Every IRB and research organization should view research noncompliance as systems failures that need to be dealt with professionally, consistently, and transparently, according to an IRB expert.

“Whether it’s noncompliance or medical error, they should be dealt with in the manner of collegiality, professionalism, and transparency,” says Scott Lipkin, DPM, managing director of FTI Consulting in Philadelphia. Lipkin speaks at national conferences about noncompliance and IRBs.

Organizations should not treat them as “gotcha” moments with a punitive, blame-assigning approach, but more as a sign that researchers need better education and training about human research protections and compliance, he says.

Sometimes, when an investigator’s conduct is in noncompliance, the investigator doesn’t even understand that what occurred was noncompliance and so he or she might not report it, Lipkin says.

In other cases, investigators might not want to report noncompliance out of fear of the IRB taking punitive action, he says.

These problems highlight the need for clearly written policies and procedures that articulate the requirements with regards to reporting events related to noncompliance, and every organization should define what noncompliance and serious noncompliance are, he adds.

Policies also should describe the process for handling noncompliance; for instance, which board or entity reviews issues of noncompliance, and how are they handled.

“Personally, I don’t believe the IRB committee is best suited to review and manage events related to noncompliance,” Lipkin says. “Generally, those are reviewed and managed by an entity separate from the IRB.”

Some large organizations might have the IRB review and manage noncompliance, and it might work very well, but this model doesn’t work for everyone, he notes.

However, the IRB should have the final say over a management plan that is required for an incident of noncompliance, and the IRB also is responsible for reporting serious and continuing noncompliance and unanticipated problems, he adds.

Institutions that have a corporate compliance office, but no specific research compliance board or office, might consider forming a committee that integrates the IRB with the corporate compliance office. For instance, they could form a hybrid committee that consists of a research administrator, such as an IRB chair, a compliance and/or legal representative, a member of the medical staff, and someone involved in management at the organization, Lipkin suggests.

One of the problems with how research organizations handle noncompliance is that there is no consistency in how it’s defined, Lipkin says.

“I’ve seen in my experiences in consulting and with AAHRPP site visits that what one hospital or university or medical school might consider noncompliance, another might consider serious noncompliance,” he says. “Who ultimately is responsible for crafting or making a noncompliance determination and making a plan?”

To illustrate how difficult it might be to reach consensus on noncompliance issues, Lipkin provides this example: “A cardiologist has a research protocol that involves placing a stent in the cath lab. The cardiologist has a patient who has failed multiple treatments and whose only option is to have this investigational stent inserted by virtue of his unique anatomy and heart muscles,” he explains.

“The protocol was approved by the IRB, and the investigator asks a coordinator if he could get started. The coordinator says the contract has not been finalized by the sponsor. The principal investigator asks the coordinator when the contract will be approved, and the coordinator says, ‘In two to three days,’” Lipkin continues. “The investigator says, ‘So we can get started by converting the patient’s Coumadin [warfarin] over to heparin.’”

The research protocol requires patients who have had a recent venous thrombosis event to be bridged from warfarin to heparin, so the investigator wants to admit the patient to begin bridging him so when the contract is signed, he can bring the patient right up to the cath lab to put in the stent, he says.

“If he waited until it was signed, then he’d admit the patient three days later and then wait three days to put in the stent,” Lipkin says. “So the investigator begins to admit the patient, and it turns out that the only reason the patient is admitted is for bridging the medication in anticipation of participation of a clinical trial.”

Although the IRB had reviewed and approved the study, IRB approval is only achieved after there is an executed contract with the institution and the sponsor, he explains. “In this case, the IRB would not release the IRB-approved informed consent document without final institutional approval of the study.”

When Lipkin provides this noncompliance example to groups of human subjects research professionals, it gets interesting: “When I show up and talk about this case at lectures and conferences, the vote is always split: Some think it’s serious noncompliance; some say it doesn’t rise to the level of serious, but is noncompliance; and some think it’s not noncompliance at all.”

If one were to go by the facts and ignore what they believe is the researcher’s intent, then it is serious noncompliance because the researcher essentially conducted research without IRB approval and had a patient participate in research without signed informed consent, Lipkin says.

“People who think it’s not noncompliance will say that there is no harm to the patient,” he adds. “We agree that safety was not an issue.”

But that is not how noncompliance is defined. Once the investigator began to bridge the patient over to heparin because the protocol called for that action, then the activity became a research procedure that required finalized IRB approval and informed consent, Lipkin says.

Research organizations can prevent these types of noncompliance — due to a lack of understanding of the rules — by improving research training and credentialing, he says.

“Researchers should have competency in conducting informed consent, reviewing adverse events, understanding documentation requirements, site management, and even research billing,” Lipkin adds. “It’s all about training and establishing core competencies.”