APPENDIX A
Study Activities
As contracted with the sponsors, the Agency for Healthcare Research and Quality and the Office of the Assistant Secretary for Planning and Evaluation, the Institute of Medicine created a 12-person committee that was charged with identifying best practices of institutional review boards and private organizations in the protection of privacy and maintenance of confidentiality in health services research. The committee included members with expertise in medical ethics, health services research, epidemiological research, clinical research, IRB function, health and privacy law, statistics, computer science, and health data-base administration. The committee met by telephone conference call in January 2000 and held a workshop in March 2000 (agenda follows). The workshop, which was open to the public, included presentations from IRB administrators and chairs, research foundations, and health care services companies (see Appendix B). The workshop also featured presentations of the drafts of two commissioned papers (see Appendix C and Appendix D). In addition to the workshop, the committee posted an invitation on a list serve and on the National Academies' website to IRBs to contribute information (invitation follows workshop agenda).
WORKSHOP ON INSTITUTIONAL REVIEW BOARDS
Institute of Medicine
Cecil and Ida Green Building,
Rooms GR-130 and GR-110
2001 Wisconsin Avenue, N.W.
March 13–14, 2000
Monday, March 13, 2000 |
|
8:30 a.m. |
Call to Order, Welcome by Chair Bernard Lo, M.D. Charge to Committee, Introductions, Procedures, and Greetings from Sponsors |
9:15 |
OPRR overview Thomas Puglisi, Ph.D. |
9:30 |
IRB Administrators Art Anderson, M.D., Fort Detrick, U.S. Army Angie Khan, University of Texas Health Science Center, San Antonio |
10:00 |
Discussion |
10:30 |
Break |
10:45 |
IRB Chairs/or Members James Kahn, M.D., University of California at San Francisco Robert Amdur, M.D., University of Florida Steve Garfinkel, Ph.D., Research Triangle Institute Tora Bikson, Ph.D., RAND Corporation |
11:45 |
Discussion |
12:30 p.m. |
Lunch |
1:30 |
Private/or Independent IRB Angela Bowen, M.D., Western Institutional Review Board |
1:45 |
Discussion |
2:00 |
Pharmaceutical Company Harry Guess, Ph.D., Merck |
2:15 |
Discussion |
2:30 |
Health Services Companies Fred Teitelbaum, Ph.D., and Jennifer Low, Esq., Express Scripts Brent James, M.D., and Morris Linton, J.D., Intermountain Health Care Andrew Nelson, HealthPartners |
3:15 |
Discussion |
3:30 |
BREAK |
3:45 |
Comparing Privacy Standards Internationally Bartha Knoppers, J.D. |
4:15 |
Discussion |
5:30 |
Adjourn |
Tuesday, March 14 (GR 110) |
|
8:30 a.m. |
Call to Order, welcome by Chair, Brief Introductions of Committee |
9:00 |
Technical Update Lawrence Dietz, Esq., Axent Technologies |
9:15 |
Discussion |
9:30 |
Special Considerations Regarding Data on Minors Ross Thompson, Ph.D. |
10:00 |
Discussion |
10:15 |
Break |
10:30 |
Special Considerations of Privacy in Heavily Studied Minority Populations William Freeman, M.D. |
10:45 |
Discussion |
11:00 |
General Discussion |
12:00 noon |
Adjourn Open Session |
INVITATION TO IRBS TO PROVIDE INFORMATION ON PRACTICES OF REVIEWING HEALTH SERVICES RESEARCH*
The Institute of Medicine (IOM) is conducting a project on the role of IRBs in the protection of data privacy in health services research. As part of that project, we are requesting general information from practitioners in the field with respect to the issues identified below. We expect that this information request will be of interest to those who currently chair, serve on, or administer an IRB, and whose committee at least occasionally receives protocols for research that depend on secondary data mining or linkage, in health services research or similar secondary analyses of health-related data.
By “health services research” we mean studies primarily using already-collected data to examine the impact of organization, financing, and management of health care services on access to, or the delivery, cost, outcomes, or quality of, services. Secondarily, we would include studies of already collected data that associate data sets to examine the outcomes of interventions, where similar privacy issues may arise.
Under the Statement of Task for this project, the IOM will gather information on current practices and principles, and if possible, recommend a set of best practices, for use by IRBs in safeguarding data privacy in health services research. The IOM has appointed a committee and has scheduled a workshop intended to supply information to the committee with respect to these issues.
Interested persons are invited to provide information regarding the practices of IRBs in protecting data privacy in health services research. This is not intended as a comprehensive survey, and we are not testing any specific hypothesis. Please feel free to elaborate on some or all of the issues identified below.
Unless you indicate otherwise on your response, your name and contact information will be made available only to IOM staff, and will not be presented to the study committee. The substance of your response (without your name and contact information) will be provided to the IOM study committee (with your response identified only by general category such as hospital, university, etc.) and will be included in a public access file created by the IOM and made available to the public upon request. By submitting a response, you give permission to the IOM to quote or use all or part of your submission (without specific identification of you) in our final report or other works of the institution, which may be posted on the world wide web or translated into other languages.
If you would like to provide information, please send it to the contact points below. Please also feel free, as always, to contact the Responsible IOM Staff Officer listed below if you wish to discuss any aspect of the project.
* |
Posted on MCWIRB list serve and National Academies Current Projects System website. |
Discussion Issues
-
Policy or practices, if any, for identifying specific studies as health services research.
-
Procedures, if any, for determining which health services research studies are exempt from IRB review.
-
Procedures, if any, to determine whether and which information is identifiable when assessing risk of disclosure in an health services research protocol.
-
Procedures, if any, for weighing the importance of the research relative to the risk (of disclosure) to those whose data are used.
-
Procedures, if any, in place for merging different datasets, and in that context, for assuring that identifiable health information is protected
-
Procedures, if any, used for reviewing protocols to assure that identifiable health information is being protected while the study is actually underway.
-
Procedures, if any, to review protocols for the protection of data after a study is completed.
-
Procedures, if any, for auditing or oversight to make sure protections and procedures are used and enforced.
-
Provisions, procedures and/or principles that should be more widely adopted by IRBs in safeguarding data privacy in health services research.
Thank you.
Lee L. Zwanziger, Ph.D.
Senior Program Officer
Institute of Medicine