Hostname: page-component-745bb68f8f-5r2nc Total loading time: 0 Render date: 2025-02-11T04:47:39.607Z Has data issue: false hasContentIssue false
  • English
  • Français

Informed Consent for Secondary Research under the New NIH Data Sharing Policy

Published online by Cambridge University Press:  19 October 2021

Mark A. Rothstein
Rights & Permissions [Opens in a new window]

Abstract

The new NIH data sharing policy, effective January 2023, requires researchers to submit a data management and data sharing plan in their grant application. Expanded data sharing, encouraged by NIH to facilitate secondary research, will require informed consent documents to explain data sharing plans, limitations, and procedures.

Keywords

Data ManagementData SharingInformed ConsentNIH PolicySecondary Research
Type
Columns: Currents in Contemporary Bioethics
Information
Journal of Law, Medicine & Ethics , Volume 49 , Issue 3: Malingering & Health Policy , Fall 2021 , pp. 489 - 494
Copyright
© 2021 The Author(s)

Policies of the National Institutes of Health (NIH) increasingly have required federal grantees to share data broadly. 1 The latest and most comprehensive policy was published in the Federal Register on October 30, 2020, with an effective date of January 25, 2023. 2 The Final NIH Policy for Data Management and Sharing was designed to promote the management and sharing of scientific data generated from NIH-funded or conducted research, subject to certain limitations or exceptions. “Data sharing enables researchers to rigorously test the validity of research findings, strengthen analyses through combined datasets, reuse hard-to-generate data, and explore new frontiers of discovery.” 3

Researchers planning to generate scientific data 4 will be required to submit a data management 5 and data sharing 6 plan 7 to the funding NIH institute, center, or office as part of the budget justification section of their grant application. The plan should explain how data will be managed and what data will be shared. The actual plan submitted to the NIH is limited to two pages.

Although there is no requirement that all data be shared by all researchers in all circumstances, data sharing is urged. “NIH expects that in drafting Plans, researchers will maximize the appropriate sharing of scientific data, acknowledging certain factors (i.e., legal, ethical, or technical) that may affect the extent to which scientific data are preserved and shared.” 8 NIH also “strongly encourages” the use of established data repositories to the extent possible for preserving and sharing scientific data, and data should be available for as long as the researchers anticipate it will be useful to the research community, institutions, or the public.

For many researchers and their potential research participants, changes in data management and sharing promoted by the new NIH policy will alter traditional arrangements of the parties regarding possible secondary research using data acquired by or derived from the study. These new expectations regarding access to data are likely to affect disclosures in informed consent documents. “NIH strongly encourages researchers to plan for how data management and sharing will be addressed in the informed consent process, including communicating with prospective participants how their scientific data will be used and shared.” 9 This article considers some of the fundamental assumptions and applications of informed consent implicated by this new policy.

Controls on Data Sharing

The NIH Data Sharing Policy leaves many questions unanswered, including whether the data will be open access or accessible only by credentialed researchers. In its Supplemental Information accompanying the Data Sharing Policy, NIH strongly suggested that data need not be open access. Thus, in describing the characteristics of repositories for storing human data, NIH emphasized the importance of fidelity to consent and documented procedures to communicate and enforce data use agreements. 10 Furthermore, another important characteristic of a data repository is that it “[m]akes use of an established and transparent process for reviewing data access requests.” 11 The Secretary’s Advisory Committee on Human Research Protections (SACHRP) recommended that “NIH consider requiring data requesters to agree to terms and conditions under which the requester must protect data privacy, refrain from attempting to identify individual participants, and not share the data with individuals outside of those who are listed in the data access request.” 12 A requirement of data use agreements, however, is not in the NIH Data Sharing Policy.

NIH is expected to issue additional guidance documents, which will clarify the important relationship with consent provisions of the Common Rule, including the new broad consent provision.Reference See, Wolf and Barnes 13 Other controls on the secondary use of scientific data, such as tiered consent,Reference Ram 14 registered access,Reference Dyke 15 and dynamic consent,Reference Prictor, Teare and Kaye 16 also emphasize the importance of informed consent to discern and respect the choices of participants for sharing their data. In many respects, informed consent is the first step in data management and sharing.

Some Specific Concerns

Although there is a robust literature questioning the effectiveness of informed consent,Reference Dickert 17 it remains the ethical touchstone for research with human participants.Reference Kass, Murray and Mehlman 18 Thus, any changes in the elements or applications of informed consent will have widespread ramifications. Four of the most challenging — and sometimes overlooked — implications are deidentified data, Big Data, unregulated research, and consent bias.

Although there is a robust literature questioning the effectiveness of informed consent, it remains the ethical touchstone for research with human participants. Thus, any changes in the elements or applications of informed consent will have widespread ramifications. Four of the most challenging — and sometimes overlooked — implications are deidentified data, Big Data, unregulated research, and consent bias.

Deidentified Data

Identifiability plays an important part in the regulation of research under the Common Rule, no doubt reflecting the view that there is little risk to data sources if their data are not identifiable. Based on this principle, if researchers deidentify primary research data or clinical data, then secondary research can proceed without regulation under the Common Rule 19 or the HIPAA Privacy Rule. 20

During the protracted rulemaking for the Common Rule revisions that took effect in 2018, several fundamental provisions of the Common Rule were reassessed, including the limited applicability of federal research regulations to: (1) research funded by a Common Rule signatory department or agency or research intended to support an application to the FDA for approval of a drug or medical device; 21 and (2) individually identifiable data or specimens. Ultimately, both controversial yet fundamental principles limiting the applicability of the federal research regulations were retained.

The new NIH Data Sharing Policy does not extend regulatory coverage to deidentified data, but it raises the issue of whether researchers should nonetheless consider providing some level of protection to deidentified data for use in secondary research. “Researchers should consider whether access to scientific data derived from humans, even if de-identified and lacking explicit limitations on subsequent use, should be controlled.” 22

There are several concerns in the use of deidentified data, especially because such research can be conducted without any notice to or consent from the data source.Reference Rothstein 23 First, a frequently mentioned concern, but perhaps not the most important one, is that deidentified data could be reidentified, especially individual DNA analyses.Reference Malin and Sweeney 24 Nevertheless, it is not clear how many people would have the technical ability and motivation to engage in such conduct.Reference El Emam 25 Second, deidentification does not eliminate the risk of group harms. A well-known example involves the Havasupai Tribe in Arizona, where all tribe members and not just research participants suffered from unauthorized research on schizophrenia, inbreeding, and ancestral migration.Reference Drabiak-Syed 26 Third, deidentification does not protect against research that individuals view as objectionable, such as research on psychiatric conditions, gene therapy, or fetal development.Reference Hull 27 Fourth, many individuals are concerned if their data or specimens, regardless of identifiability, are used for a commercial purpose without prior disclosure.Reference Andrews 28 Fifth, deidentified research conducted without consent can lead to a loss of trust in health research and health care generally,Reference Burger 29 and loss of trust is a particular concern in minority communities.Reference Bussey-Jones 30

The wide range of risks associated with research using deidentified data raise the issue of whether the NIH exhortation in the Policy for Data Management and Sharing that researchers “should consider” limitations on access to deidentified data will result in voluntary disclosure controls imposed by researchers.

Big Data

Big Data may be defined as “a large collection of disparate data sets that, taken together, can be analyzed to find unusual trends.”Reference Halamka 31 An assumption of Big Data analytics is that it is not known what individual or combination of data will be valuable, so the default rule is to collect all possibly relevant data.

Perhaps the best example of Big Data health research is the NIH All of Us Research Program, which is enrolling at least one million individuals in the United States. 32 In addition to whole genome sequencing, All of Us participants are asked to share data from (1) health surveys (sociodemographic, lifestyle, and substance use); (2) physical measurements (blood pressure, heart rate, weight, height, and body-mass index); (3) biospecimens (blood and urine); (4) electronic health records (including medications, laboratory results, vital signs, and billing codes); (5) digital health (from Fitbit and other wearables); and (6) geospatial and environmental data (including weather, air pollution, and sensor readings). 33

Even such a comprehensive list does not include all the data of possible relevance to health research. Thus, Big Data health research (and possible future clinical applications) also could include one or more of the following sources: (1) vital statistics of family members; (2) military service records; (3) employment records; (3) financial and consumer information; (4) educational records; (5) travel information and geo-location data; (6) social media postings; and (7) government records.Reference Rothstein 34

Secondary researchers might combine identifiable research information shared by repositories with other accessible data, resulting in a highly detailed compilation of data about the individual. Thereafter, algorithms developed by researchers could analyze the data to discover unexpected associations. To prevent such unauthorized compilation and aggregation, informed consent in the age of Big Data and data sharing should expressly disclose the possibility of further data compilations and analyses.

Unregulated Research

An emerging and contentious issue involves the types of researchers who should be permitted to access health data for secondary research. On the one hand, some researchers and institutions might assert that only responsible, credentialed researchers subject to federal research regulations ought to have access to individually identifiable health records. On the other hand, some researchers and patient advocates might assert that health data derived from publicly funded research ought to be widely available to maximize the likelihood of scientific discovery. In considering these positions it is important to distinguish regulated from unregulated research.

Unregulated research may be defined as research not subject to the Common RuleReference Rothstein 35 or FDA research regulations. 36 Although a few states have their own research laws,Reference Tovino 37 almost all of them have limited applicability and utility, and therefore regulation of health research is overwhelmingly a federal government responsibility. The category of unregulated researchers is diverse and includes research by commercial entities (e.g., employers conducting health research with their employees), independent or self-funded researchers, citizen scientists, patient-directed researchers, do-it-yourself (DIY) researchers, and self-experimenters. 38 Unregulated research is believed to be growing because many individuals and disease-specific organizations regard traditional research as slow, expensive, unresponsive, and dominated by biotech and pharmaceutical companies; social media, crowdsourcing and online communities facilitate new collaborations; and direct-to-consumer genetic testing, open-source data, and widely available smartphone applications for capturing biometric and other health information can generate a vast trove of data for analysis. 39 Unregulated researchers could gain access to research repositories in one of the following ways: (1) if NIH regulations require open access to data from NIH-funded research; (2) if additional research repositories are established on open access principles; or (3) if more lenient access rules are developed by primary researchers or their institutions. Assuming that access to individual health data is not restricted to researchers subject to federal research regulations, this information should be disclosed to potential research participants in the informed consent process. For example, a typical disclosure statement might read: “Your data will be available to other investigators, including those who are not subject to the federal research regulations.” If unregulated researchers will have access to their data, potential participants might prefer limitations on the types of research conducted (e.g., through tiered consent), but it might be difficult to enforce any restrictions against unregulated researchers. 40

Consent Bias

If researchers add disclosures about deidentified information, Big Data, and, possibly, even unregulated research, the length and complexity of the informed consent process will increase. It is foreseeable that some researchers will assert that the additional disclosures will cause potential research participants to suffer from information overload and comprehension will decrease, the percentage of potential participants who decline to participate will increase, and studies will be less accurate due to consent bias.

Consent bias is a type of selection bias that occurs when those who consent to participate in research differ in important ways from those who decline to participate.Reference Rothstein and Shoben 41 The concept of consent bias, however, is widely misunderstood. Consent bias only occurs when those who consent for research and those who decline differ along a dimension measured by or affecting a particular research study. Consent bias is not the same as unrepresentativeness of the participants or their data. There are many legal, ethical, and policy reasons, including NIH funding requirements, why research participants should be representative of the population. But consent bias would arise only if the opinions or health characteristics of those who declined to participate in research differed from those who agreed to participate in ways measured by the research. Even then, researchers could use a variety of standard statistical methods, such as inverse probability weighting, to reduce the effects of any residual selection bias. 42 Therefore, any additional provisions in a consent document to satisfy new data sharing disclosure requirements are highly unlikely to bias well-designed, administered, and analyzed studies.

The Evolving Role of Informed Consent

Informed consent for research was developed in the mid-twentieth century to protect the autonomy and dignity interests of research participants whose consent was lacking or obtained through coercion or deceit. Such practices exposed many vulnerable individuals to risks that were mostly physical. At the time, research was typically small-scale, location-specific, and under the direction of physician-investigators. Most of the studies were interventional, including clinical trials of new treatment methods and new drugs. The relative simplicity of research allowed potential research participants to understand, in at least general terms, the research plan and the potential risks and benefits. Thus, they were able to decide whether to give or refuse permission to participate.

Today’s biomedical research is often quite different, and its scale can involve many thousands of participants at numerous sites. In addition to interventional research, research is increasingly informational, with researchers aided by modern computational methods analyzing millions of data points related to participants’ health status as well as sociodemographic, environmental, and behavioral measures. The risks to individual participants today are often dignitary in nature, involving the personal, relational, and economic consequences of researchers generating and disclosing sensitive information.

The new characteristics of research have led some experts on research ethics to regard informed consent as anachronistic for twenty-first century, informational research.Reference Rothstein 43 Measures that previously were sufficient to protect the interests of research participants are now ineffectual. For example, removing individuals’ names from medical records or coding them is insufficient to protect privacy when the research involves genomic data and is subject to sophisticated computer attacks. 44 Research participants also may be asked to consent to unspecified future research, either by primary enrollment in a research repository or through secondary research. Critics assert that one-time consent, even when modified by participant-designated limitations or external oversight, is problematic for data-based research.

Although informed consent can certainly be improved, it is much too important to discard even for informational research. Informed consent should not be considered too narrowly, or its success judged on how much information is retained by research participants. Focusing only on getting consent from potential participants, fails to capture the essential symbolic and interpersonal dimension of informed consent. Especially now that it is increasingly difficult or impossible to provide potential participants with detailed information about possible future research uses of their data, the process of asking for consent takes on greater significance.Reference Eyal 45 This may be especially important for research with participants who are members of racial or ethnic minorities with a history of mistreatment in research or persistent health inequity.

Asking for consent by an investigator demonstrates respect for the autonomy and dignity of the potential research participant, serves to build trust, and is a symbolic expression of the moral equivalence of the researcher and research participant in an otherwise asymmetrical relationship. In the context of modern data management and sharing, informed consent should do more than add some new disclosures by also emphasizing the asking for consent by researchers. Regardless of the specifics recalled by participants, informed consent will be viewed as a success if participants are assured of the trustworthiness of the researchers and the researchers commit to protecting the participants’ privacy and other important interests.

Conclusion

The NIH Policy for Data Management and Sharing is intended to be flexible so that researchers can design policies depending on the type of research, data generated, legal and ethical limitations, concerns and preferences of research participants, and interests of other researchers and the public. The flexible sharing admonition of the NIH will require thoughtful consideration by researchers, institutional review boards, research administrators, and data repositories in balancing these multiple interests to develop responsible data management and sharing practices and policies. NIH should supplement its Data Sharing Policy with guidance documents, use case descriptions, best practices, and sample documents to serve as guardrails for the increasingly broad range of researchers. Informed consent documents and processes will be important in explaining the data sharing plans, limitations, and procedures to potential participants.

Informed consent disclosures about deidentified data and Big Data will have increased significance. Although the NIH Policy does not apply to unregulated research, public and private stakeholders should consider a range of measures to facilitate ethical conduct of research and data utilization. 46 Concerns about possible consent bias attributable to data sharing disclosures should not be a major concern. Finally, explaining informed consent procedures and documents should not be viewed as ministerial tasks assigned to lower-ranking members of the research team, but as important steps in the essential relationship and trust building of the research enterprise.

This article is an expanded and annotated version of the author’s remarks at a conference of the National Academies of Sciences, Engineering, and Medicine on April 29, 2021.

Note

The author has no conflicts of interest to disclose.

Acknowledgment

The author is indebted to Kyle Brothers and Geoffrey Lomax for their valuable suggestions.

Footnotes

About This Column

Mark A. Rothstein serves as the section editor for Currents in Contemporary Ethics. Professor Rothstein is the Herbert F. Boehl Chair of Law and Medicine and the Director of the Institute for Bioethics, Health Policy and Law at the University of Louisville School of Medicine in Kentucky. (mark.rothstein@louisville.edu)

References

These include the Data Sharing Policy, 68 Fed. Reg. 37369 (2003); Genomic Data Sharing Policy, 79 Fed. Reg. 51345 (2014); and NIH Policy on the Dissemination of NIH-Funded Clinical Trials Information, 81 Fed. Reg. 64922 (2016).Google Scholar
Final NIH Policy for Data Management and Sharing and Supplemental Information, 85 Fed. Reg. 68890-68900 (2020).Google Scholar
Id. at 68896 (footnote omitted) (Section I).Google Scholar
Scientific Data: The recorded factual material commonly accepted in the scientific community as of sufficient quality to validate and replicate research findings, regardless of whether the data are used to support scholarly publications. Scientific data do not include laboratory notebooks, preliminary analyses, completed case report forms, drafts of scientific papers, plans for future research, peer reviews, communications with colleagues, or physical objects, such as laboratory specimens.” Id. at 68896-68897 (Section II).Google Scholar
Data Management: The process of validating, organizing, protecting, maintaining, and processing scientific data to ensure the accessibility, reliability, and quality of the scientific data for its users.” Id. at 68897 (Section II).Google Scholar
Data Sharing: The act of making scientific data available for use by others (e.g., the larger research community, institutions, the broader public), for example, via an established repository).” Id. (Section II).Google Scholar
Data Management and Sharing Plan (Plan): A plan describing the data management, preservation, and sharing of scientific data and accompanying metadata.” Id. (Section II).Google Scholar
Id. (Section VII).Google Scholar
Id. (Section VII).Google Scholar
Id. at 68900 (provisions II-A and II-B).Google Scholar
Id. (provision II-G).Google Scholar
Secretary’s Advisory Committee on Human Research Protections, Attachment A — NIH Data Sharing Policy at 7, available at <https://www.hhs.gov/ohrp/sachrp-committee/recommendations/august-12-2020-attachment-a-nih-data-sharing-policy/index.html> (last visited July 27, 2021).+(last+visited+July+27,+2021).>Google Scholar
45 C.F.R. § 46.116(d). See, H.F. Lynch, Wolf, L.E., and Barnes, M., “Implementing Regulatory Broad Consent under the Revised Common Rule: Clarifying Key Points and the Need for Evidence,” Journal of Law, Medicine & Ethics 47, no. 1 (2019): 213231 (discussing legal and practical issues with the broad consent provisions of the Common Rule that will limit the utilization of this new option by researchers).Google Scholar
See Ram, N., “Tiered Consent and the Tyranny of Choice,” Jurimetrics Journal 48, no. 1 (2008): 253284 (questioning whether providing research participants with a menu of choices for secondary research could result in information overload).Google Scholar
See Dyke, S.O.M. et al., “Registered Access: A ‘Triple A’ Approach,” European Journal of Human Genetics 24 (2016): 16761680, available at <https://doi.org/10.1038/ejhg.2016.115> (last visited July 27, 2021) (proposing authentication, attestation, and authorization for researcher access to genetic information).CrossRefGoogle ScholarPubMed
See Prictor, M., Teare, H.J.A., and Kaye, J., “Equitable Participation in Biobanks: The Risks and Benefits of a ‘Dynamic Consent’ Approach,” Frontiers in Public Health 6 (2018), available at <https://doi.org/10.3389/fpubh.2018.00253> (last visited July 27, 2021) (discussing digital consent used for ongoing participant choice in secondary research).CrossRefGoogle Scholar
See, e.g., Dickert, N.W. et al., “Reframing Consent for Clinical Research: A Function-Based Approach,” American Journal of Bioethics 17, no. 12 (2017): 311 (proposing more granular consent to promote various interests); J. Flory and E. Emanuel, “Interventions to Improve Research Participants’ Understanding in Informed Consent for Research: A Systematic Review,” Journal of the American Medical Association 292, no. 13 (2004): 1593-1601 (reviewing measures to improve participant understanding); B. Koenig, “Have We Asked Too Much of Informed Consent?” Hastings Center Report 44, no. 4 (2014): 33-34 (questioning whether there is an overreliance on informed consent).CrossRefGoogle ScholarPubMed
See Kass, N.E., “Informed Consent in Research,” Encyclopedia of Ethical, Legal, and Policy Issues in Biotechnology vol. 2, Murray, T.H. and Mehlman, M.J. eds. (New York: John Wiley & Sons, 2000): 611622 (discussing history and elements of informed consent); S.M. Wolf, E.W. Clayton, and F. Lawrenz, “Introduction: The Past, Present, and Future of Informed Consent in Research and Translational Medicine,” Journal of Law, Medicine & Ethics 46, no. 1 (2018): 7-11, doi:10.1177/1073110518766003.Google Scholar
45 C.F.R. § 104(d)(4)(ii).Google Scholar
45 C.F.R. § 164.514.Google Scholar
The FDA regulations, note 36 infra, are not part of the Common Rule because they differ in some respects, but are joined here because of the jurisdictional effect of the FDA’s role.Google Scholar
Final NIH Policy, supra note 2, at 68898 (Section VII).Google Scholar
See Rothstein, M.A., “Is Deidentification Sufficient to Protect Health Privacy in Research?American Journal of Bioethics 10, no. 9 (2010): 311 (concluding that deidentification is insufficient to protect health privacy and recommending additional measures).CrossRefGoogle ScholarPubMed
See Malin, B. and Sweeney, L., “How (Not) to Protect Genetic Data Privacy in a Distributed Network Using Trail Re-Identification to Evaluate and Design Anonymity Protection Systems,” Journal of Biomedical Informatics 37, no. 3 (2004): 179192 (analyzing the risks of reidentification and the measures to prevent it).CrossRefGoogle Scholar
See El Emam, K. et al., “A Systematic Review of Re-Identification Attacks on Health Data,” PLOS One 6, no. 12 (2011): e28071, available at <https://doi.org/10.1371/journal.pone.0028071> (last visited July 27, 2021).CrossRefGoogle ScholarPubMed
See Drabiak-Syed, K., “Lessons from Havasupai Tribe v. Arizona State University Board of Regents: Group, Cultural, and Dignitary Harms as Legitimate Risks Warranting Integration into Research Practice,” Journal of Health & Biomedical Law 6, no. 2 (2010): 175226 (describing group harms and other adverse consequences).Google Scholar
See Hull, S.C. et al., “Patients’ Views on Identifiability of Samples and Informed Consent for Genetic Research,” American Journal of Bioethics 8, no. 10 (2008): 6270 (reporting that individuals want to prevent their specimens from being used for objectionable purposes).CrossRefGoogle ScholarPubMed
See Andrews, L.B., “Harnessing the Benefits of Biobanks,” Journal of Law, Medicine & Ethics 33, no. 1 (2005): 2230 (focusing on the need for benefit sharing in research).CrossRefGoogle ScholarPubMed
See Burger, J.A., “What is Owed Participants in Biotechnology Research?Chicago-Kent Law Review 84, no. 1 (2009): 5589 (describing ways in which trust can be lost).Google Scholar
See Bussey-Jones, J. et al., “The Role of Race and Trust in Tissue/Blood Donation for Genetic Research,” Genetics in Medicine 12, no. 1 (2010): 116121 (describing loss of trust in minority communities with a history of callous treatment and exploitation).CrossRefGoogle Scholar
Halamka, J.D., “Early Experiences with Big Data at an Academic Medical Center,” Health Affairs 33, no. 7 (2014): 11321138, at 1132. For analyses of the potential benefits and risks of Big Data, see generally S. Lohr, Data-Ism: The Revolution Transforming Decision Making, Consumer Behavior, and Almost Everything Else (New York: HarperCollins, 2015); V. Mayer-Schönberger and K. Culker, Big Data (Boston: First Mariner Books, 2014); B. Schneier, Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World (New York: W.W. Norton & Co., 2015).Google Scholar
NIH, All of Us Research Program Overview, available at <allofus.nih.gov/about/all-us-research-program-overview> (last visited July 27, 2021).+(last+visited+July+27,+2021).>Google Scholar
The All of Us Research Program Investigators, “The ‘All of Us’ Research Program,” New England Journal of Medicine 381, no. 7 (2019): 668-676.CrossRefGoogle Scholar
See Rothstein, M.A., “Structural Challenges of Precision Medicine,” Journal of Law, Medicine & Ethics 45, no. 7 (2017): 274279 (discussing the possible elements of precision medicine research).CrossRefGoogle Scholar
There are 16 federal departments and agencies with essentially the same research regulations, the most frequently cited of which are the regulations of the Department of Health and Human Services, Federal Policy for the Protection of Human Subjects, 45 C.F.R. Part 46. See Rothstein, M.A. et al., “Unregulated Health Research Using Mobile Devices: Ethical Considerations and Policy Recommendations,” Journal of Law, Medicine & Ethics 48, Suppl. 1 (2020): 196226, at 219 n. 21 (listing the regulations for all Common Rule departments and agencies). See also M.N. Meyer, “There Oughta Be a Law: When Does(n’t) the U.S. Common Rule Apply,” Journal of Law, Medicine & Ethics 48, Suppl. 1 (2020): 60-73 (analyzing the jurisdiction of the Common Rule).CrossRefGoogle ScholarPubMed
Food and Drug Administration, Protection of Human Subjects, 21 C.F.R. Pt. 50. The FDA regulations apply to research performed in contemplation of a submission to the FDA for approval of a drug or medical device. The broader view of “regulated” research used in this article would also include early stage research before it was specifically in contemplation of a filing with the FDA.Google Scholar
See Tovino, S.A., “Mobile Research Applications and State Research Laws,” Journal of Law, Medicine & Ethics 48, Suppl. 1 (2020): 8286 (describing state research laws).CrossRefGoogle ScholarPubMed
See Rothstein et al., supra note 35, at 198 (discussing unregulated research and researchers).Google Scholar
Id. Google Scholar
See id. at 207-218 (recommending policies on unregulated health research for adoption by state governments, NIH, FDA, Federal Trade Commission, Consumer Product Safety Commission, consumer technology companies and app developers, and organizations of unregulated researchers).Google Scholar
Rothstein, M.A. and Shoben, A.B., “Does Consent Bias Research?American Journal of Bioethics 13, no. 4 (2013): 2737, at 27.CrossRefGoogle ScholarPubMed
Id. at 31-33.Google Scholar
See Institute of Medicine, Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research (Washington, D.C.: The National Academies Press, 2009). For a critique of this position, see Rothstein, M.A., “Improve Privacy in Research by Eliminating Informed Consent? IOM Report Misses the Mark,” Journal of Law, Medicine & Ethics 37, no. 4 (2009): 507512.CrossRefGoogle Scholar
See El Emam et al., supra note 25.Google Scholar
See Eyal, N., “Informed Consent to Participation in Interventional Studies: Second-Order in a Different Sense,” Journal of Law and the Biosciences 2, no. 1 (2015): 123128, doi:10.1093/jlb/lsv001 (noting that consent process helps to ensure accountability).CrossRefGoogle Scholar
See Rothstein et al., supra note 35.Google Scholar