[Sam Grabus]

Hello RDA/NISO Privacy Implications of Research Data Sets Interest Group chairs,
To re-introduce myself, I am Sam Grabus, a 2017-2018 Data Share fellow. Thanks again for supporting my proposed project, which focuses on facilitating data sharing through the development of best practices for IRBs regarding data sharing and rights management metadata.
I attended the RDA Data Share orientation up in Troy, and began digging into some background reading to inform next steps. As a reminder, this was my proposed timeline for the project (though this is now a 1-year fellowship):
Progress so far:
Two gain an understanding of what has already been discussed and researched, I did a review of the existing literature regarding data sharing and IRBs. Two articles in particular were directly relevant. The first article discussed the results of a survey from 60 institutions about the handling of biomedical research data. Ambiguous or inconsistent IRB policies and practices regarding data protection makes data sharing challenging. The article is specific to biomedical samples/data, but it remains relevant for any human subject research data, and calls for interoperable policies regarding the secondary use of data. The second article, which is even more relevant, surveys 208 IRB professionals about their positions related to the sharing of genetic data. The survey found that there are inconsistent beliefs about the risks and repercussions involved with the re-identification of research participants. The article calls for regulatory measures or best practices to maintain consistency and avoid duplication of effort. Their recommendation also calls for regional or national IRB consortia to establish best practices, and discusses the need for understanding of researcher data sharing needs.
This is where I fit in:
This last article called for a greater understanding of researcher data sharing needs, and what better place to find out that information than data sharing agreements? For my work with the NSF Northeast Big Data Innovation Hub’s data sharing spoke, I am collecting and parsing attributes from as many data sharing licenses as I can obtain to determine commonalities among these requirements. So my next steps are to collect IRB protocols and find out what exactly they specify about data sharing and rights management metadata (if anything).
Next Steps:
I’m thinking I should do a little more follow-up reading to inform my research design. I know time will go quickly, however, so I need to think about how I might obtain my sample of IRB protocols. Currently, my thought process is to contact IRB officers, but I would be interested in advice that you might have on that, or suggested approaches for the endeavor.
Thank you for your time despite my long-windedness, and I look forward to hearing back from you about any ideas you may have!
Best,
Sam Grabus
Research Assistant, Metadata Research Center
PhD Student
College of Computing & Informatics
Drexel University
3141 Chestnut Street
Philadelphia, PA 19104
Tel: 410.262.3365 | ***@***.***
http://www.pages.drexel.edu/~smg383/

Discussion

[George Alter]

Hi Sam,
I think that it might be helpful for you to consider the limitations of IRB
responsibility regarding data sharing.
IRBs are responsible for protecting human subjects, and the Common Rule
that created them (45 CFR 46) was not intended to promote data sharing.
Some of the recent revisions to the Common Rule were intended in part to
make it easier to share certain kinds of data, but IRBs are still not
responsible for encouraging researchers to share data.
IRBs do not have primary responsibility for the data use agreements (DUAs)
that govern sharing of confidential data. If information about human
subjects is involved, IRBs should approve the provisions in the DUA, but
IRBs do not have authority to sign such agreements. DUAs are legal
agreements, and they are negotiated and signed by university lawyers not by
IRBs.
On one side, most data created at a university belong to the university not
the PI. Any data created under a grant or contract belong to the
university because the university is the “grantee” not the PI. PIs are
considered stewards of any data they create, and university policies differ
in how much authority the PI has to dispose of the data. Consequently, any
data released under a DUA requires the explicit or implicit approval of the
university, which is only available from a designated university official
like a general counsel or research officer.
On the other side, most universities will not allow individuals to sign
DUAs to receive confidential research data, like genetic data. As Director
of ICPSR, I was involved in many negotiations with other universities over
DUAs. ICPSR DUAs are written to be signed by both a researcher and a
designated representative of the researcher’s university. It is not
uncommon for the university official to delete the signature of the
researcher from the DUA, so that only the university signs the agreement.
IRBs play a very minor role in approving DUAs for receiving confidential
data. In my opinion, IRBs should be responsible for assuring that
researchers manage confidential data in a responsible way, but IRBs are
often not interested at all in data created somewhere else.
If you really want to understand how confidential data are shared, you need
to look at the role of university lawyers, who play a much larger role in
the process than IRBs.
There are a couple sources that you may find useful:
1. Lisa Neidert has done a comparison of a number of DUAs used for social
science data:
http://www.psc.isr.umich.edu/dis/data/restricted/rdc/
2. The Databrary Project (https://nyu.databrary.org/) has created a very
interesting comprehensive approach to data sharing, in which they get
universities to agree to sign a standard agreement covering informed
consent, data sharing, and data use.
3. The National Academy of Sciences has done a series of reports about
sharing confidential data. The volume that responded to proposed changes
to the Common Rule has a lot of information about how the process actually
works in the social sciences. (National Research Council. 2014. Proposed
Revisions to the Common Rule for the Protection of Human Subjects in the
Behavioral and Social Sciences. Washington, DC: The National Academies
Press. doi:https://doi.org/10.17226/18614.) In the end, HHS did not adopt
most of the proposals that they considered.
4. The Cancer Biomedical Informatics Grid (caBIG) developed a tool for
writing data use agreements. caBIG ended a few years ago, and I could not
find the tool online. But you may find it somewhere.
George
—————————————————
George Alter
** Feb.-June. 2017 Visiting Fellow at Australia National University
Research Professor, ICPSR
Professor of History, University of Michigan
PO Box 1248, Ann Arbor, MI 48106-1248
Tel: 734-478-0783 Fax: 734-647-8200
Email: ***@***.***

[Author]

Replies