irb, human subjects and data security vipin awatramani staff training, mahabalipuram 2012

Download IRB, Human Subjects and Data Security Vipin Awatramani Staff Training, Mahabalipuram 2012

Post on 26-Dec-2015




0 download

Embed Size (px)


  • Slide 1
  • IRB, Human Subjects and Data Security Vipin Awatramani Staff Training, Mahabalipuram 2012
  • Slide 2
  • Presentation format Group Exercise (30 minutes) Quiz (15 minutes) Q&A (10 minutes) Presentation/ Lecture (40 minutes)
  • Slide 3
  • Agenda Presentation Ethics, IRB, PII, IRB applications Data security Data handling at various stages Quiz Three questions (Poll) Group Exercise Scenario Q&A Connecting to experts
  • Slide 4
  • Have you worked on ANY IRB documentation for your study? (created a new protocol, renewed or amended it?) A.Yes B.No
  • Slide 5
  • Have you completed a Human Subjects training certificate (via CITI or NIH)? A.Yes B.No
  • Slide 6
  • Have YOU, a new project staff interacting and handling data of human subjects, been added to your IRB protocols as a project member? A.Yes, I did it myself B.Yes, someone else did it C.No, not yet D.I dont know
  • Slide 7
  • Ethics in Research Studies involve human subjects Under U.S. Federal Policy for the Protection of Human Subjects, all studies involving human subjects must meet institutional guidelines of ethical research Approved by an accredited IRB (Institutional Review Board) Image Source:
  • Slide 8
  • What is IRB and what studies require these approvals? Institutional review board A group designated by an institution (such as a university or non-profit) to approve, monitor, and review research involving human subjects to assure appropriate steps are taken to protect the rights and welfare of those subjects. Studies that require IRB approval include: Studies interacting with human subjects Studies collecting data on individuals including personally identifying information
  • Slide 9
  • Why do you need IRB approval? Protection of human subjects Ensure ethical research design Field projects often collect personally identifiable information (PII) from respondents Non-compliance can jeopardize Funding Research progress Organizations reputation
  • Slide 10
  • What is PII? Personally identifiable information: Information that can be used to identify an individual or households with a reasonable level of confidence. Names, telephone numbers, email addresses, account numbers, photographs, Government identification numbers, GPS coordinates Smaller geographical subdivisions/units, elements of date related to an individual
  • Slide 11
  • Four Questions that you need to address 1.When do you need IRB approval? Renewal/updates? 2.How do you prepare IRB applications? 3.What about my field staff? 4.What about data security (storing, transmission)?
  • Slide 12
  • When do you think you need to update you IRB committee? A.Significant additions to survey, design Should get approval B.New PI/RA/expansion C.Grants awarded D.All
  • Slide 13
  • When do you need IRB approval? Renewal/updates? Before starting any field activity IRB Protocol Updates: Renew every year Submit modifications for: Significant additions to survey, design or field activities? Changes in security management Grants awarded New PI/RA/expansion All IRB applications should be submitted 1-2 months in advance.
  • Slide 14
  • How do you prepare for IRB application? Explain that risks to participants, if any, will be minimal Emphasize that no one in the study will be worse off Explain why the project is withholding the program from the control group Explain how participation in the study may leave to improvement in the subjects lives and any other benefits How security of the data will be maintained Names of all Key Study Personnel with access to data
  • Slide 15
  • How do you prepare for IRB application? Human Subjects training certifications of all Key Study Personnel (Citi/NIH) Questionnaires and Consent form English and translated into language of use Certification of translation Consent form as a separate document MOU or letter of support from partner organizations Additional requirements (No PII on Dropbox (even if its encrypted)
  • Slide 16
  • Know your IRB coordinators JPAL Global: Heather McCurdy IPA Global: Zahra Niazi JPAL SA: Vipin Awatramani CMF: Shahid Vaziralli(, Anup Roy ( Check with your field office for any local IRB requirements, you can get in touch with responsible person at the field office to get support for these applications
  • Slide 17
  • Where to go for more information? 1.Sharepoint! -> Resources --> Human Subjects
  • Slide 18
  • What about my field staff Train field staff on fair treatment of human subjects, importance of confidentiality and data security Ensure that sessions on these issues are well delivered (Experienced staff/trainers) Ensure that the training covers all aspects of data protection and ethical concerns Get Data Confidentiality Agreement signed by field staff. (Add it as an annexure in their contract)
  • Slide 19
  • What about data security? Data security is a key component of protecting personal data and related IRB approval Secure procedures ensures that private information of human subjects is being protected Required reading Data Security Protocol Approved IRB protocol (additional requirements) for the project, levels of data security Level 1Level 2Level 3Level 4 Not confidential PII: No material harm, embarrassment(confidentiality) PII: Embarrassment, harm reputation HRCI (High risk confidential data)
  • Slide 20
  • What about data security? HRCI Social security, credit/debit card, individual financial account, drivers license, ID (passport/state ID) Medical information including biometric information Risk of civil/social liability, moderate psychological harm Level 1Level 2Level 3Level 4 Not confidential PII: No material harm, embarrassment(confidentiality) PII: Embarrassment, harm reputation HRCI (High risk confidential data)
  • Slide 21
  • Five Principles of data security Obtain Confidentiality agreement Ensure physical security Store, transmit and use PII separately Encrypt all PII Secure Devices handling decrypted PII (password)
  • Slide 22
  • Research Associates on IRB Ensure all individuals handling PII have certifications Draft IRB application or renewals or IRB updates Ensure accurate implementation of IRB guidelines at field level Report any IRB breaches to your human subjects coordinator immediately
  • Slide 23
  • Data handling at various stages Before data collection (survey) During data collection (survey) After survey Environment for analysis Wrapping up field work Making data public
  • Slide 24
  • Before data collection (survey) Educate yourself and others IRB/data security protocol Train field staff Detailed plan on securely handling data Procedure if data security breach occurs Validate physical attributes Ensure Certifications Confidentiality Agreements Storing/handling data securely (metal cabinets) Designing survey instrument and data entry software Separable PII non PII
  • Slide 25
  • During data collection (survey) PII Other Sensitive information Risk Ensure that you have a field for the Unique ID Code on every page of the survey packet. Paper surveys received from surveyors should be physically separated These two sections should be stored and transported separately
  • Slide 26
  • After survey: Paper surveys and data entry Designate a safe and secure place for survey storage Surveys should not be left out in the open for extended periods Ensure that data entry operators have signed a Confidentiality Agreement Set up secure data entry system Internet-disabled computers with back-up Remove non-essential programs/software from computer Install an antivirus and analyze each computer Set up user accounts and intranet Continually back up data Data transfers: USB or SFTP (no email)
  • Slide 27
  • After survey: Transmission and sharing Transfer data to password protected computer as an encrypted file Confirm that data entry operators have removed the data from their computers (if applicable)
  • Slide 28
  • Environment for analysis Maintain two separate datasets: first which contains PII and the unique id code and a second which contains the unique id code and the rest of the data (make sure both contain the respondent id code) Keep the dataset containing personally identifiable information encrypted
  • Slide 29
  • Wrapping up field work Once data analysis is finished, hardcopies of surveys need to be destroyed in a secure manner (e.g., shredded) within 3-5 years of completion of the study Once all data is received for cleaning and analysis and secure back-up of the files has been confirmed, completely delete the file from any field computers (make sure all data has been transmitted from the field before deleting files)
  • Slide 30
  • Making data public Multiple team members need to review the dataset before it is released publicly, preferably ones who are familiar with the survey instruments and data collection The potential negative repercussions of making on mistake and releasing PII on a public database can be huge (imagine leaving a social security number in a public medical procedures database) Always get PI approval be