Examples of Activities That Do and Do Not Require IRB–HSR Review

For additional information see the IRB-HSR Learning Shot:  SOM Salient Issue:  When do you need IRB review?

Examples of When an Activity Does Require IRB Review

• Use of existing specimens that were collected either for research or for clinical reasons that are identifiable, or you have access to a code which identifies the donor (e.g., pathology number), or if the investigator has knowledge of the subject's identity (e.g., patient's surgeon is also an investigator on the study)
• Use of data from medical records for non-clinical or non-quality improvement (QI) reasons
• A review of your own patients' clinical records (i.e. medical records, x-rays, laboratory values and/or reports) in order to answer a research question.
• Calling patients for follow-up information for purposes of research
• Establishment of a database protocol
• Thesis or dissertation projects conducted to meet the requirement of a graduate degree are usually considered generalizable, and require IRB review and approval.
• The investigator obtains specimens or data through intervention or interaction with a living individual (e.g. interviews, surveys, physical procedures, manipulations of the subject’s environment, private or limited access internet sites, or any other direct contact or communication with the subject.
• The investigator is obtaining identifiable private information about living individuals (e.g. chart review, lab studies on tissues or specimens, information from data or tissue repository).
• The data or specimens are received by or provided to the investigator with identifiable private information
• The data or specimens are coded and the investigator has access to a link that would allow the data or samples to be identified.
• The activity involves one or more individuals who are or become participants in research, either as a recipient of the test article (e.g. drug, biologic, medical device or other article subject to regulations under the Food, Drug & Cosmetic Act) or as a control
• The activity involves one or more individuals who participate in an investigation, either as an individual on whom or on whose specimen an investigational device is used or as a control.
•  The activity is a clinical investigation involving a project regulated by the FDA (e.g. drug, device or biologic)
• The activity involves the use of a drug, excluding an FDA approved drug in the course of medical practice, in one or more human subjects.
• The activity involves the use of a medical device, excluding an FDA approved device in the course of medical practice, in one or more human subjects.
•  The results of the project are required to be submitted to or held for inspection by the FDA
•  The activity involves the testing of a medical device using tissue specimens from one or more human subjects and the results are being submitted to the FDA for approval of the device.
• The activity involves one of the activities listed above, however you are NOT performing the work as an AGENT of UVa.  You may be considered to NOT be working as an agent of UVa if either of the following situations exit.     

  SITUATION A: 
  You were NOT involved in the design of the research.
  A UVa IRB has NOT approved the research. 
  Funding to conduct the research will NOT come from UVa.
  You have other reasons for traveling to the outside institution besides working on research
  Working on this research is NOT required for your degree program.
  
  You confirm:

• you are a student, employee and/or faculty member of the University of Virginia.
• the project has or will have IRB approval from the outside institution and you will be listed on their application as personnel conducting the study. 
• your work on this project will be overseen by the Principal Investigator and the IRB at the outside institution.
• You will communicate with the IRB and the Contracts Office, to determine what approvals may be needed, prior to receiving any data from the outside institution.

OR

SITUATION B: 
You designed this research. You are a student at UVa but employed by another institution.  All subjects will be enrolled at the outside institution.  The research will be overseen by their IRB.  There is no funding for this study.   You will notify the outside IRB that an UVa IRB will not be overseeing your work.

Type of Submission Required

• If your activity meets one of the examples above and you are NOT working as an agent of UVa submit the Determination of UVa Agent Form to the IRB-HSR 
• If your activity meets one of the examples above and you ARE considered to be working as an agent of UVa, proceed to Protocol Builder to submit your project to the IRB-HSR.
  
  

Examples of When an Activity Does Not Require IRB-HSR Review
If your activity meets one of the examples below you are not required to obtain any approval/authorization documentation from the IRB-HSR.  It is recommended that you complete the Determination of Human Subjects Research form and keep it with your records. Submission of this form to the IRB is OPTIONAL.

• Specimens came from a cadaver
  
  
• A case series involving up to 3 patients  (UVa Health System Policy 0084:  Health Information Request for Non-Patient Care Usage also addresses this issue and must be followed.)
  
  
• Preparatory to Research Activity
  
  
• Quality Improvement/ Quality Assurance Project  For additional information see QI vs Research Guidance
  
  
• Receipt of Data from dbGap for which dbGaP does not require IRB approval: dbGaP does not require IRB approval for receipt of data  from Open Access Data or for data for which  the research team or their direct collaborators do not have access to identifiers as they did not originally provide the data to dbGaP.  The requirement for IRB approval may be found in the DUC on the GWAS website.   The researcher has attached a dbGaP_ Data Use Certification  signed by the researcher.  IRB-HSR staff will obtain the signature of the Institutional Official and provide the signed document back to the researcher.
  
  
• Receiving De-identified Data/Specimens:  Data/ Specimen will not be submitted to the FDA AND satisfies the  following conditions:
• The data/specimen, in its entirety, was collected for purposes other than this project AND
• The data/specimen is given to the researcher without any HIPAA identifiers (No codes or links of any sort will be maintained, either by the researcher or the person releasing the data/specimen)  
  
  OR

The researcher will delete all HIPAA identifiers*, including codes, prior to initiation of the research. Ultimately, the researcher will have NO WAY of identifying the source of the data/specimen at the time the research is done.

Allowed  if:

• The data/specimen was collected solely for clinical purposes [for example, normally discarded tissue],
• The data/specimen was collected solely for unrelated research purposes, with no "extra" data/specimen collected for use in this project
• The specimen is a de-identified cell line.

Not allowed if:

• You will be obtaining the data via a process like a chart review where identifiers will be viewed. 

• Sending Data/Specimens outside of UVa and the following criteria are met:
• The data/specimen, in its entirety, was collected for purposes other than this project
•  Individuals releasing the data/specimens are NOT working in collaboration with the recipients on the research project.
• Data/ samples meet the HIPAA criteria of Limited Data Set or De-identified. All datasets will be reviewed by the Clinical Data Repository to confirm it meets one of these criteria.
• Study team will obtain a Material Transfer Agreement with Grants and Contracts office prior to sending data/specimens. If the data/specimens meet the criteria of a Limited Data Set, Grants and Contracts office will incorporate a HIPAA Data Use Agreement into the Material Transfer Agreement.
  
  

• Public Data Sets if the following conditions are met:
  • Research will NOT involve merging any of the data sets in such a way that individuals might be identifiResearcher will NOT enhance the public data set with identifiable, or potentially identifiable da
  • Researcher will NOT use a “restricted” data set
  • Researcher will use a Public Data Set that is  included on the list of IRB-HSR approved list of Public Data Sets
  • Researcher will NOT use data from the NIH GWAS ( Genome- Wide Association Studies0 data repository
  • The data host does NOT require the researcher or the researcher’s institution to sign a Data Use Agreement .  (Submit this under a Coded Research Submission in Protocol Builder)
    

• De-identified Data:  Material/data will not be submitted to the FDA AND satisfies both of the following conditions:
• The material/data, in its entirety, was collected for purposes other than this project (e.g., the material was collected solely for clinical purposes [for example, normally discarded tissue], or for unrelated research purposes, with no "extra" material collected for use in this project.)
• The material/data is given to the researcher without any identifiers* (e.g., no codes or links of any sort may be maintained, either by the researcher or the person releasing the material/data.)
  
  
• Medical Practice and Innovative Therapy:   A commonly cited definition of medical practice describes an activity that is designed solely to enhance the well-being of an individual patient.  A type of medical practice that is often confused with research is a class of activities that has been called “innovative therapy.”  Basically, innovative therapy describes an activity that is designed solely to benefit individual patient(s) but in which the ability of the activity to result in the desired outcome is to some degree unproven. 

• Medical Practice for the Benefit of Others:  In some situations, the goal of medical practice is to benefit people other than those directly affected by the health care intervention.  Examples of medical practice for the benefit of others include blood donation and some vaccination programs.  In terms of the research/non-research issue, the critical feature of this form of medical practice is that the goal of the activity is to benefit a well-defined group of people in a predictable way.

• Public Health Practice:  Public health practice is similar to medical practice for the benefit of others in that the activity involves people who do not directly benefit from the intervention.  The most common situation in which there is confusion about the distinction between a public health practice and research is with public health practices that require the review of private, identifiable information about health status.  Examples of public health practices that often do not involve research include surveillance (e.g., monitoring of diseases) and program evaluation (e.g., immunization coverage or use of clinical preventive services such as mammography).

• Resource Utilization Review:  Medical record review is often conducted to evaluate the use of resources in a specific health care activity.  Terms such as cost control are used to describe this class of activity, but the terms utilization review or resource utilization review are more general and often more accurately reflect the fundamental goal of projects in this category.  Although a research project may involve review of resource utilization, the term resource utilization review usually refers to a non-research activity.

• Education:  The transferring of information from one group of people to another is a common activity in all aspects of society.  The regulatory definition of research focuses on the desire to develop or contribute to “generalizable knowledge.”  The reason to mention education in the context of a discussion about the definition of research is that it is important to recognize that the goal of most educational activities is to spread or “generalize” knowledge.  The fact that an activity is undertaken for the specific purpose of teaching somebody something does not mean that the activity involves research.
   

*HIPAA Identifiers
1.  Name

2.  All geographic subdivisions smaller than a state, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of the zip code if, according to the current publicly available data from the Bureau of the Census: (1) The geographic unit formed by combining all zip codes with the same 3 initial digits contains more than 20,000 people and (2) The initial 3 digits of a zip code for all such geographic units containing 20,000 is changed to 000.

3.  All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older.

4.  Telephone numbers

5.  Fax numbers

6.  Electronic mail addresses

7.  Social Security number

8.  Medical Record number

9.  Health plan beneficiary numbers

10.  Account numbers

11.  Certificate/license numbers

12.  Vehicle identifiers and serial numbers, including license plate numbers

13.  Device identifiers and serial numbers

14.  Web Universal Resource Locators (URLs)

15.  Internet Protocol (IP) address numbers

16.  Biometric identifiers, including finger and voice prints

17.  Full face photographic images and any comparable images

18.   Any other unique identifying number, characteristic, code that is derived from or related to information about the individual (e.g., initials, last 4 digits of Social Security #, mother's maiden name, first 3 letters of last name.)

19.   Any information that could be used alone or in combination with other information to identify an individual (e.g., rare disease.)

Version Date:  7-13-12