Updated: July 27, 2018
- Federal Policy for the Protection of Human Subjects (New Common Rule)
- Notice of Changes to NIH Policy for Iussing Certificates of Confidentiality (CoC) and Clinical Trial Definition
- Notice of the EU GDPR - Effective May 25, 2018
(Updated April 30, 2018)
On April 19, 2018, HHS released an NPRM proposing to delay the general compliance date for the revised Common Rule until January 21, 2019. A 30-day comment period will be open until May 21, 2018.
In addition to delaying the general compliance date, the NPRM proposes to allow institutions to implement three "burden-reducing provisions" of the revised rule during the delay period:
(1) use of the revised definition of "research," which deems four categories of activities not to be research;
(2) the allowance for no annual continuing review of certain categories of research; and
(3) the elimination of the requirement that institutional review boards (IRBs) review grant applications or other funding proposals related to the research.
Read the April 2018 NPRM in the Federal Register.
Please note: the revised Common Rule does NOT apply to FDA-regulated or human subjects research supported by the Department of Justice.
What does this mean for GT researchers?
The regulatory changes were designed to reduce administrative burden and to enhance the protection of human subjects. The GT Human Research Protection Program is working to implement the revised regulations. The revisions will include changes to the IRB Portal (IRBWise), policies, and some procedures. There are some specific changes that may be of interest to many GT researchers. These changes are described below.
New Exempt Categories
The Common Rule defines three levels of review for human subjects research: exempt, expedited, and full (committee). The new Common Rule broadens the types of research that may be determined to be exempt from IRB review. For example, starting January 19, benign behavioral interventions conducted with adults may be determined to be exempt. Also, the collection of identifiable, sensitive information from adults may be determined to be exempt; however, this new category requires a limited IRB review to determine that appropriate privacy and confidentiality protections are in place. Submission to the IRB office to obtain the Exempt determination is still required.
Continuing Review Changes
Some minimal risk research will no longer require continuing review (renewal). A general progress report will be requested at a period determined by the IRB during initial review but research activities can continue as approved without waiting for the IRB to acknowledge the report. Such projects will not be assigned an expiration date unless a justification for continuing renewal exists.
Consent Form Changes
Consent forms must begin with a concise and focused presentation of the key information that is most likely to assist in understanding why one might or might not want to participate in the research. Consent forms must now include information regarding the potential for future use of de-identified data and biospecimens.
The revised Common Rule can be found at https://www.hhs.gov/ohrp/regulations-and-policy/regulations/finalized-revisions-common-rule/index.html
Additional resources can be found on the CITI site at https://about.citiprogram.org/en/final-rule-resources/#irbimpact
Notice of Changes to NIH Policy for Issuing Certificates of Confidentiality (CoC) and Clinical Trial Definition
Under the new policy, as of October 1, 2017, NIH-funded researchers will no longer have to request a CoC, nor will they receive an actual certificate. The CoC will be issued automatically to NIH-funded grants, cooperative agreements, contracts and intramural research projects funded wholly or in part by the NIH that collects or uses identifiable, sensitive information. Compliance with the requirements of the law will become a term and condition of award. All research that was commenced or ongoing on or after December 13, 2016 and is within the scope of this policy is issued a Certificate through this policy.
More information on Certificates of Confidentiality
Investigators who will be seeking NIH support of clinical trial should review the new and pending NIH policies including: the NIH Definition of a Clinical Trial the Requirements for Registering & Reporting NIH-funded Clinical Trials in ClinicalTrials.gov requirements for Good Clinical Practice Training, and the Single IRB Policy for Multi-site Research.
What is the EU GDPR and when does it take effect?
The European Union General Data Protection Regulation (“EU GDPR”) is a new and more stringent regulation governing the use of personal data. It imposes new obligations on entities that control or process personal data about people who are located in the European Union. This regulation applies both inside the European Union (“EU”) and outside of the EU, and applies to data about anyone in the EU, regardless of whether they are a citizen or permanent resident of an EU country.
The regulation took effect on May 25, 2018.
What information is subject to the EU GDPR?
The EU GDPR applies to the control or processing of ‘personal data,’ which is defined as:
Any information relating to an identified or identifiable natural person (the data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that natural person.
Examples of identifiers include but are not limited to: name, photo, email address, identification number such as GT ID#, GT Account (User ID), physical address or other location data; IP address or other online identifier.
What does this mean to YOU as a GT researcher?
If you obtain personal data about any human subject or research collaborator located in the European Union, this policy applies to your research.
Please refer to the following links for further details:
- EU GDPR and Georgia Tech's Institute Policy
- GT's Office of Research Integrity Assurance EU GDPR Consent Form for Sensitive Personal Data
- Researcher’s EU GDPR Human Subjects Research Data Protection Regulation Privacy Notice