Request for Data and Information
Once participants consent to the study, the study team is required to protect their privacy and the confidentiality of their information to prevent its accidental disclosure or loss. Protecting privacy means collecting data in such a way that participants’ information or personally identifiable information (PII) is not seen or overheard by others. For example, they take surveys in a private space where others cannot view their answers. Protecting confidentiality of participant information means:
(1) Not sharing information about participants except with those authorized to have it; and
(2) Complying with a study-wide plan for secure collection, transfer, storage, and use of participant information.
Data Security: The agency and the evaluator who was chosen to conduct the study have a collective responsibility to protect participant information and assure its data security. All parties will need to work together to create a climate of accountability and responsibility for the data collected, shared, and analyzed. Part of the accountability and responsibility includes establishing a data security plan. A data security plan describes the requirements to protect PII and identifies potential penalties for losing data and for failing to destroy data once they are no longer needed. It lays out steps to inform individuals or entities that their information was lost, stolen, or otherwise compromised. Robust data security can help safeguard against the accidental loss or disclosure of participants’ information. The SWA and the evaluator will need to work out the specifics as they apply to the evaluation.
In research, as in life, things do not always go as anticipated. For this reason, the evaluator should have a plan for handling adverse events and unanticipated problems. Examples of unanticipated problems concerning the protection of participant rights include the following:
- A participant is visibly upset by the questions during the survey;
- The evaluator learns that a participant is at risk of harm;
- A participant or his/her parent/guardian has serious concerns about the study;
- Study procedures were not followed (e.g., participant consent or data security); and
- Study data are lost (e.g., consent forms or paper and pencil surveys).
The agency will want to be sure that the selected evaluator is prepared for such potential problems and may want to have specific procedures in place for the evaluator and the program operator to work together to resolve such issues should they arise.
- Illinois Public Aid Code, 305 ILCS 5/11-9
- Medicaid, 42 U.S.C. §1396a(a)(7), 42 C.F.R. 431.300-307
- Temporary Assistance for Needy Families (TANF), 42 U.S.C. §602(a)(1)(A)(iv)
- Supplemental Nutrition Assistance Program (SNAP), 7 U.S.C. §2020(e)(8), 7 C.F.R. 272.1(c)
- Public Assistance Programs, 45 C.F.R. 205.50
- 89 Ill. Admin. Code 10.230
- Health Insurance Portability and Accountability Act (HIPAA), 45 CFR Part 160, Part 162, and Part 164
- The Privacy Act of 1974, 5 U.S.C. §552a
- Illinois Personal Identification Protection Act (PIPA), 815 ILCS 530/1
- Federal Information Security Management Act of 2002 (FISMA), 44 U.S.C. §3514
- Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99)
- Mental Health and Developmental Disabilities Confidentiality Act, 740 ILCS 110
- Mental Health and Developmental Disabilities Code, 405 ILCS 5
- Alcoholism and Substance Abuse, 42 C.F.R. Part 2
- Substance Use Disorder Act, 20 ILCS 301
- Illinois Controlled Substance Act, 720 ILCS 570/318
*Each agency has its own IRB process. Work within your agency for specific agency IRB processes.*
The primary purpose of the Institutional Review Board (IRB) is to protect the welfare of human subjects used in research. If the type of evaluation proposed requires IRB approval, factor appropriate time into the schedule for review, approval, and continuing review. IRB reviews can take considerable time and may have cost implications to both the schedule and the budget.
To ensure appropriate protections are in place and maintained, IRBs serve as an independent and objective ethics committee to ensure the protection of human subjects. An IRB’s job is to approve (or disapprove) human subjects’ research or require modifications prior to approval. IRB review should occur prospectively—that is, before study procedures are implemented. IRBs are also responsible for continual review by monitoring active research projects, reviewing and addressing any unanticipated problems, and reporting serious adverse events to regulators. IRBs have the authority to suspend or terminate research that does not comply with the rules to protect research participants from harm. The table below summarizes the main roles and responsibilities of IRBs. IRBs are registered and regulated by the Department of Health and Human Services (HHS). In general, IRBs are at medical centers and universities; although, some research firms also host their own IRBs.
The selected evaluator will likely have experience with and knowledge about which IRB to use and how to contact the IRB, and the overall process involved to receive approval for the study (if required) before engaging human subjects. The IRB will let the evaluator know whether the study is “exempt” from review or is “non-exempt” and needs to undergo a formal board review.
The decision to include a protocol for IRB review—and the level of review, either expedited or full board— depends on a variety of the following factors, the:
- Level of risk to participants overall and relative to the potential social benefit of the research;
- Vulnerability of the population under study; and
- Steps the evaluator takes to minimize risks and safeguard participants.
Generally, studies that may pose minimal or greater than minimal risk to participants need review by the IRB. Evaluation requirements that constitute exempt research, minimal risk, or greater than minimal risk are decided by an IRB, not the evaluator.
The process could take anywhere from one to several months. The time it takes to prepare an application for IRB review, have it reviewed, respond to comments or requests for revisions, and receive approval depends on both the complexity of the research project and the level of risk it poses to participants.
Four major areas for consideration during the IRB review process include:
- The study’s procedures for informed consent;
- How the evaluator will protect privacy and confidentiality;
- The plan for data security; and
- How the evaluator will handle adverse events and unanticipated problems.
These factors have very real, on-the-ground implications for how the study will unfold. The state agency sponsor for the study will want to be aware of and may be involved in executing these aspects of the study protocol.
Informed Consent: To collect information from and about individuals participating in a research study, the evaluator needs to obtain their legally effective informed consent (or that of a parent or guardian if the participant is a minor under age 18). Obtaining informed consent includes giving prospective study participants sufficient opportunity to consider participation and minimizing undue influence and coercion. Informed consent is a process (not just a form) that begins with explaining the study. The information provided to prospective participants during the consent process must help them understand the implications of participation. It is essential to disclose all relevant information honestly and to give each individual the opportunity to ask questions and receive answers to their questions.