INTO THE BRAVE NEW WORLD OF INTERNET RESEARCH

We at Aspire are just beginning to see submissions for research done via the internet.  It’s an area we are still learning ourselves, and for which some of our processes are in development.  At this juncture, we would make only a few comments about internet-based research.  From our vantage point, the most salient concerns so far appear to be over consent and confidentiality.

Regarding consent, the existing regulations still apply (at least, pending any relevant revisions to the Common Rule, which will not be in place for at least a little while yet).  Absent the appropriate waivers, consent processes and documents (provided online) still must include all the required elements of informed consent.  Depending on the case, obtaining documentation—especially, an appropriate signature—of informed consent may pose a challenge.

Regarding confidentiality, we are reminded that the internet is not a secure medium.  Transmission of data may be vulnerable, and precautions must be in place to protect from hackers and other workers of maleficence, spyware, and the like.  Aspire will need to see a description of the processes in place to protect confidentiality.  As part of our review, we envision routinely asking our in-house IT professional to review and assess these processes.

A recent PRIM&R webinar on the subject suggested the following practices for describing confidentiality protections; anticipate that Aspire will ask for these with any submission for internet-based research:

·       Explain how data are transmitted.  Is a survey host used?  Will the host retain identifiable data, and will they be encrypted?

·       Explain how data are maintained—in individually identifiable form, aggregate form, anonymized, etc?  These points become especially critical if data sharing is involved.

·       Explain the data security plan.  The webinar cited the Harvard security plan (security.harvard.edu) as an example.

·       Do not guarantee absolute confidentiality—in fact, point out to subjects that such a guarantee cannot be made.

·       If aggregated anonymized data will be made publicly available, consider whether subjects could be (re)identified.  In general, keeping data de-identified or anonymized is a concern for any internet-based human subject research.

Also, as for any human subject research it reviews, Aspire will want to understand who has access to what data and how that access is protected or restricted (passwords and the like).

We are always committed to service, and for any internet-based research we review, we will work with our clients to be sure that we have and understand the appropriate information.  We will remain responsive and, to the degree permitted by law and regulation, flexible as we handle these requests.  Please don’t hesitate to call us to discuss.