The timeline of completion can also be a challenge. If an online system is not used, recordkeeping becomes more complicated with opportunities for errors and delays. Bringing together the board members for full reviews may not be easy if the reviewers have other obligations in the organization. Busy clinicians, educators, and evaluators may be unable to complete the reviews in a timely manner.

 

Outsourcing provides benefits for small and large organizations involved in research. A primary benefit is the removal of internal politics from the review. Another benefit is the elimination of unnecessary delays. Outsourcing can also assist with an accurate tracking and recordkeeping system of research studies reviews.

 

Solutions IRB, a private external IRB, uses a state-of-the-art online submission and tracking system. Solutions IRB completes exempt and expedited reviews within 24-48 hours of submission, and convened board reviews are completed within 72 hours of submission. Solutions IRB also provides a free pre-review for all studies to verify documentation is complete. Solutions IRB consists of highly experienced, well-trained reviewers who can provide an objective review of all studies submitted while complying with the required regulations, standards, policies and procedures.

 

If you would like more information on the benefits of outsourcing your IRB please contact us at info@solutionsirb.com.

 

Protecting Participant Data

Evaluators and researchers must take steps to protect data collected from participants/patients. Individually identifiable information may not always be collected, however, if it is, a plan for the protection of the data is needed. This is one way to demonstrate respect for our participants.

Evaluators and researchers often ask what does a plan for protecting the information include? Below are a few examples often used to protect data.

  • Assign study participant identification codes to instruments, questionnaires, surveys, etc. Keep a list of the identifiable information linking individuals to their codes in a separate location with restricted access. Only personnel with the appropriate training/education should have access to the data. This is usually the principle investigator/evaluator, coordinator, or research assistant.
  • An acceptable data security plan must provide that all electronic transmissions of PHI or PII over the internet (including by email), file transfers or other data transfer modalities, will be encrypted;
  • Remove cover or face sheets containing identifiers (e.g., names and addresses) from survey instruments containing data after receiving them from study participants;
  • At the end of the study or when you are no longer required to keep the data properly dispose, destroy, or delete study data / documents (simply deleting data from a computer or disk is not sufficient, additional steps must be taken to permanently remove it from the hard drive);
  • Securely store data documents within locked locations and/or assign security codes to computerized records;
  • If the data will be stored on a multi-user server the specific server name and IP address should be included with the protocol. Also, include who has access to the server and the security of the server;
  • No data containing PHI or PII may be stored in external organization storage, such as Google Docs, unless the organization has appropriate legal documentation approved in advance to do so.

What happens if despite all steps to protect the data, a breach occurs? Any loss of or breach of security relating to research data containing PHI or PII must be reported to the IRB as an Unanticipated Problem Involving Risks to Subjects or Others; and (2) also to the study Sponsor (if applicable).

Examples of security breaches include: (1) lost or stolen desktops, laptops, USB drives, CD/DVD/Zip drives, etc. with stored data; (2) a compromised account which is used to look up data (e.g., unauthorized user has had access to the account); (3) a compromised work station or server that contains data; and (4) accidental disclosure of data to unauthorized recipients (e.g., sending data to an incorrect email address).

Protection of study data must be followed at all stages of research, using the methods described above are examples of ways to guard against threats to both privacy and confidentiality. The information in this blog posting provides some examples, but each study is different. Solutions IRB is happy to consult with evaluators and researchers during the planning phase to develop an appropriate data protection plan.

Written by Dana Gonzales, PhD, MHSA, CIP for Solutions IRB, LLC.