Download presentation
Presentation is loading. Please wait.
Published byRoy Gallagher Modified over 9 years ago
1
Data Repositories - Anticipated Policy VHA Handbook 1200.12 Research Accountability Meeting Dr. Joan P. Porter Office of Research Oversight ORO Human Subject Protection Research Misconduct Laboratory Animal Welfare Research Laboratory Safety/Security
2
DRAFT VHA Handbook 1200.12 “Use of Data and Data Repositories in VHA Research”
3
What will this new handbook cover? The Handbook is intended to define VHA policy on research use of data and data repositories. It addresses both the use of clinical and administrative data repositories for research as well as development and use of data repositories solely for research purposes.Examples: Austin and NSQIP are not research data bases, per se, but contain information that provides powerful research resources. Austin and NSQIP are not research data bases, per se, but contain information that provides powerful research resources. HSR&D databases in Centers of Excellence are research data bases, for example. Some investigators have established large research databases. HSR&D databases in Centers of Excellence are research data bases, for example. Some investigators have established large research databases.
4
What is a Research Data Repository? This term means: 1. a data repository created in advance from data assembled to conduct future research protocols (a bank or sorts), e.g. the Maveric database, or 2. data gathered in the course of conducting a research protocol that is maintained after completion of the research protocol and turned into a bank for future use. A research data repository is developed by researchers and used by researchers. This term means: 1. a data repository created in advance from data assembled to conduct future research protocols (a bank or sorts), e.g. the Maveric database, or 2. data gathered in the course of conducting a research protocol that is maintained after completion of the research protocol and turned into a bank for future use. A research data repository is developed by researchers and used by researchers. The “protocol” may be for an individual research project or a “protocol” for creating and maintaining a repository for research. The “protocol” may be for an individual research project or a “protocol” for creating and maintaining a repository for research.
5
Scope of Draft Database Handbook Applies to all VA -approved research activities involving the use of data and data repositories Applies to all VA -approved research activities involving the use of data and data repositories –Conducted in VA or space VA leases for its use –By VA investigators while on duty –Utilizing VA resources VA investigators VA investigators –Compensated –WOC –IPA Contractors: similar requirements will be in contract/ SOW Contractors: similar requirements will be in contract/ SOW
6
Non-VA Investigators Remember: you can give data to non- VA investigators only under limited circumstances (Remember — Joe Francis’ and Stephania Putt’s remarks [see VHA Handbook 1605.1]) Remember: you can give data to non- VA investigators only under limited circumstances (Remember — Joe Francis’ and Stephania Putt’s remarks [see VHA Handbook 1605.1])
7
Sources of Data Internal sources Internal sources –Austin Automation Service –PBM –VistAWeb –Other administrative and clinical databases (e.g., NSQIP) –Research databases External sources External sources Research subjects Research subjects
8
Some Key Definitions: Human Subject — Human Subject — –A living individual about whom an investigator conduction research 1) obtains data through intervention or interaction with the individual, or 2) obtains identifiable private information. Individually-Identified Information — Individually-Identified Information — –When the investigator can link data to a specific person directly or through codes (38 CFR 16.102 – Common Rule); use of anyone of the 18 HIPAA identifiers (e.g. last 4 digits of SSN, scrambled SSN, initials, date of birth, date of admission... )
9
De-identified Data — must meet both the following definitions: HIPAA definition of de-identified HIPAA definition of de-identified –Removal of all 18 identifiers that could be used to identity the individual, individual’s relatives, employers, or household members Common Rule “definition” Common Rule “definition” –Removal of all information that could identify the individual or could be used to readily ascertain the identity of the individual (Remember HIPAA is only about health data, the Common Rule applies any identifiable data.)
10
Definition: Coded Data Information for which the source person can be identified through intermediate links (“coded”) used alone or in combination with other information
11
VHA Draft Handbook also addresses the Use of Data Preparatory to Research
12
Preparatory to Research Access only to prepare protocol prior to submission to IRB and R&D Committee Access only to prepare protocol prior to submission to IRB and R&D Committee Can record aggregate data for background, to justify the research, or show adequate number of subjects available, etc. Can record aggregate data for background, to justify the research, or show adequate number of subjects available, etc. Cannot: Cannot: –Record identifiers –Use information reviewed for recruitment or to conduct pilot studies continued...
13
PI must make representation per HIPAA PI must make representation per HIPAA –Access only to prepare protocol –No PHI removed from covered entity –Access is necessary for research Documentation of representation placed in PI ’s files Documentation of representation placed in PI ’s files (continued from previous page) Preparatory to Research (continued from previous page)
14
Key Points for Use of Data for Research Purposes Minimum necessary data Minimum necessary data Approved use ( IRBs and R&D Committees) Approved use ( IRBs and R&D Committees) Required approvals: The Principal Investigator and each co-investigators (regardless of site) must obtain approvals of: Required approvals: The Principal Investigator and each co-investigators (regardless of site) must obtain approvals of: –IRB(s) – unless not human subjects or unless exempt –R&D Committee(s) –Others – union; Privacy Offices, ISOs, administrator of database
15
Responsibilities of VA Facilities Releasing Identifiable or De-identified Information from Their Records to Other VA Sites for Research Purposes A DUA/DTA must be implemented between the releasing facility and the receiving VA facility and investigator. A DUA/DTA must be implemented between the releasing facility and the receiving VA facility and investigator.
16
Data Use Agreement/ Data Transfer Agreement ( DUA/DTA ) A written agreement that defines: A written agreement that defines: –What data may be used –How it will be used, stored, and secured –Who may access it –To whom it may be disclosed –Disposition of data after termination of research –Required actions if lost or stolen –IRB and R&D Committee approvals from each site –Documentation of the IRB’s waiver of informed consent and waiver of HIPAA authorization (if no consent or HIPAA authorization is to be obtained)
17
Who Signs the DUA/DTA? Receiving principal investigator Receiving principal investigator ACOS/R of receiving institution ACOS/R of receiving institution ACOS/R of releasing institution (if a research database) ACOS/R of releasing institution (if a research database) Database owner Database owner ISO and Privacy Officer of releasing facility at discretion of releasing facility ISO and Privacy Officer of releasing facility at discretion of releasing facility
18
Responsibilities of the Non-Research Data Repositories (Like NSQIP) Must develop policies and procedures to respond to requests for data: Must develop policies and procedures to respond to requests for data: –Method of obtaining complete documentation from the investigator(s) –Address submission of all publications from use of data –Address Privacy Officer and ISO written approval of release of data –Address reports of serious adverse events and unanticipated problems –Release of any data beyond minimal necessary for the protocol –Devise policies and procedures for data preparatory to research
19
Special Responsibilities for Administration of Research Data Repositories The repository must have an administrative structure and include a VA investigator responsible for all activities of the repository. The repository must have an administrative structure and include a VA investigator responsible for all activities of the repository. Oversight responsibilities of administrator of a research data repository Oversight responsibilities of administrator of a research data repository –Develop policies and procedures for releasing data when all necessary information received –Review access requests –Maintain privacy and security continued...
20
continued from previous page Oversight Responsibilities of Administrator of a Research Data Repository continued from previous page –The research repository that is large and frequently used should have an advisory committee(s) to provide scientific and ethical advice (e.g., experts in epidemiology, statistics, ethics, law, subject matter may help in policy development and review of requests). –Must have stable administrative oversight –Must have an IRB-of-record to oversee the “repository protocol” for managing the research repository –Must have R&D Committee approval –Must be physically located with space owned or leased by VA in a secure space continued...
21
– –Good record keeping! Sources of data Sources of data Retention requirements Retention requirements Terms and conditions of use Terms and conditions of use Consent of subjects’ whose data are in repository Consent of subjects’ whose data are in repository Release of data – when, what, to whom, how? Release of data – when, what, to whom, how? New use of data requests New use of data requests Communications Communications IRB and R&D committee repository deliberations IRB and R&D committee repository deliberations Minutes Minutes And so on... And so on... – –Standard Operating Procedures to cover all of these areas continued from previous page Oversight Responsibilities of Administrator of a Research Data Repository continued from previous page
22
Research Data Repository SOPs Administrative structure Administrative structure Conflict of Interest Conflict of Interest Adding data to repository Adding data to repository Accessing data Accessing data Record keeping requirements Record keeping requirements Privacy and confidentiality Privacy and confidentiality Storage and security Storage and security Termination of repository Termination of repository
23
Oversight of a Repository Annual reporting to the IRB (repository treated as a research protocol) and R&D Committee Annual reporting to the IRB (repository treated as a research protocol) and R&D Committee Report information Report information –Source of data being added –Type of data released to others including the protocol for reuse that contains information on: Confidentiality Storage and security of data Disposition of data at end of study –Any unanticipated problems regarding risk to subjects, institutions, etc. –Any incidents of inadvertent disclosure, loss, or theft of data
24
Responsibilities of the Investigators The Investigator must provide: The Investigator must provide: –IRB’s approval if human subjects research –R&D Committee’s approval –HIPAA authorizations or waiver or authorizations if human subjects research –Research Informed Consent or waiver if human subjects research –Summary of protocol or full protocols indicating Why? What databases? What is the justification for use of identifiers (e.g., SSNs)? Where stored? Who will have access? What is the physical and e- security? What is the disposition of data? Is training up-to-date? What are the roles of Privacy Officers and ISOs in the review? How will reuse of data be handled? What are the amendment approval requirements? What are the adverse events and unanticipated problems reporting requirements? continued...
25
(continued from previous page) Investigator’s Responsibilities (continued from previous page) Protocol contains all required information Protocol contains all required information Ensure data storage and security meets all VA requirements Ensure data storage and security meets all VA requirements Data use consistent with protocol Data use consistent with protocol No re-disclosure of data No re-disclosure of data When leaving VA data and all copies left at VA When leaving VA data and all copies left at VA
26
Database Research protocols — PIs must take care in their preparation. Protocols must contain information on: Protocols must contain information on: – –Source of data & type of data (identified, de-identified) – –Consent under which it was/will be collected – –How the data will be used – –Planned use of & justification for use of real SSNs – –Justification for waiver of authorization and/or consent
27
Research Consent — PIs must take care in preparation of informed consent documents and HIPAA authorizations. If data were/are to be collected directly from subjects: If data were/are to be collected directly from subjects: –Consent clearly states: Use of data Use of data If reuse is allowed If reuse is allowed Who will have access to data (VA investigators, non-VA investigators, drug companies, etc. Who will have access to data (VA investigators, non-VA investigators, drug companies, etc. Where it will be stored (VA, non-VA) Where it will be stored (VA, non-VA) How it will be secured How it will be secured Disposition of data after study Disposition of data after study Certificate of Confidentiality Certificate of Confidentiality –HIPAA authorization meets all requirements in VHA Handbook 1605.1 (more than HIPAA)
28
This need not be a rough road.
29
IRB and R&D Committee Must carefully review discussion of: Must carefully review discussion of: –Privacy –Flow of data –Security –Plans for re-use or placement in repository
30
Approvals for Individual Studies Using Data From a Repository Who is responsible? Who is responsible? –The investigator’s facility’s IRB and R&D Committee Who is NOT responsible? Who is NOT responsible? –The IRB and R&D Committee for the facility that houses the repository –The IRB and R&D Committee for the facility from which the data came
31
Your questions will probably be just the tip of the iceberg.
32
Questions? Issues?
33
For Additional Information Contact Dr. Brenda Cuccherini Special Advisor for Policy and Emerging IssuesBrenda.Cuccherini@va.gov 810 Vermont Avenue, NW, Suite 574 (10R) Washington, DC 20420 Phone: (202) 254-0277 Fax: (202) 254-0460
34
Dr. Joan P. Porter Deputy Chief Officer Office of Research Oversighthttp://www.1.va.gov/oro 810 Vermont Avenue, NW, Suite 574 (10R) Washington, DC 20420 Phone: (202) 565-7191 Fax: (202) 565-9194
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.