Take steps now to reduce burden

IRBs can improve without new regulations

As institutions wait to find out what comes out of the ANPRM, there are steps they can take now to work within the current regulations and achieve the Department of Health and Human Service's goals of lessening the burden on investigators and IRBs while still protecting subjects.

Jeffrey Cooper, who consults with institutions about improving their human subjects protection programs, says IRBs should look for ways to use exemption determinations and expedited review whenever possible for research that either doesn't involve human subjects or involves only minimal risk to subjects.

"People who do minimal-risk research, social and behavioral research, often feel that IRBs are over-regulating their research," says Cooper, MD, MMM, of Huron Consulting Group in Arlington, VA.

"If you look at the regulations, it's really quite easy to protect subjects in that kind of research by following the requirements of the regulations and that's it."

"You want to have a rational approach to risk assessment so that you can accurately determine whether risks are, in fact, minimal."

In addition to recommending that institutions uncheck the box on their Federalwide Assurances (see accompanying story, page 102), Cooper proposes waiving the requirement for written documentation of consent in most minimal-risk research. Cooper argues that it is usually unnecessary, and often an impediment to research, especially social-behavioral research in other cultures that view written documents differently than Americans do.

"You still need to talk to people, you still need to get their permission, but you don't need to get a signature from them on a piece of paper," he says. "That can be done on all research that involves minimal risk in which there's not some legal requirement outside the context of research to get written documentation of informed consent."

Cooper believes this approach can actually be more protective of subjects, as investigators focus more fully on the process of consent, rather than simply getting a signature on a piece of paper.

"Some investigators have told me, 'Now, I'm going to have to sit down with them, make sure they really understand what they're getting into, before I let them agree to take part in the study,'" he says.

He says the ANPRM doesn't really address the process of consent, focusing mostly on documentation issues.

"They talked about shortening the number of pages or having templates for what the paper should look like," Cooper says. "It was all about the paper and not about conversations between investigators and subjects."

Consistent decisions about minimal risk

Similar efforts to lessen regulatory burden are under way at Children's Hospital of Philadelphia, says Mark Schreiner, MD, chairman of the Committee for the Protection of Human Subjects.

Schreiner says his institution has determined that many categories of research are always minimal risk, even though they currently aren't in the expedited review categories.

For example, he says, his board has looked at some of the restrictions on blood draws and other procedures and found them to be excessive. So they've adopted limits they believe are more reasonable and if those are met, consider them to be minimal risk.

"For example, low doses of radiation we find to be minimal risk, all the time," Schreiner says. "A lot of studies go to full board just because there's a DXA [dual-energy X-ray absorptiometry] scan, which is a very low level of radiation. It's a fraction of a chest X-ray."

By making these consistent decisions about minimal-risk research, he says, "we think we can reduce the number of items that have to go to the full board, so we can focus on studies that have real risks and require expertise."

Magnitude vs. probability

Cooper says the ANPRM didn't address one problem he sees with risk assessment by IRBs. In his experience, he says, IRBs are good at determining the potential magnitude of a particular risk, but not the probability of it.

For example, he says an IRB might look at the potential for sharing of personal health data, seeing great danger in a laptop being breached, and require stringent security measures for that laptop.

"They'll say, not only do you have to lock your laptop in your office, but you have to lock it in your filing cabinet in your office," Cooper says. "And I'll say, 'Is the laptop encrypted? Because if the laptop is encrypted, you theoretically could leave it in the cafeteria and it would not be a risk.'

"What is the probability that an office will get broken into? What is the probability that someone will be able to read the information off the laptop and disseminate it in a way that will be bad?"

He encourages IRBs to really investigate the probabilities of risks: How many offices have been broken into at their institution? How many laptops stolen?

"There are things you can do to get some information to help you determine that, and that can be compared against the probability and magnitude in daily life."

Cooper says that when IRBs do that kind of risk assessment homework, they start to focus more on the real risks to participants. "And sometimes, they realize that things they didn't care about are truly a risk and need more [protection] than what they were thinking about."