Who constitutes the IRB at UA Little Rock?
The IRB has representatives from every college and the two libraries: Ottenheimer and Law. Since UA Little Rock provides oversight for the Clinton School for Public Service, it too has a representative. Per federal regulations, the Board also has a community member who is unaffiliated with the university. Board members are appointed by the Chancellor for five-year terms that are renewable. Chairs are elected by the Board and their appointments confirmed by the Chancellor. They serve two-year terms that are also renewable.
Who decides what is human subject research?
While the federal guidelines outline the criteria for what constitutes “human subjects research” (Code of Federal Regulations 45CFR46) (currently referred to as human participant research) they discourage researchers from being the evaluators of whether their research meets these criteria. Therefore, the UA Little Rock IRB encourages all researchers to seek IRB oversight of their projects. If it is determined to be NHPR (Not Human Participant Research, formerly NHSR), then the project proceeds without interruption, as long as nothing changes. A change in a project may result in a change in the nature of the project and might require a protocol submission.
What does IRB oversight mean?
Oversight means that the IRB has reviewed the project and has determined it to be either Human Participant Research (HPR) or Not Human Participant Research (NHPR).
What is the difference between NHPR and HPR?
A project that has been determined Not Human Participant Research does not require continuing IRB oversight as long as the project or its elements do not change. Staff can join or leave. However, changes to intent, methodology, or participants can change the project to HPR (Human Participant Research) and require oversight. Researchers are encouraged to have all their staff CITI (Collaborative Institutional Training Initiative, (www.citiprogram.org) certified, even if the project is NHPR.
Who must seek IRB approval at UA Little Rock?
All faculty, staff and students must have IRB oversight of any human research project in which they are involved, irrespective of whether they are collecting new or using existing data. Anyone outside UA Little Rock who seeks to recruit UA Little Rock faculty, staff, or students for their study must seek IRB oversight before beginning recruitment. Faculty, staff and students may not recruit UA Little Rock faculty, staff and students (or use their data) for research or any projects without prior UA Little Rock IRB oversight.
Are the IRB oversight guidelines the same as at other institutions?
Every institution establishes its own level of oversight (e.g., protection for participants, and therefore also for the researcher and the institution.) This level is determined by the Institutional Official, and at UA Little Rock that is the Chancellor of the university. UA Little Rock has signed a Federal Wide Assurance that commits the institution to complying with federal guidelines of human participant protection irrespective of source or existence of funding. The institution applies its policies and procedures equally to all participants.
Do I need IRB oversight if I do not plan to publish (or disseminate) my project?
If a project does not require IRB oversight it can be disseminated, as long as the data is presented in the same manner as it was collected: new questions are not asked or data is not compiled or analyzed in ways that are not directly associated with the initial purpose. If it was not research when it was collected, dissemination does not make it research. The matter can be confusing as often intent to disseminate (or publish) can be equated with the intent to contribute to the literature and generalizable knowledge, which are part of the federal definition for research. Also, federal regulations discourage researchers from being the ones to determine whether their research needs oversight. The safest course of action, and the recommendation of the UA Little Rock IRB, is that the decision be left to the IRB.
What training must researchers have before any research may commence?
All individuals who will come in contact with research participants or their data must have Collaborative Institutional Training Initiative (CITI) training in the Protection of Human Research Subjects which includes a review of the Belmont Report, outlining “Ethical Principles and Guidelines for the Protection of Human Subjects of Research (www.citiprogram.org). CITI training is online and free of charge.
Researchers must complete at least the basic training under GROUP 1. Each module must be completed at a score of 100%. The completion record that lists which modules were completed, the score and pass date must be attached to the protocol for each individual who will come in contact with research participants or their data.
Researchers are encouraged to consider doing additional optional modules appropriate to the research being conducted. IRB reviewers may require additional modules as well. These modules should also be completed with a score of 100%.
How long is a CITI valid?
A CITI certificate is valid for three years.
What is a passing grade in CITI?
Each module must be passed at 100%.
Types of Review:
At UA Little Rock, there is only one type of review. The reviewers determine whether a protocol needs to come to Full Board Review. All reviews are handled expeditiously with the same level of rigor.
How does the IRB review process work?
Every protocol is reviewed simultaneously by two reviewers. After reading the protocol independently, they collaborate on the feedback that is then forwarded to the PI. Reviewers are expected to provide feedback (an approval or request for changes or clarification) within 10 business days of being assigned the protocol. The IRB Administrator then forwards this to the researcher who submitted the protocol (the Primary Investigator, or PI, and faculty advisor if the PI is a student). If the protocol requires a response from the PI, the revision is re-assigned to one of the first two reviewers who initially read it. The reviewer is then expected to respond to the revision with 10 business days. Most protocols are reviewed only once. It is important to note that sometimes a revision will reveal other issues, and what may appear a straightforward request confounds or complicates and then more revisions may be necessary. PIs are encouraged to revise a protocol holistically and assess whether a change in one place requires a change in another element or document.
A review process is complete when the protocol clearly describes the purpose and methodology and the support documentation is sync with the protocol. The IRB Administrator then sends a letter notifying the PI what the decision is: HPR or NHPR. If the protocol is determined to be HPR, the letter also indicates when the protocol will expire.
The protocol must be “active” for the duration of data collection. Student protocols are approved for no more than 1 year and faculty protocols are approved for no more than 4 years.
What does it mean that I have been invited to a Full Board Meeting?
A researcher (or researcher and supervising faculty member) may be invited to a Full Board meeting if federal guidelines require it receive full board oversight (such as research with prisoners); the topic of the study is sensitive; the protocol is complex and the reviewers feel it will be more efficient to talk directly with the researcher.
The researcher will receive a letter with a date and time of the meeting. During the meeting, a note taker will keep track of the conversation and the decisions reached by the Board in the course of the conversation. This letter will be forwarded to the researcher (and faculty member) within approximately 48 hrs. to allow the researcher to make any necessary changes to the protocol.
For how long may a protocol be approved?
All protocols are approved for no longer than one year.
To whom do I submit my request?
All IRB requests must be submitted electronically as one PDF file to the IRB Administrator at email@example.com.
My protocol is about to expire, what should I do?
If you are no longer collecting data, there is nothing to do. If you still are or want to collect data, you must submit a Request for Continuation. This is a short form that basically says that everything has remained the same except that you need more time. Be sure to leave enough time for a review! The review time frame is the same for any type of review. If you submit the Request for Continuation shortly (1-2 weeks) before the protocol expires, you run the risk of it expiring before the continuation has been approved. If that happens, you will have to start the whole review process again.
My protocol expired and I want to recruit and collect more data. What should I do?
You will need to submit a new request for review and start the process from scratch.
My protocol is still “live” but I need to make a change. What should I do?
Any change in participants, staffing of research team, methodology, or documents requires a Request for Modification form. It is short and addresses only the change itself. The review process is the same as that for any other type of review. When the change is approved it automatically restarts the clock on the life of the protocol.
What should I do if I want to recruit participants off campus?
If the researcher is a faculty member, it is the researcher’s responsibility to identify and seek permission to recruit participants. Permission to recruit is a process (letter, email, phone conversation) whereby the researcher seeks permission from an authorized individual to recruit or approach individuals about future participation. State agencies, school districts, other academic institutions, shopping malls etc., may not appreciate researchers recruiting their employees or clients without the appropriate permissions.
Student Research. If the researcher is a student, the supervising faculty is the one responsible to ensure that this process is observed. Faculty are not required to provide letters of support, however, they are encouraged to identify whom they will contact and document that they have. Students must obtain written permission to recruit.
STUDENT RESEARCH AND CLASS PROJECTS
What is the required training for student-researchers?
Class Projects. Faculty are encouraged to have (or require) students participating in classes that teach (about) research to undergo CITI training in the Protection of Human Research Subjects which includes a review of the Belmont Report, outlining “Ethical Principles and Guidelines for the Protection of Human Subjects of Research (www.citiprogram.org). CITI training is online and free of charge.
Student-researchers must complete at least the basic training under GROUP 1. Each module must be completed at a score of 100%. The certificate that lists which modules were completed, the score and pass date must be attached to the protocol for or each individual who will come in contact with research participants or their data.
Student-researchers are encouraged to consider doing additional optional modules appropriate to the research being conducted. IRB reviewers may require additional modules as well. CITI training is online and free of charge.
Do class projects need to seek IRB oversight?
The UA Little Rock IRB recognizes that many class projects, conducted solely for the purpose of teaching a skill, do not meet the federal guidelines. However, a faculty member may require any and all projects in a class to come to review. If so, the instructor is encouraged to coordinate this with the IRB so that it can respond in a timely manner to the influx of protocols.
Any class project that does not seek IRB oversight becomes the responsibility of the instructor. In this case the instructor will bear responsibility for any complaints or problems.
What permissions are needed for students who want to collect data off-campus?
Students who collect data off campus should have certain safeguards in place. One such safeguard is letters of permission or authorization. Recruiting in a mall may result in complaints by mall owners. Observation studies in a public place might trigger a complaint of stalking or loitering. Instructors are encouraged to consider these issues before permitting students to collect data off campus.
Student research submitted for IRB oversight must have letters of permission before they start collecting data. Permission to recruit is a process (letter, email, phone conversation) whereby the researcher seeks permission from an authorized individual to recruit or approach individuals about future participation. For example: A researcher wishes to interview teachers at a school. The researcher approaches the regional supervisor, the School Superintendent, in the Board of Education for permission to approach a principal to ask if teachers may be interviewed.
Student researchers must have such authorizations in writing. The letter must be attached to the protocol. The letter may be prospective (what will be sent after IRB approval is obtained) or retrospective (what was sent). Note: Retrospective letters may require modifications as a result of IRB review.
What are the policies regarding submitting classroom projects to UA Little Rock showcases or other venues?
Projects that were developed only for training purposes may be presented on campus, physically or online (as long as the platform is restricted to the UA Little Rock faculty and students) with the following statement prominently displayed:
The project is not defined as research per federal guidelines because it was conducted to meet the educational requirements of (insert class title here) under the supervision of (insert name of instructor.) It was not reviewed by the UA Little Rock IRB. (RPP 5.01)
Class projects that have not received IRB oversight may not be presented outside of the university in any shape, way or form.
May I recruit students in my own classes?
There are two situations in which instructors may want to use data from their own class:
The study does not require the specific students enrolled in the class, however, they are convenient. In such instances, it is important to set up a firewall to protect students from coercion. The instructor can tell students about the project or recruitment can be done by a third party. In both cases, students tell a third party whether they are willing to participate. The third party manages the process and the instructor does not know who said yes or no until grades are submitted. Obviously, extra credit is not possible in this case. Students need to be advised of this process, before they decide about participation.
- Student work is necessary for the study:
There are several ways this can be done. One way, is that the class proceeds as usual. Students are informed about the study and are asked to indicate to a third party whether the instructor may use their work for research purposes. The instructor collects the work. After class ends and grades are in, the third party tells the instructor which assignments may be used in the research. A variant is that the third party receives all the work (or copies of it) and provides the instructor with deidentified work of students who agreed to participate. Students must be advised of this process before they agree to participate.
Giving extra credit in one’s own class may be problematic. It is discouraged by the IRB and instructors are urged to find participants outside of their own classes. Extra credit cannot be offered in such a way that it privileges one group of students (those who can or want to participate in research) over another (those who cannot or do not want to.)
ALTERNATE RESEARCH LOCATIONS AND RESEARCH CONDUCTED IN LANGUAGES OTHER THAN ENGLISH
Is there documentation necessary for authenticating translations of research-related documents?
Any document associated with the research (letter of permission, recruitment, questionnaires, interview protocol etc.,) that is not in English must have the translation certified. When the translation is from another language to English: 1) A translator (whose credentials need to be identified in the protocol) translates into English and 2) another person (whose credentials need to be identified in the protocol) translates from English into the other language. When the translation is from English to another language: 1)A translator (whose credentials need to be identified in the protocol) translates into the alternate language and 2) another person (whose credentials need to be identified in the protocol) translates from the other language into English
Do I need IRB approval from an overseas institution?
If the research is in collaboration with an academic institution overseas, the UA Little Rock researcher must also ensure that the protocol is in compliance with the local human protection program. Often called the Helsinki Committee, most academic institutions require some vetting process. The PI is encouraged to investigate what the local requirements are. UA Little IRB oversight does not serve as a substitute for the local (foreign) institution or organization.
If data is collected at several sites, do we all need to go through our respective IRBs?
Researchers collaborating with other institutions must meet the requirements of all IRBs. Any institution may defer oversight to the other, however this is a formal process and it must be documented.
If the goal is to collect data elsewhere and not collaborate, the local site IRB must be consulted. This too must be documented.
What is a consent process?
All contact about data collection should have some form of consent process, even if the project is not human participant research. If a protocol is submitted, this process should be documented.
What is the difference between waiver of documentation of consent and waiver of consent?
Rarely does the UA Little Rock IRB agree to a waiver of consent. Individuals have a right to know what they are being asked to do and agree before participating in research. When such a process is not feasible or is problematic, the request for waiver must be justified in the protocol.
A waiver of signed consent is more common. There are cases in which the signed document may place the participant at risk or in which the record provided by a signed document is not necessary. In these cases, the researcher should explain the reasons for the request. The researcher must outline the alternative process that will be employed to ensure consent is obtained, even if it is not documented.
What is the difference between permission to recruit and a Consent Form?
A consent form or consent process is the dialogue (verbal or in writing) between a researcher and a participant in which the former ensures that participants are informed about the research in which they are being asked to participate. Federal guidelines establish the minimal elements that must be discussed or addressed in a consent form or process.
Permission to recruit is a process (letter, email, phone conversation) whereby the researcher seeks permission from an authorized individual to recruit or approach individuals about future research participation. For example: A researcher wishes to interview teachers at a school. The researcher approaches the regional supervisor, School Superintendent, in the Board of Education for permission to approach a principal to ask if teachers may be interviewed.
Student researchers must have documentation of the authorization to recruit. The letter must be attached to the protocol. The letter may be prospective (what will be sent after IRB approval is obtained) or retrospective (what was sent.) Note: Retrospective letters may require modifications as a result of IRB review.
Should I use my home telephone or address, etc., as contact information for participants?
Faculty and student researchers are discouraged from providing personal addresses, cell phone numbers or emails as contact information.
What is the difference between anonymity and confidentiality?
Anonymity is when there is no way, even for the researcher, to identify who a participant is or what data is associated with any person. Example: Survey sent to a listserv, and there is no record (IP address or otherwise) of who answered which questionnaire. Another example: A questionnaire is distributed to a large class, a scantron is attached, no identifying information is present on the scantron or the questionnaire.
Confidentiality is when the researcher knows who participated, irrespective of whether one can link a person to a set of answers. However, the researcher will not present the results of the research in a way that will identify a particular participant. If the participant pool is small, it may be impossible to ensure confidentiality even if data is presented in the aggregate.
How to implement a consent process when the data is collected electronically (i.e., via a computer)? When data is collected via the computer (surveys etc.), the first page of the questionnaire, survey, cover letter must be a modified consent form. The minimal elements are those required by the federal guidelines. If possible, participants should have an option to print off the consent page, or access it in some form in the future.
Since a signature is not possible, the last statement should reflect the consent statement and include a statement indicating that by continuing, or completing the survey, questionnaire etc., the participant has provided consent.
When and how should I encrypt my data?
- At the first point of data entry, for example, when entering data into Word, Excel, or any other program. encrypt the file when you save it. An the advisor must have access and encryption key.
- When data is stored in the cloud during data collection, analysis, or final storage identify the cloud storage platform. Encrypt the data before placing into the cloud. Data in Google Drive (UA Little Rock) and Microsoft One Drive (UA Little Rock) are encrypted. However, you should encrypt the files with a key that is accessible to you (and advisor if the PI is a student) before placing the data in the cloud site which also encrypts the data. If you are storing the data in another cloud platform, tell us whether they encrypt the data.
- If the data is not stored in the cloud provide the physical location and security measures. The data still needs to be encrypted.
Further security measures may be required when sensitive data is stored.
Instructions for Microsoft documents can be found at:
Type a password, then type it again to confirm it. Save the file to make sure the password takes effect. Go to Review > Protect Document. Under Security, you can select whether to enter a password to open the document, modify the document, or both. Enter each password again to confirm.
Example of free encryption software:
May I recycle or repurpose data I already collected?
In this age of technology data is in abundance. If data was collected in one situation that was not for research (instructor evaluations, feedback from workshops etc.) and a researcher wants to use it for another project, an IRB protocol must be submitted. This is considered secondary data analysis. Even if the first data was collected under IRB oversight, the research question (intent) has changed and the project requires new oversight.
Data collected under any circumstances may not be handed over to students for research purposes (such as independent research projects, thesis or dissertation) without submitting a protocol. IRB oversight is required.
How do I transfer data I collected to a researcher at another institution, or take it with me when I leave?
If a UA Little Rock IRB-approved research project (whether active or expired with the UA Little Rock IRB) is to be fully transferred to another institution or facility, the principal investigator is responsible for (1) complying with the new institution’s policies and procedures; (2) complying with the researcher’s UA Little Rock departmental requirements; (3) retaining research records consistent with participant protection regulations; and (4) properly closing the research protocol with the UA Little Rock IRB.
What are the requirements for the storage of human participants research records?
During the retention period (at least 3 years after completion of the research) data, signed consent forms, and other documentation related to human participants must be stored in accordance with the project’s IRB-approved protocol. Access to data, signed consent forms, and other documentation related to human subjects must be limited to those authorized on the IRB-approved protocol as having access to study data.
All direct, identifiable subject information must be encrypted while stored on a computer or electronic external device. In addition, the computer on which direct identifiable subject information is stored must be password protected.
When use of study codes is specified within a project’s IRB-approved protocol, the following procedures must be adopted to enhance the level of protection provided to participants:
- Stored coded data may not include information that could be used to directly identify a subject.
- Signed consent forms must be stored separately (i.e., separate computer, separate locked filing cabinet) from coded data.
- Signed consent forms and the study code key must be stored in a secure manner; examples include storing on a password-protected computer, in an encrypted manner, or within a locked filing cabinet.
- The study code key must be stored separately from coded data. At a minimum, the following standards related to the use of study codes must be implemented, as applicable:
- When storing the study code key and coded data electronically, the study code key and coded data must not be stored on the same computer.
- When storing the study code key and coded data as hardcopy documentation, the study code key and coded data must not be stored in the same locked filing cabinet.
Requirements for the retention of human participants (subjects) research records
- In accordance with Federal Regulations 45 CFR 46.115(b), records related to research shall be retained for at least 3 years after completion of the research. All records shall be accessible for inspection and copying by authorized representatives at reasonable times and in a reasonable manner. It is the principal investigator’s responsibility to ensure compliance with 45 CFR 46.115(b).
- Following the minimum 3-year retention of data, direct or indirect identifiable subject information (including the study code key and demographic information that could reasonably identify a subject) must be destroyed in accordance with the IRB-approved protocol. De-identified data may be retained indefinitely.
- Human participant research records of open UA Little Rock IRB protocols containing directly or indirectly identifiable subject information, including the study code key and demographic information that could reasonably identify a subject, must remain at UA Little Rock or at the institution/facility specified on the approved IRB research protocol. Requests to move the data must be approved by the UA Little Rock IRB via a Request for Modification.
- Human subject research records of closed UA Little Rock IRB protocols, including identifiable subject information may be removed from the UA Little Rock premises without UA Little Rock IRB approval; however, records must be retained in a manner that will preserve the level of protection promised to subjects.
What is noncompliance?
Non-compliance is a situation when research is being conducted without the appropriate oversight. Some examples of incidences of noncompliance are: A PI knew that oversight was needed but did not pursue it; a protocol expired and the research continued; a form is changed and used in the research without prior IRB approval; a PI cannot find consent forms that should still be in his or her possession; a student is assured by a faculty member that IRB is not needed; a faculty advisor is unaware that a student is collecting data for which there is no IRB oversight; Noncompliance is also ignoring communications from the IRB about a possible study or project.
Noncompliance may vary in severity and in its consequences. In cases of student research both the student and the faculty advisor may be found responsible of noncompliance.
What should I do if I know or suspect that someone has engaged in an incidence of noncompliance?
Anyone who knows or suspects such an incident should contact the Research Compliance Officer, IRB Administrator, an IRB board member or Chair and provide whatever information is available. The IRB adheres to the federal whistleblower guidelines. Also, anonymous reports are accepted. An email can be sent to firstname.lastname@example.org or a call placed to the Research Compliance Officer or the IRB Administrator (501.916.6209, respectively.)
What happens to me if I report a suspected incident of noncompliance?
If you have identified yourself, you may be asked more questions by the Research Compliance Officer, IRB Administrator or Chair. You will be offered all protection you are are entitled to by Federal law under the Inspector General Act of 1978. The Research Compliance Officer or IRB will not, after receipt of a complaint or information from a whistleblower, disclose the identity of the employee without the consent of the employee, unless the Full Board determines such disclosure is unavoidable during the course of the investigation. In such instances, the you will be notified as soon as possible.
What happens after I report a suspected incident of noncompliance?
UA Little Rock IRB is committed to investigating all claims of noncompliance.. Usually, a PI (or faculty supervisor and student PI) will receive a letter saying that concerns have been raised. The researchers are instructed to stop immediately any research activity. In the same letter, or shortly thereafter, the PI will be asked to answer questions that try to clarify what has occurred. Sometimes, the answers resolve the situation, and no further actions are taken. If the answers appear to support the allegations of noncompliance, the Board will appoint auditors, other Board members to further investigate the situation.
After the investigation, the Board decides if an instance of noncompliance has occurred and how severe it was. Also, the IRB may advise other functionaries (Chancellor and others) of the situation and its implications. The IRB will issue a letter of finding to the PI and address any consequences that arise from the incident. Severe and, or, continuing, noncompliance is reported to the federal government.
UNANTICIPATED PROBLEMS and ADVERSE EVENTS
What is an unanticipated problem involving risk or adverse event?
While conducting research situations may arise that causes harm to an individual, or which placed individuals at increased risk of harm, or new information arises that indicates a previously unknown risk. The event, problem, or new information may be related or possibly related to the research procedures. The individual might be a participant or a non-participant. See p. 147 of the Policies and Procedures Manual.
What should I do if an unanticipated problem or adverse event occurs?
The first action is to protect the wellbeing of participants. Then report the matter immediately to the Research Compliance Officer at 501.916.6209. The Research Compliance officer will facilitate informing the necessary functionaries and agencies.
Does Action Research require IRB oversight?
It may. The safest course of action it to consult the IRB.