Skip to main content

Institutional Review Boards and Health Services Research Data Privacy A Workshop Summary (2000) / Chapter Skim
Currently Skimming:

2 Workshop Summary
Pages 12-36

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.


From page 12...
... . The committee was charged with collecting information on the current practices of institutional review boards for protecting data privacy in health services research, gathering information on the practices of organizations that are not required to consult IRBs but still carry out HSR activities where data privacy and confidentiality are of concern, and to the extent possible, identifying and recommending the best practices for wider adoption.
Read the entire page →
From page 13...
... In the discussion immediately following the presentations, committee members highlighted their concerns about focusing on the protection of privacy in the context of research while ignoring very similar activities using databases that contain personal health information when undertaken for business or administrative purposes. The sponsors' representatives replied that the Common Rule applies only to the oversight of research, not to these other activities.
Read the entire page →
From page 14...
... Second, is the project exempt from IRB review? Third, may individual informed consent be waived?
Read the entire page →
From page 15...
... 1 1 No 1 Will identifiable private data or information be obtained for this research in a form associable* with the individual?
Read the entire page →
From page 16...
... For a project that is research involving human subjects and is not eligible for exemption as above, the IRB must ensure that the subjects have given free and informed consent to participate, unless the informed consent requirement can be waived. The requirement for informed consent may be waived by the IRB under some conditions including that the research involves no more than minimal risk and the research could not otherwise be practicably earned out (where "not practicable" is not specifically defined but means a general zone between merely inconvenient and truly impossible)
Read the entire page →
From page 17...
... Procedures, if any, for auditing or oversight to make sure protections and procedures : presumed and enforced ~ : ~ ~ ~ :~ i: ~ : : 9. Provisions, :procedures, and/or principles that should be more widely adopted by fRBs in safeguarding data privacy in health:services research : : SOURCE: I:OM 2000 Appendix A
Read the entire page →
From page 18...
... to include a ban on waiving informed consent when data collected will include identifying information, unless the research is exempt. Finally, he said that the military criteria for exemption are substantively the same as the civilian criteria as codified in the common rule.
Read the entire page →
From page 19...
... Ms. Khan explained that the UTHSCSA IRB requires information at the time of the applicat~on detailing how the protocol will protect confidentiality.
Read the entire page →
From page 20...
... First, in multisite projects, personally identifiable health information generally ought not to be shared beyond the local investigators. Second, she suggested that studies involving collection of data through telephone interviews, which are frequently used to collect information about services rendered (though not the focus of this workshop)
Read the entire page →
From page 21...
... Amdur argued that current federal regulations are applicable and appropriate for evaluating health services research. Current regulations already allow waiving of informed consent when risk would be minimal and the project could not reasonably be carried out if informed consent were required.
Read the entire page →
From page 22...
... Amdur commented that for IRBs that are operating according to the Common Rule, the fundamental risk assessment approach is not a new task and the regulatory structure is already, for the most part, in place. He continued that reviewing HSR protocols, in particular the evaluation of risks associated with possible invasions of privacy or breaches of confidentiality, does not make the risk assessment task any different.
Read the entire page →
From page 23...
... Various parts of RAND, including the health research program, but also for example, the education program and the criminal justice program, carry out HSR studies but they are reviewed by the same IRB. As noted above, RAND requires all its research involving human subjects to be in accord with the common rule and to be reviewed by its IRB.
Read the entire page →
From page 24...
... Tora Bikson at the Workshop on Institutional Review Boards and Health Services Research Data Privacy. IRB review if it will use only anonymous or public use datasets or de-identified data sets if neither RAND nor any another party on the contract has access to the identifiers.
Read the entire page →
From page 25...
... He reported that in RTI's experience, informing respondents that their data will be included in a public use file, even though not in identifiable form, will needlessly lower the response rate. He observed that the scientific benefit of a study could be seriously impaired by unnecessarily alarming individuals about their privacy in the consent form.
Read the entire page →
From page 26...
... For many, the bulk of their business involves clinical trials, but some also review health services research. Some nonaffiliated lRBs regard their niche as providing consultative services primarily to relatively small institutions that do not have MPAs and therefore might find the support of an inhouse TRB review to be difficult.
Read the entire page →
From page 27...
... . Several health services researchers pointed out that since it is not uncommon for HSR protocols to utilize databases containing on the order of hundreds of thousands or even millions of records, it would be difficult to design a workable individual informed consent associated with a particular research protocol.
Read the entire page →
From page 28...
... Enforcement of Procedures to Protect Confidentialtity The situation of records research at Merck was of particular interest at the workshop because of the affiliation of Merck with Medco, a pharmacy benefit management company. in the discussion after the presentation, participants inquired about the degree of separation between the Merck research databases and the Medco administrative and pharmacy usage databases.
Read the entire page →
From page 29...
... Brent James at the Workshop on Institutional Review Boards and Health Services Research Data Privacy. sign.
Read the entire page →
From page 30...
... Express Scripts is a pharmacy benefit management (PBM) company, serving various types of clients including insurers, unions, health care organizations, and employers—any type of organization, in short, that wishes to contract for a pharmacy benefit.
Read the entire page →
From page 31...
... Mr. Nelson also noted that many of these HMO-based research organizations follow the Common Rule whether the funding source would require it or not.
Read the entire page →
From page 32...
... SPECIAL CONSIDERATIONS OF DATA PRIVACY AND MINORITY GROUPS Dr. William Freeman, IRB chair at the Indian Health Service, highlighted some issues of particular importance in research involving minority populations.
Read the entire page →
From page 33...
... The development and market penetration of smart cards and other portable platforms for utilizing databases via PK] seems to be much further advanced in Europe than in the United States, although unresolved questions about cross-border privacy protection remain.
Read the entire page →
From page 34...
... . The contract describing the TOM's project included an agreement that the committee would consider measures for protecting personally identifiable health information that pertains to children if any different conditions should be deemed desirable, and, in particular, would consider the desirability of requiring projects involving children always to undergo full IRB review.
Read the entire page →
From page 35...
... INTERNATIONAL COMPARISONS OF DATA PRIVACY STANDARDS9 Questions and issues of protecting privacy and personally identifiable health information have arisen in nation states around the world and in regard to the transfer of data across international borders. The contract describing the TOM's project included an agreement that the committee would compare the privacy protections contained in international conventions for personally identifiable health information used in research with the principles and best practices developed in this study.
Read the entire page →
From page 36...
... France has recently undergone two important developments pertaining to the protection of the privacy of health information in its legal system. The first was a statute regulating the use of data for research, that provided significant new oversight mechanisms, and second was a decree regarding the use of data in the process of reimbursement.
Read the entire page →

Key Terms

  • services research
  • informed consent
  • health information
  • common rule
  • irb review

  • data privacy
  • identifiable health
  • consent form
  • care operations
  • personal health

  • research involving
  • uthscsa irb
  • involving human
  • common law
  • institutional review

  • intermountain health
  • privacy protection
  • hsr studies
  • medical records
  • review boards

  • pharmacy benefit
  • irb requires
  • irb chair
  • services researchers
  • care organizations

  • personally identifiable
  • proposed rule
  • benefit management
  • nation states
  • protected health


    • This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
    More information on Chapter Skim is available.