Research Registries & Repositories

SUBJECT:

Research Registries & Repositories

 Policy Number:
10.3.16		 Effective Date:
January 30, 2018
  Supersedes:
10.3.16 Version 1		 Pages: 10
  Responsible Authorities:
Vice President, Research
Institutional Review Board
Assistant Vice President, Research Integrity

  1. Background

    Research registries and repositories are used to collect, maintain, and distribute data and/or human biological specimens (blood, tissues, cells, DNA, etc.) for some future research purpose. While some registries and repositories are created and maintained explicitly for research purposes, others can be for non-research purposes (such as medical care, education, normal operations) but may be accessed for future research.

    The purpose of establishing a formal research registry/repository is to give the investigator the authority and responsibility for distributing data and/or specimens from a registry or repository and to ensure that future uses are designed in a manner that protects the rights of research participants, supports scientific inquiry, and complies with Federal regulations. (45 CFR 46; 45 CFR 160-164; 21 CFR 50, 56, 812)

  2. Purpose

    The purpose of this policy is to outline IRB procedures for establishing, maintaining, and closing a research registry or repository at Florida Atlantic University (FAU).

  3. General Statement

    • This policy applies to human subjects research registries and repositories established by investigators for collecting, maintaining, and distributing data and/or specimens for research purposes.
    • This policy does not apply to data or/and specimens that are collected and stored as part of routine clinical care or hospital procedures (for example, blood banks, pathology, disease surveillance, or quality assurance) unless the primary intent is for future research.
    • This policy applies to clinical research AND non-medical/non-clinical research maintained in non-clinical settings for research use. (e.g., from social/behavioral studies)

  4. Policy

    1. All research registries and repositories at FAU require review and approval by the IRB.

    2. The collection, maintenance and distribution of data or specimens (see definition of "specimens" below) becomes a research registry or repository when there is a specific intention for the data or/and specimens to be maintained for future research and/or shared with other investigators.

      NOTE: The prospective collection and storage of data or specimens for defined research purposes (including holding samples to "batch" them for assays), as part of a single IRB-approved protocol is not considered a "registry" or a "repository."

    3. If the PI has no explicit plan to destroy the data or/and specimens when an original research project ends, the investigator may maintain the data or specimens under continued IRB approval for uses that were approved in the original protocol. Once a use is desired beyond the primary research goals of the original protocol, the PI must: 1) establish an IRB-approved research registry or repository; 2) de-identify the data set for any future research uses with notification to the IRB that this has occurred, OR 3) submit data or specimens into an existing IRB approved registry or repository AND 4) close the original research project.
    4. Investigators wishing to use database information or biospecimens for research that differs in any way from what is described in the IRB-approved protocol and applicable consent document(s) MUST submit a new registry/repository protocol to the IRB following the directives of this policy or amend the original protocol in a manner to account for the new use.
    5. For the purposes of this policy, a registry refers to the use of data and a repository refers to the use of biological specimens and research materials. (See definitions below).

    Definitions

    Anonymized Data or Biospecimens: Data or biological material that never had a code or other identifier assigned to it. There are no means to trace the data or samples back to an individual. FAU and some international standards consider IP addresses to be identifiable even though the address is linked to the computer and not specifically to the individual.

    Coded: This term refers to specimens or data whose identifying information (such as name or social security number) has been replaced with a number, letter, symbol, or combination of these elements. Often there is a mechanism or "key" to decipher the code. Deciphering the code would enable someone to link the data or specimen or dataset to identifying information which could reveal the donor of the data or specimen

    Confidential Data: information disclosed with the expectation that it will not be divulged without permission to others in ways inconsistent with the understanding of the original disclosure.

    Data Usage Agreement: An agreement that details the conditions for receipt and future use of data and/or specimens from a registry or repository.

    De-identified Data or Biospecimens – Data or biological material that has had all identifiers associated with human subjects removed in a manner that there is no reasonable basis to believe that information within the data or associated with the biological material that can be used to identify an individual. Investigator/research team cannot readily ascertain the identity of the individual, but the data was collected with identifiers.

    Gatekeeper: A person(s) who has primary control of data and/or specimens and maintains the registry/repository. This person may be delegated by the Principal Investigator; however the PI retains ultimate responsibility for the oversight of the registry/repository.

    Honest broker: An honest broker is an individual, entity or system, dedicated to collect and provide de-identified information/samples to the research team. In most cases, the honest broker individual/systems are outsiders, set up to obtain and provide clinical/medical records, data and specimens to researchers.

    Identifiable private information: is private information for which the identity of the subject is or may readily be ascertained by the investigator or associated with the information.

    Material Transfer Agreement: An agreement between FAU and another institution that allows one institution to share materials with another (e.g. tissues, etc.). This agreement protects the investigator and institution by notifying the recipient regarding materials that are patented and any limits on the use of samples and associated information.

    Private information: Includes information about behavior that occurs in a context in which an individual can reasonably expect that no observation or recording is taking place, and information that has been provided for specific purposes by an individual and that the individual can reasonably expect will not be made public (e.g., a medical record).

    Protected Health Information (PHI): Individually identifiable health information collected from an individual that is: 1) Transmitted by electronic media 2) Maintained in electronic media; or 3) transmitted or maintained in any other form or medium by a HIPAA Covered Component. PHI encompasses information that identifies an individual or might reasonably be used to identify an individual and relates to the individual's past, present or future physical or mental health or condition of an individual; the provision of health care to the individual; or the past, present or future payment of heath care to an individual.

    Personal Identification Information (PII) : As defined by Florida Statute 817.568(1) (f), under which fraudulent use is prohibited, PII means any name or number that may be used, alone or in conjunction with other information, to identify a specific individual. For reference on examples of PII, see FAU Research Data Security guideline available at https://www.fau.edu/research-admin/research-integrity/research-data/

    Recruitment Registry: Lists of persons along with limited personal and, when applicable, medical information. The primary intent and use of these lists is to provide investigators with pools of contact information of potential study volunteers.

    Registry: In general, a registry is a collection of information elements or databases containing names, contact information, and personal records (medical, educational, attitudinal, survey answers, etc.). A data registry is a tool used to compile a set of individual subject/patient data that will be used in the future for analysis purposes. The organizers of the data registry receive information from multiple sources, maintain the information over time, control access to and use of the information by multiple individuals and/or for future multiple projects. IRB approval is required in advance of every time a registry is to be used for a new research purpose.

    Repository: A research repository provides a way for researchers to store human biological specimens (for example, blood, urine, tissue specimens obtained from biopsies, and tissues or organs removed during surgery) or materials (pictures, videos, audio recordings, etc.) and related information for future research studies. IRB approval is required every time a repository is planned to be used for a new research purpose.

    Research Database: A database is a collection of information elements (i.e. data) arranged for ease and speed of search and retrieval. The difference between a registry and a research database is based on the intent of use. A registry is intended to be used in future research, with a different scope of work and objectives. A research database, however, is used for one study and cannot be used to answer different research questions or research aims. Most databases are now maintained electronically, but the term can also be applied to paper record systems. Examples of databases include the following: a set of observations (i.e., data) resulting from a research study, an electronic file containing patients' records, a collection of diagnosis, treatment, and follow-up information for a hospital's oncology patients.

    Research Material: Tangible products obtained from the activities conducted in a research study. Research material can be human biospecimens, photos, videos, test documentation, or, research participant hard copy of the research records, among others.

    Specimens: For purposes of this policy, specimens are human biological materials that range from subcellular structures and cell products such as DNA, to cells, tissue (e.g., blood, bone, muscle, connective tissue and skin), organs (e.g., liver, bladder, heart, kidney, placenta), secretions, and waste (e.g., hair or nail clippings, urine, feces, sweat, etc.).

    Submittal Agreement: An agreement that attests that data/specimens collected were obtained with written informed consent of the subjects utilizing an informed consent document approved by the local IRB or under an IRB approved waiver of informed consent.

    NOTE: Written, or in writing, for purposes of this policy, refers to writing on a tangible medium (e.g., paper) or in an electronic format

  5. Accountability

    The Principal Investigator (PI) is responsible for:

    • Submitting the appropriate IRB protocol for his/her recruitment registry, data registry or repository; developing standard operating procedures (SOPs) for maintenance of the registry/repository; appointing a gatekeeper for the registry/repository; and ensuring the proper disposition of the registry/repository upon completion of the protocol aims.
    • Coordinating with Environmental Health and Safety and related units, as appropriate, regarding appropriate storage, maintenance, dissemination and destruction of specimens.
    • Coordinating with information technology (IT) representative(s) to develop a data management plan (DMP) in the format of a document that outlines the detailed procedures to collect, store, access, transmit, share, preserve and destroy the data during and after a research project.
    • Reviewing the FAU Division of Research - Data Security Guideline available at https://www.fau.edu/research-admin/research-integrity/research-data/

    The Institutional Review Board will be responsible for:

    • Reviewing and approving any request to create, or request data from, a registry or repository in accordance with this policy.

    The Research Integrity office will be responsible for:

    • Advising researchers on the appropriate submission process for establishing, maintaining, and closing a data/specimen registry/repository.
    • Coordinating with related FAU compliance units as needed.

  6. Procedures

    Creating a New Research Registry or Repository

    1. Submit the IRB protocol via IRBNet.

      1. Use the protocol format for Recruitment Registries, Data Registry & Repositories and attach all requested information.
      2. Include either a registry or repository consent OR a request for waiver of consent by the IRB. (see "Quick Guide" below)

        NOTE ABOUT CONSENT: Federal regulations (45 CFR 46.116) require researchers to describe the nature and purposes of the research as well as both reasonably foreseeable and unforeseeable risk of participation. Accordingly, informed consent for a registry or repository must be as clear as possible about the range and types of future uses envisioned without being vague and open-ended. Researchers should be sensitive to the concerns of special populations, issues surrounding genetic research, and issues surrounding long-term storage of data on sensitive behaviors that could cause stigma or affect the reputation, employability, or legal status of a research participant.

      3. If data or specimens are to be collected by or received from a "covered entity" under HIPPA regulations, include the HIPAA authorization form that will be signed by participants for the storage and future research use of their data or specimens, OR submit the Waiver of HIPAA authorization request form. Note: Only certain FAU components are covered by HIPAA requirements; check with Research Integrity or see Guidance on HIPAA and Research if you are unsure.

    2. The IRB will review the registry or repository protocol to ensure it adequately specifies the conditions under which data and tissues may be accepted into the registry or repository. The IRB will request standard operational procedures to guarantee the data or specimens will be securely stored, and shared to protect the privacy of subjects, maintain the confidentiality of the data, and preserve the integrity of specimens. Once these and other standard review concerns are addressed, approval will be issued.

    3. The protocol, should describe how individually identifiable data will be maintained separately from the main database. If any identifiable data must be maintained (e.g. date of birth, date of services, etc.) with the data set, the PI should provide a justification for doing so. This information should be included in the consent form, and a data management plan submitted with the protocol.

    4. The protocol should describe the intended duration for maintaining a link between individually identifiable data, the research data set and the process for destroying the link.

    5. For protocols intending to use data for future research under a registry and repository consent, the IRB would review the appropriateness of the process proposed for obtaining the consent, and ensure that the required elements were appropriately included. Additionally, the IRB must determine that consent is appropriately documented.

    6. The IRB will also review the inclusion in the protocol of a procedure or strategy (i.e.: participants log) to record the information of participants who consented or not to participate in the original study and to use their data for future research.

    Converting a research database to a registry:

    Investigators may desire to use the data/specimens collected under a previously IRB approved study for different or future research purposes. Conversion of a research database to a registry or repository should consider the confidentiality, autonomy and benefit of the subjects who originally provided the data and/or specimens.

    Obtaining informed consent for research use of information or specimens beyond the original intention of the research or from non-research databases and repositories is usually challenging. Because future research use or a project with a different scope of work was not anticipated at the time of collection, future research consent may not have been obtained. Where it is possible to do so, IRBs' may require researchers to obtain informed consent for future research of subjects involving information or specimens contained in a previous study or non-research databases or repositories.

    The IRB protocol should include the list of variables that will be in the data registry. A copy of the print screen of the database, listing all variables should be attached to the protocol. If identifiable data is included in the list of variables, the protocol should cover how this data will be maintained separately from the main research data base. If any identifiable data must be maintained, the PI should provide a valid justification and data management plan.

    If the PI cannot obtain consent of the participants for different reasons other than inconvenience or time restrictions – the PI must de-identify the data AND a waiver of consent should be submitted to the IRB describing the following processes:

    • Detailed process for coding the data.
    • Include an honest broker to conduct the process of de-identification.
    • Codes linking subjects to data: The protocol submitted to the IRB should cover who, if anyone, will retain the key to the code linking subjects to identifiers.
    • Explain the process to destroy the original research data set.

    If the research data set that will be converted to a registry or repository originated from a study approved by the IRB as a minimal risk study, the PI can apply for waiver of consent if:

    1. The waiver of consent will not adversely affect subject's rights and welfare,
    2. The research could not be practicably be carried out without the waiver, AND
    3. Where appropriate, the subjects will be provided with additional pertinent information after participation.

    If researchers want to convert contact information data from a non-research dataset to a recruitment data set, the owner of the original data set (i.e. private practice office) should require permission from potential subjects before releasing contact information to researchers for recruitment purposes.

    Under the HIPAA privacy rule, protected health information (PHI, i.e. identifiable health information) in non-research databases and repositories held at FAU and is affiliates covered entities may not be used or disclosed for research except as allowed in FAU HIPAA policy 10.3.7 Disclosure and Use of Protected Health Information (PHI) in Research.

    Maintaining a Research Registry/Repository

    1. The registry/repository must be maintained according to the protocol and SOPs submitted to and approved by the IRB. As with all IRB protocols, any amendment to a registry or repository protocol must be approved by the IRB before it is implemented.

    2. If the PI of a FAU registry or repository receives a request from an investigator to distribute identifiable or de-identified data/specimens from an existing research registry/repository, he/she must obtain a copy of that investigator's IRB approval (if applicable) and confirmation that the investigator will comply with the registry/repository's terms of usage. Note: If applicable, the recipient-investigator may be asked to sign any type of agreement such as a Data Use Agreement or Material Transfer Agreement, such agreements must be routed for review through Sponsored Programs and may require consult with the Technology Development Office and /or Deputy General Counsel. See Data Use Agreement Guideline available at: https://fau.sharepoint.com/sites/research/Shared%20Documents/webfiles/technology-development/dua-review-form-v2-ada.pdf

    3. At each continuing review, the PI of a FAU research registry or repository will be required to provide a summary report to the IRB of all collections, distributions, and/or destruction of data/specimens from the registry/repository.

    4. When a PI no longer wishes to operate the registry or repository for future research, or if the data/specimens are being transferred to another registry/repository, he/she should submit a request for closure to the IRB. The closure request must include the disposition of the data and specimens, including details on the secure transfer, donation and/or destruction of data/specimens. Any inactive registry/repository should be responsibly closed after 5 years. If a PI wishes to transfer the repository to another PI, a request for amendment should be submitted with the credentials of the new PI and endorsement of the College Departmental Chair or Dean.(Note: PIs are advised to consult their IT representatives regarding the secure management of all data/specimens.)

    Contributing to a Non-FAU Research Registry/Repository

    If an FAU investigator wishes to contribute data/specimens to a registry or repository outside of FAU, the IRB must review, at a minimum, the IRB protocol used to collect the data/specimens, the consent process and the submittal agreement (see definition above).

    This allows the IRB to confirm that the data/specimens are authorized to be shared and used beyond the intent of the original research protocol. Note: Not all submissions to a research repository meet the federal definition of being engaged in human subject research. Contact the IRB office for further clarification.

    Requesting Data/Specimens from a Research Registry/Repository

    When an FAU investigator wishes to request coded or identifiable data from an established registry or repository inside or outside FAU, he/she should submit a request to the IRB either via a new protocol application or as an amendment to an existing study. The FAU IRB must review, at a minimum, the protocol, data collection tools, the usage agreement, data management plan, consent process (and any applicable a waiver), and obtain the IRB approval number of the registry/repository from which the request is being made.

    If the investigator wishes to request anonymous (and some coded) data, he/she may submit a request to the IRB for Determination of Non-Human Subjects Research using Form 6 and the Assessment tool 4 - Certificate of de-identification.

    Note: Certain registries or repositories may require the recipient to obtain a more stringent IRB review, even if the data appears to be de-identified. For example, if the repository contains data on sensitive or criminal behavior, the gatekeeper of the repository may request expedited or convened IRB review because the likelihood of the data causing harm in the event of a breach is significant to participants, even if the likelihood of the breach occurring is rare.

    A Material Transfer Agreement (MTA) should be established between the institutions transferring/receiving the data/specimens. MTAs are contractual agreements used for the transfer or exchange of research materials both biological and non-biological to/from the university. All MTAs should be reviewed and approved by the Sponsored Programs Office and signed by both the PI and FAU's authorizing official prior to transferring the materials. More information about MTA is available at https://fau.sharepoint.com/sites/research/Shared%20Documents/webfiles/technology-development/mta-review-form-v2-ada.pdf

    Quick Guide on IRB Review Type for Registries or Repositories

    1. Data/Specimens Obtained prospectively ONLY For Research (not part of normal operations or clinical care)*

    empty Type of IRB Review and Consent
    Status of Participant/Donor Identity Genetic Studies Non-genetic Studies
    Type of IRB Review Consent Needed Type of IRB Review Consent Needed
    Anonymized (if re-identifiable) Full Board or Expedited Yes Full Board or Expedited Yes
    Known to Principal Investigator Full Board Yes Full Board or Expedited Yes
    Known to 3rd Party (such as the honest broker or gatekeeper) Full Board Yes Full Board or Expedited No - Apply for waiver of consent

    *For example, additional blood draw or biopsy.

    2. Specimens Obtained PROSPECTIVELY for a bank repository
    Specimens Left Over from Clinical Procedures and Would Normally Be Discarded*

    empty Type of IRB Review and Consent
    Status of Participant/Donor Identity Genetic Studies Non-genetic Studies
    Type of IRB Review Consent Process Type of IRB Review Consent Process
    Anonymous Not Human Research None Not Human Research None
    Known to Principal Investigator Full Board Yes Full Board or Expedited Yes or Waiver of Consent + additional documents
    Known to a 3rd Party (such as the honest broker or gatekeeper) Full Board Yes Full Board or Expedited Waiver
    Known to Principal Investigator intended to use for secondary analyses Full Board Yes Limited IRB Review Registry/ Repository Consent

    *For example, excess blood from routine blood draw or leftover biopsy material.

    3. Data/Specimens Obtained RETROSPECTIVELY – Conversion of a data set to a registry or repository
    Data/Specimens Were Previously Collected for Either Clinical or Research Purposes*

    empty Type of IRB Review and Consent
    Status of Participant/Donor Identity Genetic Studies Non-genetic Studies
    Type of IRB Review Consent Needed Type of IRB Review Consent Needed
    Anonymous Not Human Research N/A Not Human Research N/A
    Known to Principal Investigator Full Board Yes Full Board, Expedited, or Exempt Yes or Waiver (depends on how data are recorded)
    Known to a 3rd party (such as the honest broker or repository gatekeeper) Expedited Waiver Exempt Waiver

    *ALL specimens needed for the study are already stored, for example, in a laboratory or registry/repository.

  7. Guidance Renewal Date

    N/A

  8. References

    OHRP Guidance on Research Involving Coded Private Information or Biological Specimens (http://www.hhs.gov/ohrp/policy/cdebiol.html)

    Response of the Department of Health and Human Services to NBAC's Report Research Involving Human Biological Materials: Ethical Issues and Policy Guidance (http://aspe.hhs.gov/sp/hbm/hbm.pdf)

GUIDANCE APPROVAL

Initiating Authority

Daniel Flynn, Vice President for Research

Executed signature pages are available in the Initiating Authority Office(s)