7.3 Data Registries

1.0 Purpose

The purpose of this policy and procedure is to describe the Organization’s requirements for creation and operation of a data registry, and for research use of data from a registry.

2.0 Policy

2.1. It is the policy of the Organization that internal registries, as defined in section 3.1 below, utilized, either wholly or in part, for human subject research must be reviewed and approved by the IRB. All IRB approved registries must comply with the following requirements.
- 2.1.1. The purpose and goals of the registry are clearly justified.
- 2.1.2. The registry complies with all applicable requirements of HHS regulations at 45 CFR 46.
- 2.1.3. The minimum amount of PHI necessary to accomplish the purpose and goals of the registry is entered into the registry.
- 2.1.4. There is acceptable security to safeguard the confidentiality and integrity of data in the registry, and which satisfies the requirements of Organizational policies regarding data and PHI security.
- 2.1.5. There are procedures in place for release of PHI from the registry that comply with Organization privacy policies.
- 2.1.6. As necessary, a Data Use Agreement (DUA), Data Transfer Agreement (DTA), or a Business Associate Agreement (BAA) is in place before any data is released.
2.2. It is the policy of the Organization that External Data Registries (as defined in Section 3.3 below) must be reviewed by the ORA.

3.0 Definitions

3.1. Internal Data Registry is a repository of clinical or other patient data housed and administered within the Organization under the oversight of the UNMC IRB. The data may be used for: a) human subject research, b) assessment of patient outcomes; c) improve healthcare delivery; or d) other non-research purposes.
3.2. External Data Registry is a repository of clinical or other patient data which is housed and administered at an external site normally under the oversight of an external IRB or other oversight body. The data may be used for: a) human subject research, b) assessment of patient outcomes; c) improve healthcare delivery; or d) other non-research purposes.
3.3. Private information includes information about behavior that occurs in a context in which an individual can reasonably expect that no observation or recording is taking place, and information that has been provided for specific purposes by an individual and that the individual can reasonably expect will not be made public (for example, a medical record).
3.4. *Identifiable Private Information refers to private information for which the identity of the subject is or may readily be ascertained by the investigator or associated with the information, as per 45 CFR 46.102(e)(5).

Note: Per Federal regulations, what constitutes “identifiable” will be re-examined on regular occasions; therefore, HBM currently considered not identifiable may become identifiable in the future as technologies and techniques change.

4.0 IRB Review and Consent Requirements for Internal Data Registries

4.1. The creation of a registry that is utilized, either wholly or in part, for human subject research is subject to IRB review, and healthcare professionals who develop and maintain the registry must submit a Data Registry Application. If the registry will also include collection of human biological material (HBM) the Human Biological Material Banking Application must be completed instead.
4.2. The collection of identifiable private information into a registry that is utilized, either wholly or in part, for human subject research constitutes human subject research, and will be reviewed in accordance with all applicable federal regulations and HRPP policies. Specifically, the IRB must find that
- 4.2.1. The registry complies with all applicable requirements of HHS regulations at 45 CFR 46.
- 4.2.2. The purpose and goals of the registry are clearly justified.
- 4.2.3. The minimum amount of PHI necessary to accomplish the purpose and goals of the registry is entered into the registry.
- 4.2.4. There is acceptable security to safeguard the confidentiality and integrity of data in the registry, and which satisfies the requirements of Organizational policies regarding data and PHI security.
- 4.2.5. There are procedures in place for release of PHI from the registry that comply with Organization privacy policies.
- 4.2.6. As necessary, a Data Use Agreement (DUA), Data Transfer Agreement (DTA), or a Business Associate Agreement (BAA) is in place before any data is released.
4.3. The collection of identifiable private information into a data registry that is utilized, either wholly or in part, for human subject research may qualify for expedited review (as per HRPP policy 2.3) or may be exempt (as per HRPP policy 2.6).
4.4. The collection of identifiable private information into a registry that is utilized, either wholly or in part, for human subject research requires informed consent of the person from whom the data is obtained.
- 4.4.1. If the data to be entered into the registry will be collected as an addendum to another (clinical) protocol, separate informed consent must be obtained from the subject.
- 4.4.2. Collection of data for a registry cannot be a requirement for participation in another study for which there is the potential of direct subject benefit.
4.5. The informed consent must include basic and additional elements of consent related to identifiable private information as per 45 CFR 46.116.

5.0 ORA Review and Consent Requirements for External Data Registries

5.1. Submission of clinical data with or without identifiers that has been collected solely for clinical purposes to an external data registry (that is utilized, either wholly or in part, for human subject research) does not constitute engagement in human subject research. It is therefore not subject to UNMC IRB approval, provided the healthcare professional submitting the data (1) is not involved with the research (aside from submitting the clinical data), and (2) will not, in the future, use data in the external registry for research in which he/she is participating.
- 5.1.1. Healthcare professionals who submit clinical data to external data registries as described above must submit the Data Registry Application to the ORA. The information will be entered into the IRB database for tracking purposes.
- 5.1.2. If the clinical data contains PHI, authorization for disclosure of the PHI to the External Data Registry must be obtained in accordance with 45 CFR 164.508(c), or authorization must be waived by the UNMC IRB or the Privacy Board associated with the External Data Registry in accordance with 45 CFR 164.512(i).
- 5.1.3. In consideration of such factors as sensitivity of the data collected, the subject population, whether the registry is under the oversight of an external IRB or government entity, and Organizational requirements, Assistant Vice-Chancellor for Regulatory Affairs, in consultation with the IO, may require submission of additional information regarding administration of the registry, data security, and processes for release of data.
5.2. If the healthcare professional submitting the data is involved with the research (for example, will be an author on manuscripts, or plans to subsequently use data in the registry for different research purposes) then the Organization is engaged, and the submission of identifiable private information constitutes research. It is therefore subject to UNMC IRB approval (per section 4.2 above) and the requirement for informed consent (per sections 4.5 and 4.6 above).
5.3. The appropriate agreements (Data Use Agreement, Data Transfer Agreement) must be fully executed prior to final release of the Data Registry or Medical Records Research.

6.0 Research Use of Data from a Registry

6.1. The Data Registry Application must be submitted in accordance with HRPP policy 2.1 (Submission of Items for Review by the IRB).
6.2. Applications which require review by the full IRB will be processed and reviewed in accordance with HRPP policy 2.2.
6.3. Applications that are eligible for review by the expedited method will be processed and reviewed in accordance with HRPP policy #2.3.
6.4. Applications which appear to be eligible for exemption will be processed and reviewed in accordance with HRPP policy #2.6.
6.5. The use of identifiable private information previously stored in a data registry requires informed consent of the donor, unless:
- 6.5.1. Consent can be waived under 45 CFR 46.116(d) (or rev 45 CFR 46.116(f)), and, if PHI is involved, authorization is waived under 45 CFR 164.512(i).
- 6.5.2. Consent obtained at the time the data was placed into the registry was sufficiently detailed with regard to the future use of the data that a reasonable person would expect that the consent would permit the types of research conducted.

DOCUMENT HISTORY:

 Written: 1/14/2016 (Approved: 1/14/2016) - original author not recorded

 Revised: 3/2/2018 - revision not documented

1.1 Human Research Protection Program (HRPP)

1.2 Authority Granted to the IRB by the Organization

1.3 UNMC IRB Serving as the Single IRB for Multisite Research

1.4 UNMC Ceding Review to an External Central IRB

1.5 Requirements for Research Conducted with International Sites

1.6 IRB Composition, Leadership, Qualifications, and Responsibilities

1.7 IRB Member, Consultant, Staff and Guest Conflict of Interest Identification and Management

1.8 Investigational Activities Requiring IRB Review and Approval

1.9 Resources Necessary to Protect Subjects

1.10 Scientific and Other Committee Review of Research

1.11 HRPP Access to Legal Counsel

1.12 Sponsored Research

1.13 Compliance with ICH-GCP Guidelines

1.14 Research Subject to Department of Defense Regulatory Requirements

1.15 Research Subject to Department of Justice Regulatory Requirements

1.16 ORA Record Keeping Requirements

1.17 Retention of Research Records

1.18 Review and Approval of HRPP Policies and Procedures

1.19 IRB Signature Authority

1.20 Community Involvement in Outreach Activities and Community Based Participatory Research (CBPR)

1.21 Post-Approval Monitoring of Research

1.22 Assessment of the Effectiveness and Efficiency of the HRPP

1.23 HRPP Training Requirements

1.24 HRPP Training Requirements for IRB Members

1.25 Financial Conflicts of Interest

1.26 PI Qualifications and Responsibilities

1.27 Research Personnel Qualifications and Responsibilities

1.28 External Investigator Assurance

1.29 ClinicalTrials.gov Reporting

1.30 Use of the Rapid Response IRB

1.31 Observers at IRB Meetings

1.32 Confidentiality of the Review Process

1.33 Posting of Clinical Trial Consent Forms

1.34 Emergency Preparedness for the Office of Regulatory Affairs and IRBs

2.1 Submission for Items for Review by the IRB

2.2 Full IRB Review

2.3 Expedited Review

2.4 IRB Review of Changes in Previously Approved Research

2.5 Criteria for IRB Approval

2.6 Exempt Research

2.7 Continuing Review of Research

2.8 Limited IRB Review

2.9 Closure of On-Going Research

3.1 Assessing the Need for Increased Monitoring, Interim Continuing Review, and Verification from Sources Other than the PI

3.2 Data and Safety Monitoring

3.3 Privacy Interests and Confidentiality of Research Data

3.4 Use of Protected Health Information in Research

3.5 Subject Recruitment Through Advertisements

3.6 Subject Recruitment Through Direct Invitation

3.7 Finder’s Fees and Recruitment Bonuses

3.8 Research Subject Compensation and Reimbursement

3.9 Contraception Requirements

3.10 Pregnancy Testing

3.11 Collecting Data from Pregnant Partners of Research Subjects

3.12 Ethical Access

3.13 Use of Placebo or Wash-Out of Effective Therapy in Clinical Trials

3.14 Phase I and First-in-Human Studies

3.15 Managing Radiographic Incidental Findings in Human Subjects Research

4.1 Additional Protections for Vulnerable Populations

4.2 Research Involving Pregnant Women, Human Fetuses, and Neonates (Nonviable or of Uncertain Viability)

4.3 Research Involving Prisoners

4.4 Research Involving Children

4.5 Local 407 Panel Review of Pediatric Research

4.6 IRB Review of Research Involving Subjects with Impaired Decision-Making Capacity

4.7 Research Involving Employees of the Organization and Students as Subjects

5.1 Obtaining Informed Consent From Research Subjects

5.2 Waiver or Alteration of Informed Consent and HIPAA Authorization

5.3 Use of a Remote Consent Process

5.4 Waiver of Requirement to Obtain Signed Consent Form

5.5 Use of the Short Form Consent Document

5.6 Exceptions from Informed Consent Requirements for Emergency Research

5.7 Obtaining Informed Consent from Non-English Speaking Persons, or Persons with Additional Needs or Vulnerabilities

6.1 Research Involving Investigational and Marketed Drugs

6.2 Research Involving Investigational and Marketed Devices

6.3 Humanitarian Use Device (HUD)

6.4 Emergency Use of a Test Article

6.5 Expanded Access to Investigational Drugs and Devices for Treatment Use

7.1 Banking Human Biological Material

7.2 Use of Human Biological Material in Research

7.3 Data Registries