Almost every paper or book on research ethics includes a cautionary reference to atrocities committed in the name of science or abuses resulting from a researcher's crass objectification of research subjects. Lurking in the background of the calls for more laws protecting human subjects are memories of the abuses at Auschwitz, and in the Tuskegee and Willowbrook studies. Contemporary research ethics is grounded in the desire to protect the individual from unknown, and at some level unknowable risks. Both the Declaration of Helsinki7 and the "Common Rule''8 (that forms the basis for laws protecting human subjects in the United States) reflect a philosophical framework that prioritizes individual autonomy, well-being,
7 Declaration of Helsinki, World Medical Association, Inc, adopted by the 18th World Medical Association General Assembly in June 1964, and revised most recently in October 2000. The Declaration is a statement of ethical principles to provide guidance to physicians and other participants in medical research involving human subjects, including research on identifiable data.
8 The federal regulatory framework for the protection of human research subjects is known as the Common Rule. It has been codified, in some cases with slight modifications, by 17 different federal agencies at 7 C.F.R. Part 1c; 10 C.F.R. Part 745; 14 C.F.R. Part 1230; 15 C.F.R. Part 27; 16 C.F.R. Part 1028; 21 C.F.R. Part 56; 22 C.F.R. Part 225; 28 C.F.R. Part 46; 32 C.F.R. Part 219; 34 C.F.R. Part 97; 38 C.F.R. Part 16; 40 C.F.R. Part 26.; 45 C.F.R. Part 46; 45 C.F.R. Part 690; and 49 C.F.R. Part 11. See 56 Fed. Reg. 28 002 (June 18, 1991), implementing Pub. L. No. 95-622, 92 Stat. 3412, Title III, Section 301 (Nov. 9, 1978).
and just distribution of burdens and benefits in the conduct of research.
Under the Common Rule, there are two different types of protection for research participants:
1. review of specific research protocols by an Institutional Review Board (IRB) to identify the risks to participants presented by the specific research protocol, and
The two protections become co-mingled because our regulations assign the IRB two different tasks. In addition to identifying and weighing the risks presented by the protocol, the IRB reviews the forms and documents used to obtain informed consent, and under certain limited circumstances, is authorized to waive the consent requirement with respect to a given research protocol.
As clinical interventions become more complex and involve newer scientific approaches, it is increasingly clear that competent and independent IRB analysis and review is indispensable for identifying and evaluating the desirability of subjecting individuals to the known and unknown risks of a researcher's proposed protocol.
With respect to research using medical archives, however, the risks are essentially the same in every study: all of the risks stem from the privacy interests of a data subject and the potential damage from potential non-research misuses of personal information in our society. The risk to the data subject from the research, therefore, is a direct function of the arrangements for data security and the potential for breaches of the security arrangements and dishonest behavior by a researcher in using or disclosing information for non-research purposes. Assuming that the researcher is obliged to use information only for research and to maintain adequate security to protect it from further disclosure or unauthorized use, none of the privacy risks stems from any specific research protocol itself. Rather, to the extent that different data analyses appear to involve more or less risk, the differences can be traced to social values and attitudes toward the subject matter of the investigation.
For example, most people would say that research relating to HIV or genetics involves greater privacy risk than research on the common cold. This perceived difference in the risk of the research is an illusion. Assume that a single database, maintained under tight security arrangements, is made available to two different researchers under confidentiality agreements that bind the two investigators to the same obligations regarding use and protection of the data. One is studying HIV infection and the other is studying staphylococcus infection. The privacy risks in both cases are the same; they stem from the adequacy of data security arrangements and the obligations imposed on the investigators. The appearance of differential risk stems from the current cultural perceptions of HIV, and the fact that people or institutions—other than the researcher—might misuse the information to embarrass or harm the data subject, if they were to gain access to the information. Similarly, test results from the various breast cancer genes only appear to be more sensitive than information about a family history of breast cancer. In fact, both could be misused in precisely the same way ifthey were to fall into the wrong hands. The fact that there are persons in our society who, if unchecked, might discriminate against individuals in violation of the law, or misuse information to disadvantage or harm a data subject, does not vary based on the subject matter of the research. Rather, the perceived differences among data projects reflect differences in the potential for social, psychological, or financial damage to the data subject in our society, assuming that there is a negligent or intentional failure of data security arrangements.9
9 Consideration of the danger from external factors rather than the research itself also has crept into agency interpretations of the concept of risk under the Common Rule. In 1998, in discussing revisions to the categories of research eligible for "expedited review'', the Department (through both the Food and Drug Administration (FDA) and the National Institute of Health (NIH)) stated that expedited review was impermissible where "identification of subjects or their responses would place them at risk of criminal or civil liability or be damaging to the subjects' financial standing, employability, insurability, reputation, or be stigmatizing, unless reasonable and appropriate protections will be implemented so that risks related to invasions of privacy and breach of confidentiality are not greater than minimal''. 63 Fed. Reg. 60 355, 60 366.
Unlike interventional research involving physical manipulation or intervention in the subject's care, nothing in the research design in a data-analysis project can control, eliminate, or mitigate these societal damages. In a data study, one cannot modify the dosing, the subject selection criteria, or the laboratory tests used to monitor the effect of the research manipulation on the individual. The events to be examined in the research have already occurred. The epidemiologic or outcomes researcher is an active observer of natural processes that have been recorded in the history of an individual's health care and health benefits interactions. An epidemiologic study, by definition, seldom can be shown to have a potential benefit to the individuals who are the data subjects. Rather, because the observed events and interventions have already occurred in the natural course of events, any benefit of the research is to the public health in general, or to succeeding generations that may benefit from innovations that may be developed. Accordingly, when, as is required by the Common Rule, the Review Board attempts to determine whether the "[r]isks to subjects are reasonable in relation to anticipated benefits, if any, to subjects, and the importance of the knowledge that may reasonably be expected to result from the research'',10 the Review Board is not being asked to weigh the risks the protocol poses to an individual in relation to the importance of the knowledge to be gained. Rather, the Review Board is being asked to consider the potential socio-psychological damage to an individual in our society based on the fact that he or she evidences the characteristic under investigation, assuming that there is a breach of data security that results in a disclosure of data outside the research context where the data are used for an impermissible purpose.11
As a result, the "weighing" question posed to the Review Board misses the mark entirely. It largely becomes a philosophical question about the
11 Under the Common Rule, data security is a separate issue from the issue of the relative risk and value of interventional research. Compare 45 C.F.R. §46.111 (a)(1) & (2) with § 46.111(a)(7).
importance of the knowledge that might be gained in comparison with how badly our society discriminates or misuses the particular characteristics that are under study. By comparison, for interventional research the Review Board evaluates the risk of the research protocol and proposes modifications to minimize the risk posed by the research. The Board evaluates the research risk in relation to benefits to the participant and the importance of the potential knowledge. The risk equation does not include consideration of the possibility that a negligent or intentional action that is not a part of the research protocol could result in the death or serious bodily harm of a participant.
The critical problem is that as formulated, the Common Rule's risk equation—when applied in review of a data-only project—is almost certain to devolve into a referendum on the value of the researcher's hypothesis. In fact, the vast majority of IRBs appear to avoid such tangled debates by establishing procedures under which most data-only studies fall into the category posing ''minimal risk'' to data subjects. The categories of studies eligible for expedited review under the Common Rule are specified in a guidance document promulgated by the Office for Human Research Protections.12 Under this guidance, where there is a risk of discrimination based on disclosure of the subject's responses or data, the research is not eligible for expedited review, unless "reasonable and appropriate protections will be implemen-ted''.13
The Department's introduction of "reasonable and appropriate protections'' in evaluating the risks inherent in data-only studies hints at the underlying issue that, in our view, should be of concern in any Board Review of a data study: does the study design appropriately limit use and disclosure of personal identifying information? And, does the researcher have adequate arrangements for data security?14 However, as currently
12 Categories of Research That May Be Reviewed by the Institutional Review Board (IRB) through an Expedited Review Procedure, 63 Fed. Reg. 60 355-67 (Nov. 9, 1998).
14 See, for example, Lowrance, (1997).
formulated, this decision is made in considering whether or not to have a full Board review of a study. In other words, the review itself is still premised on a risk-value inquiry that does not address the real questions about the risk posed by the research, i.e. the risk that identifying data might be used or disclosed for non-research purposes.
The concept of consent is critical in interventional research because the physical risks and rigors of the research will directly affect the individual and his or her health and well-being. The informed consent process helps to minimize the potential for coercion and for ensuring that the individual maintains control over what is done to him or her in the research protocol. In effect, it is a recognition of the value our society places on an individual's physical integrity and autonomy. A properly informed individual may decide to accept fairly significant risks. However, only in rare circumstances where the risk is judged to be minimal would our values and our current laws permit a researcher or Board to decide to subject others to physical risks without their knowledge; never would we expect an IRB to permit experimentation on human beings against their will.
In the context of archival research, where the researcher will access only information in existing records, the role of informed consent is conceptually different from consent to physical participation. As discussed above, assuming adequate data security arrangements and protection of direct identifiers, the research itself does not pose a risk to the data subject. Epidemiologic and outcomes research is concerned not with a specific individual, but with populations.
At best, therefore, any "informed consent'' discussion with individual data subjects is little more than an explanation of the researcher's hypotheses and research interests, and his or her promises and arrangements regarding the safeguarding of data. Because epidemiologic researchers are concerned with populations and not individuals, both of these discussions could be addressed in a more general manner, such as a researcher's data practices, and more effective communication to the public regarding research topics and how data archives are used in investigating them. A discussion between a researcher and an individual data subject may elicit sympathy or the "beneficence" of the data subject and a motivation to permit the records to be used. However, to the extent that the data subject dislikes the topic or the philosophical underpinnings of the research question, consent is little more than an invitation for the data subject to exert control over the researcher's inquiry by denying access to data.15 If this very natural exercise of power can be expected to occur fairly systematically (e.g. those who favor the researcher's point of view consent to use of their records and those who do not, decline to consent), then the records sample available for analysis of any kind is systematically biased and may not meet the criteria to be considered a valid sample for conducting the research.
Suppose that the discussion of the research topic is more neutral to minimize adverse selection, and the informed consent documents seek merely to inform the individual of the risks. As discussed above, the risks to the individual from data-only studies are from the potential misuses of information by «»«-researchers who obtain it through
15 Some have maintained that an individual's privacy interests justify his or her refusal to allow information to be used in research. To once again make the analogy to the banking world, this is analogous to the argument that I don't want you to lend my money to industries or activities that I find morally repugnant. In the financing case, the objection is rooted in the concept of unjust enrichment. Arguably, the situation is somewhat different where the researcher's endeavor is designed to contribute to the quality and innovation in health care and health care delivery. In this context, the reason that data pertaining to an individual are in the archives is because the individual already has availed him or herself from the resources of the health care system, and is, therefore, an unwitting, direct beneficiary of the quality improvement and innovation that has gone before. In this case, the equities, benefits, and distribution of burdens of the research process arguably warrant secure use of data without each individual's authorization. To say ''I do not what to know about that subject, and I do not want anyone else to learn about that subject'', runs counter to the freedom of inquiry on which our research and scholarly activities are based. Particularly where the researcher does not know or have access to information identifying individual subjects, it is difficult to make the case for the opposition other than as a differential value for free scientific inquiry.
illegal or negligent activities. A full statement of the risks might very well detail the various possible illegal acts that could cause damage to the individual's reputation, employment, insurability, etc. The individual has little or no way of estimating or evaluating the probability of these occurrences. Arguably, this is what the review Board should have done. The prudent individual, when confronted with a catalog of abuses that might occur if the information found its way outside of the research lab, would be hard pressed to find a reason why she or he should authorize the information to go to the lab in the first place.
As a practical matter, in institutions where data-only studies are subject to the Common Rule, it is widely understood that the rule "works" only because these studies typically are considered eligible for expedited review, and the reviewer decides to waive the requirement for obtaining the consent of data subjects. Any additional requirement that threatens to disrupt this accommodation, either by requiring the Board to debate and review the relative merits of the research question and society's potential for discrimination and privacy invasion, can do little more than increase the probability that the existing regulatory scheme may threaten the viability of valid epidemiologic and outcomes research. This is precisely the new requirement put in place by the medical privacy regulation for waiver of individual authorization.
Was this article helpful?