Data Ownership and Security (RCR Week-3 Lecture) - PowerPoint PPT Presentation

1 / 31
About This Presentation
Title:

Data Ownership and Security (RCR Week-3 Lecture)

Description:

Data Ownership and Security (RCR Week-3 Lecture) Delia Y. Wolf, MD, JD, MSCI Associate Dean, Regulatory Affairs & Research Compliance Harvard School of Public Health – PowerPoint PPT presentation

Number of Views:198
Avg rating:3.0/5.0
Slides: 32
Provided by: Deli57
Category:

less

Transcript and Presenter's Notes

Title: Data Ownership and Security (RCR Week-3 Lecture)


1
Data Ownership and Security(RCR Week-3 Lecture)
  • Delia Y. Wolf, MD, JD, MSCI
  • Associate Dean,
  • Regulatory Affairs Research Compliance
  • Harvard School of Public Health
  • Email dywolf_at_hsph.harvard.edu
  • February 14, 2014

2
Case 1
  • For his dissertation project in psychology,
    Antonio is studying new approaches to strengthen
    memory. He can apply these techniques to create
    interactive Web-based instructional modules. He
    plans to test these modules with students in a
    general psychology course, for which he is a
    teaching assistant. He expects that student
    volunteers who use the modules will subsequently
    perform better on examinations than other
    students. He hopes to publish the results in a
    conference proceeding on research in learning,
    because he plans to apply for an academic
    position after he completes the doctorate.
  • Should Antonio seek IRB approval for his project?
    (Hint what are the two questions you would ask
    in order to determine whether IRB approval is
    necessary?)
  • If the answer to question 1 is yes, what type of
    IRB review would be appropriate?
  • Can this protocol be exempted? Why or why not?
  • Do student volunteers need to give formal
    informed consent? If so, what information needs
    to be included in the consent document?

3
Case 2
  • Two weeks into the new semester, the Professor in
    Marys course on Family Health gives the class a
    special assignment that was not on the course
    syllabus. Over the next week, everyone in the
    class is to talk with three classmates, who are
    not in the course, about the way their families
    deal with medical emergencies and chronic
    illness. Next week they should come to class
    prepared to report on their interviews. The
    Professor will then gather information collected
    by all the students and may write a paper on the
    topic. The Professor indicates in order to
    protect classmates privacy no names should be
    mentioned during discussion.
  • The assignment makes Mary uneasy. In her
    Responsible Conduct of Research (RCR) course last
    semester, she learned about regulations
    pertaining to the use of human participants in
    research. Mary believes that the assignment
    should be reviewed by the IRB.
  • When Mary raises her concerns with the Professor,
    the Professor assures her that her informal
    conversations with classmates are not research
    and therefore not subject to any regulations.
    When Mary reminds him that his potential
    publication may contribute to generalizable
    knowledge, his response is that even if this
    assignment meets the definition of research, it
    can be exempt because no names will be recorded,
    and therefore, no IRB review is necessary.
  • Is the Professors last statement correct?
  • Is this course assignment research?
  • If IRB review is required, should each student
    submit an application to the IRB? Why or why not?
  • Can this course assignment be exempt? If so,
    under which category? If not, will it meet one of
    the categories for expedited review?

4
Topics to be Covered
  • Data ownership
  • Data collection
  • Data protection
  • Data sharing
  • Data management

5
Data Ownership
  • Bayh-Dole Act (Public Law 96-517)
  • Sponsored by two senators, Birch Bayh of Indiana
    and Bob Dole of Kansas
  • Enacted by the United States Congress on December
    12, 1980
  • Governing intellectual property arising from
    federal government-funded research
  • Allows for the transfer of exclusive control over
    many government funded inventions to universities
    and businesses for the purpose of further
    development and commercialization

6
Data Ownership (cont.)
  • Sponsors/funders
  • Government
  • Grants the institution receives funds owns and
    controls the data
  • Contracts government owns and controls the
    data
  • Private companies usually seeks to retain the
    right to the commercial use of data
  • Charitable organization /foundations retain or
    give away ownership rights depending on their
    interests.

6
7
Data Ownership (cont.)
  • Points to consider
  • Distinguish between grants and contracts
  • Research institutions usually claims ownership
    rights over data collected with support awarded
    to the institution
  • Be familiar with institutional policies
  • Who owns the data I am collecting?
  • What rights do I have to publish the data?
  • Does collecting these data impose any obligations
    on me?
  • Do not enter into agreements without approval
    from the institution

7
8
Ownership of Biological Materials
  • Moore v. Regents of the University of California
  • Moore was treated for hairy cell leukemia by Dr.
    Golde at UCLA Medical Center from 1976 and 1983
  • Test results revealed that Moores cells would be
    useful for genetic research, but Golde did not
    inform Moore of his plans to use the cells for
    research
  • A cell line was established from Moores
    T-lymphocytes sometime before 1979
  • On January 6, 1983, UCLA applied for a patent on
    the cell line, listing Gold and Quan as inventors
  • USPO issued patent on March 20, 1984

8
9
Ownership of Biological Materials
  • Moore v. Regents of the University of California
  • In 1983, Moore was given a consent form indicated
    I (do, do not) voluntarily grant to the
    University of California all rights I, or my
    heirs, may have in any cell line or any other
    potential product which might be developed from
    the blood and/or bone marrow obtained from me
  • Moore refused to sign the form and eventually
    turned over to an attorney, who the discovered
    the patent
  • After patent was issued in 1984,UCLA and Golde
    negotiated agreements with Genetic Institute for
    commercial development, Golde became a paid
    consultant and acquired 75,000 shares of stock

9
10
Ownership of Biological Materials
  • Moore v. Regents of the University of California
  • Moore filed a lawsuit naming Golde, Quan, the
    Regents, Genetics Institute, and Sandoz
    Pharmaceuticals as defendants
  • Moore complaint stated thirteen causes of action,
    including conversion, lack of informed consent,
    breach of fiduciary duty and intentional
    infliction of emotional distress
  • The court found that Moore had no property rights
    to his discarded cells or any profits made from
    them
  • The court concluded that the researcher did have
    an obligation to obtain informed consent, and to
    disclose financial interested in the cells
    harvested from Moore

10
11
Ownership of Biological Materials
  • Washington University v. Catalona
  • Dr. Catalona, highly respected urologist and
    urologic surgeon, as well as a well-established
    prostate cancer researcher at Washington
    University in St. Louis
  • While at WU, Dr. Catalona was instrumental in
    establishing the Biorepository for the collection
    and storage of biological research materials
  • More than 30,000 research participants enrolled
    in prostate cancer research
  • In 2003, Dr. Catalona left for Northwestern
    University and to continue his prostate cancer
    research
  • In February 2003, Dr. Catalona sent a Medical
    consent Authorization form to about 60,000
    research participants

11
12
Ownership of Biological Materials
  • Washington University v. Catalona
  • About 6000 recipients signed the form and
    returned it to Dr. Catalona
  • The University sought a declaratory judgment that
    it owned the biological specimens
  • In March 2006, the District Court concluded that
    the University owned the research specimens. Dr.
    Catalona and the eight research participants
    appealed
  • The Court held that Wash. U owns the biological
    materials and neither Dr. Catalona nor any
    contributing individual has any ownership or
    proprietary right in the disputed biological
    materials.

12
13
DHHS Draft Guidance
  • All future research that uses your samples may
    lead to the development of new products, you will
    not receive any payments for these new products.
  • By agreeing to this use, you are giving up all
    claims to any money obtained by the researchers
    from commercial or other use of these specimens.
  • I voluntarily and freely donate any and all
    blood, urine, and tissue samples to the name of
    research institution and hereby relinquish all
    property rights, title, and interests I may have
    in these samples.

13
14
Data Collection
  • Reliable methods
  • Accuracy
  • Authorization/Permission
  • IRB
  • IACUC
  • Documentation
  • Hard-copy data
  • Electronic data

14
15
Data Protection
  • Storage
  • Record retention
  • Confidentiality and information security
  • Data from non-Harvard sources
  • Data use agreement (DUA) that states use
    limitations and/or protection requirements
  • Individual researchers do not have the authority
    to sign DUA on behalf of the institution
  • Data from Harvard sources
  • Five data/information security categories
  • Legal requests contact OGC
  • Certificates of confidentiality

15
16
Information Security Categories
  • Level 1 De-identified research information about
    people and other non-confidential research
    information
  • Level 2 Benign information about individually
    identifiable people
  • Level 3 Sensitive information about individually
    identifiable people
  • Level 4 Very sensitive information about
    individually identifiable people
  • Level 5 Extremely sensitive information about
    individually identifiable people

16
17
Level 2 Information
  • Individually identifiable information, disclosure
    of which would not ordinarily be expected to
    result in material harm, but as to which a
    subject has been promised confidentiality
  • Example
  • Research participant in a study that was exempt
    by the IRB

18
Level 3 Information
  • Individually identifiable information, if
    disclosed, could reasonable be expected to be
    damaging to a persons reputation or to cause
    embarrassment
  • Example
  • Student record

19
Level 4 Information
  • Individually identifiable High Risk Confidential
    Information that if disclosed, could reasonably
    be expected to present a non-minimal risk of
    civil liability, moderate psychological harm, or
    material social harm to individuals or groups
  • Example
  • Social security number
  • Individual financial information
  • Medical records

20
Level 5 Information
  • Individually identifiable information that could
    cause significant harm to an individual if
    exposed, including serious risk of criminal
    liability, serious psychological harm or other
    significant injury, loss of insurability or
    employability, or significant social harm to an
    individual or group
  • Example
  • Certain genetic information
  • Criminal record

21
Data Protection (cont.)
  • Level 1 no specific University requirements
  • Level 2 Password protection
  • Level 3 Must not be directly accessible from the
    Internet (i.e. email) unless the data is
    encrypted
  • Level 4 servers must be located only in
    physically secure facilities under University
    control
  • Level 5 information must be stored and used only
    in physically secured rooms controlled by
    University. No master keys are allowed

21
22
Certificates of Confidentiality
  • Issued by the National Institutes of Health (NIH)
  • Protect investigators and institutions from being
    compelled to release information that could be
    used to identify research study participants
  • Allow the investigator and others who have access
    to research records to refuse to disclose
    identifying information in any
  • civil
  • criminal
  • administrative
  • legislative, or other proceeding, whether at the
    federal, state, or local level

23
Identifying Information
  • Broadly defined
  • Not just name, address, social security number,
    etc.
  • Includes any item or combination of items that
    could lead directly or indirectly to the
    identification of a research participant

24
Eligibility
  • For IRB-approved research collecting identifying
    information
  • If disclosure could have adverse consequences for
    subjects or damage
  • financial standing
  • employability
  • insurability, or
  • reputation
  • NIH or PHS funding not required

25
Examples
  • Collecting genetic information
  • Collecting information on psychological
    well-being of subjects
  • Collecting information on sexual attitudes,
    preferences or practices
  • Collecting data on substance abuse or other
    illegal risk behaviors
  • Studies where participants may be involved in
    litigation related to exposures under study
    (e.g., breast implants, environmental or
    occupational exposures)

26
Requirements
  • Must tell subjects that Certificate is in effect
    in Informed Consent form
  • Must provide fair and clear explanation of
    Certificates protection, including
  • limitations
  • exceptions 
  • Must document IRB approval and IRB qualifications
  • Must provide a copy of the informed consent forms
    approved by the IRB
  • PI and Institutional Official must sign
    application

27
Limitations and Exceptions
  • Protects data maintained during any time the
    Certificate is in effect
  • Protects those data in perpetuity
  • Does not protect against voluntary disclosure
  • child abuse
  • threat of harm to self or others
  • reportable communicable diseases
  • subjects own disclosure
  • Must disclose information about subjects for DHHS
    audit or program evaluation or if required by the
    Federal Food, Drug, and Cosmetic Act

28
Assurances
  • Agree to protect against compelled disclosure and
    to support and defend the authority of the
    Certificate against legal challenges
  • Agree to comply with Federal regulations that
    protect human subjects
  • Agree to not represent Certificate as endorsement
    of project by DHHS or NIH or use to coerce
    participation
  • Agree to inform subjects about Certificate, its
    protections and limitations

29
An Important Caveat
  • Certificates of Confidentiality do not obviate
    the need for data security
  • Data security is essential to the protection of
    research participants privacy
  • Researchers should safeguard research data and
    findings.  
  • Unauthorized individuals must not access the
    research data or learn the identity of research
    participants

30
Data Sharing
  • NIH believes all data should be considered for
    data sharing
  • Data should be made as widely and freely
    available as possible while safeguarding the
    privacy of participants, and protecting
    confidential and proprietary data
  • Data sharing plan required for applications
    requesting gt500,000/year from NIH

30
31
Data Management
  • Data monitoring plan in each protocol
  • Collected data should be open to scrutiny by both
    investigators and the sponsor
  • When possible, statistical analysis should be
    conducted by an independent entity
  • Stopping rule should be included in the protocol
  • Study results and data analysis should be shared
    with the principal investigators as soon as they
    become available
Write a Comment
User Comments (0)
About PowerShow.com