Schmit Cason, Ferdinand Alva O, Giannouchos Theodoros, Kum Hye-Chung
Population Informatics Lab, Texas A&M University, College Station, TX 77843, United States.
Department of Health Policy & Management, Texas A&M University, College Station, TX 77843, United States.
JAMIA Open. 2024 Feb 29;7(1):ooae010. doi: 10.1093/jamiaopen/ooae010. eCollection 2024 Apr.
In retrospective secondary data analysis studies, researchers often seek waiver of consent from institutional Review Boards (IRB) and minimize risk by utilizing complex software. Yet, little is known about the perspectives of IRB experts on these approaches. To facilitate effective communication about risk mitigation strategies using software, we conducted two studies with IRB experts to co-create appropriate language when describing a software to IRBs.
We conducted structured focus groups with IRB experts to solicit ideas on questions regarding benefits, risks, and informational needs. Based on these results, we developed a template IRB application and template responses for a generic study using privacy-enhancing software. We then conducted a three-round Delphi study to refine the template IRB application and the template responses based on expert panel feedback. To facilitate participants' deliberation, we shared the revisions and a summary of participants' feedback during each Delphi round.
11 experts in two focus groups generated 13 ideas on risks, benefits, and informational needs. 17 experts participated in the Delphi study with 13 completing all rounds. Most agreed that privacy-enhancing software will minimize risk, but regardless all secondary data studies have an inherent risk of unexpected disclosures. The majority (84.6%) noted that subjects in retrospective secondary data studies experience no greater risks than the risks experienced in ordinary life in the modern digital society. Hence, all retrospective data-only studies with no contact with subjects would be minimal risk studies.
First, we found fundamental disagreements in how some IRB experts view risks in secondary data research. Such disagreements are consequential because they can affect determination outcomes and might suggest IRBs at different institutions might come to different conclusions regarding similar study protocols. Second, the highest ranked risks and benefits of privacy-enhancing software in our study were societal rather than individual. The highest ranked benefits were facilitating more research and promoting responsible data governance practices. The highest ranked risks were risk of invalid results from systematic user error or erroneous algorithms. These societal considerations are typically more characteristic of public health ethics as opposed to the bioethical approach of research ethics, possibly reflecting the difficulty applying a bioethical approach (eg, informed consent) in secondary data studies. Finally, the development of privacy-enhancing technology for secondary data research depends on effective communication and collaboration between the privacy experts and technology developers. Privacy is a complex issue that requires a holistic approach that is best addressed through privacy-by-design principles. Privacy expert participation is important yet often neglected in this design process. This study suggests best practice strategies for engaging the privacy community through co-developing companion documents for software through participatory design to facilitate transparency and communication. In this case study, the final template IRB application and responses we released with the open-source software can be easily adapted by researchers to better communicate with their IRB when using the software. This can help increase responsible data governance practices when many software developers are not research ethics experts.
在回顾性二次数据分析研究中,研究人员常常寻求机构审查委员会(IRB)放弃同意要求,并通过使用复杂软件将风险降至最低。然而,对于IRB专家对这些方法的看法却知之甚少。为了促进关于使用软件降低风险策略的有效沟通,我们与IRB专家进行了两项研究,以便在向IRB描述软件时共同创建合适的语言。
我们与IRB专家进行了结构化焦点小组讨论,以征集关于益处、风险和信息需求问题的想法。基于这些结果,我们为使用隐私增强软件的一般研究开发了一份IRB申请模板和回复模板。然后,我们进行了三轮德尔菲研究,根据专家小组的反馈完善IRB申请模板和回复模板。为了便于参与者进行审议,我们在每轮德尔菲研究期间分享了修订内容和参与者反馈的摘要。
两个焦点小组中的11位专家就风险、益处和信息需求提出了13条想法。17位专家参与了德尔菲研究,其中13位完成了所有轮次。大多数人认为隐私增强软件将使风险降至最低,但无论如何,所有二次数据分析研究都存在意外披露的固有风险。大多数(84.6%)指出,回顾性二次数据分析研究中的受试者所经历的风险并不比现代数字社会中日常生活所经历的风险更大。因此,所有不与受试者接触的仅涉及回顾性数据的研究都将是低风险研究。
首先,我们发现一些IRB专家对二次数据分析研究中的风险看法存在根本分歧。这种分歧很重要,因为它们会影响判定结果,并且可能表明不同机构的IRB对于类似的研究方案可能会得出不同的结论。其次,在我们的研究中,隐私增强软件的最高排名风险和益处是社会性的而非个体性的。最高排名的益处是促进更多研究和推动负责任的数据治理实践。最高排名的风险是系统用户错误或错误算法导致无效结果的风险。这些社会考量通常更具公共卫生伦理的特征,与研究伦理的生物伦理方法不同,这可能反映了在二次数据分析研究中应用生物伦理方法(如知情同意)的困难。最后,二次数据分析研究的隐私增强技术的开发依赖于隐私专家与技术开发者之间的有效沟通与协作。隐私是一个复杂的问题,需要一种整体方法,最好通过设计时考虑隐私的原则来解决。隐私专家的参与很重要,但在这个设计过程中往往被忽视。本研究提出了通过参与式设计共同开发软件配套文档以吸引隐私社区参与的最佳实践策略,以促进透明度和沟通。在这个案例研究中,我们与开源软件一起发布的最终IRB申请模板和回复可以被研究人员轻松改编,以便在使用该软件时更好地与他们的IRB进行沟通。当许多软件开发人员不是研究伦理专家时,这有助于增加负责任的数据治理实践。
