This section of the Investigator Manual covers a range of information related to conducting human participant research, including recruitment, communicating with participants, privacy issues, and different types of research.


Participant Remuneration & Compensation

The IRB is responsible for ensuring that any payment or remuneration offered to participants in human subject research is fair and not an undue inducement to participate. Remuneration for participation in research should be reasonable and the amount paid should be comparable to other research projects involving similar time, effort, and inconvenience. Payment amounts should not be large enough to constitute an undue inducement to participate in a risky or uncomfortable procedure. Additional guidelines for specific situations:

  • Short research studies involving one visit: Participants may be provided payment contingent upon completion of the study. Participants who are disqualified through no fault of their own must be paid for the time and effort they expended prior to their termination from the study.
  • Research studies involving multiple visits or lengthy or repeated participation: Partial payment should be provided to participants who withdraw, are discharged early from the study by the investigator, or otherwise fail to complete the study as agreed. The amount of partial payment should relate to the amount of time, effort, or discomfort involved. Payment schedules may be designed on a per-day, per-visit, or per-procedure rate, or some combination thereof. The terms for partial payment must be described in the application and in the consent form.
  • Completion bonuses: Such remuneration may be acceptable to encourage the completion of all study procedures/visits. The amount of such incentives depends on the risk and duration of the study interventions.
  • Lottery incentives: Research teams that wish to employ recruitment incentives in which research participants are entered into a drawing to win a prize should consult with the UW Office of Legal Affairs.

For additional information on payment requirements, see HRP 316-WORKSHEET-Payment. For information on the campus policy for payments, see Payments to Research Participants.

Identifiability

Identifiability of data under the under the Common Rule (45 CFR 46) and the Health Insurance Portability and Accountability Act (HIPAA) differs.

Identifabilty under the Common Rule

An identifier includes any information that could be used to link research data with an individual subject.

  • The Common Rule defines “individually identifiable” to mean that the identity of the subject is, or may be, readily ascertained by the investigator or associated with the information.
  • A data set may be identifiable under the Common Rule if it contains: initials, address, zip code, phone number, gender, age, birth date, occupation, employer, racial or ethnic group, type of biopsy performed, date sample taken, diagnosis, primary care physician, referring physician, and genealogy.
  • Age, ethnicity/race, gender may be identifiers under the Common Rule if fewer than 5 individuals possess a particular cluster of traits.
  • Data may be identifiable if any combination of variables could potentially identify a subject.
  • Some of the identifiers listed above become less problematic if the sample size is large enough so that the potential identifiers could describe several individuals and thus cannot be linked to only one person. Conversely, if the sample size is small, the potential to identify an individual may increase, even in the absence of direct identifiers.

Identifiability under HIPAA

The HIPAA Privacy Rule regulation specifies 18 identifiers (listed in policy UW-114), most of which are demographic. Inclusion of even one of the identifiers makes a data set identifiable. However, there are levels of identifiability. The following are considered limited identifiers under HIPAA: geographic area smaller than a state, elements of dates (date of birth, date of death, dates of clinical service), and age over age 89. The remaining identifiers in the list are considered to be direct identifiers. If the data set contains any limited identifiers, but none of the direct identifiers, it is considered a limited data set under HIPAA.

Definitions

What it means for data to be coded, de-identified or anonymous is important when it comes to understanding the identifiability of data.

  • Coded data

    This refers to data which have been stripped of all direct subject identifiers, but in this case each record has its own study ID or code, which is linked to identifiable information such as name or medical record number. The linking file must be separate from the coded data set. This linking file may be held by someone on the study team (e.g. the PI) or it could be held by someone outside of the study team (e.g. a researcher at another institution). A coded data set may include limited identifiers under HIPAA. Of note, the code itself may not contain identifiers such as subject initials or medical record number.
  • De-identified data

    This refers to data which have been stripped of all subject identifiers, including all 18 HIPAA identifiers. This means that there can be no data points that are considered limited identifiers under HIPAA, i.e. geographic area smaller than a state, elements of dates (date of birth, date of death, dates of clinical service), and age over age 89. If the data set contains any limited identifiers, it is considered a limited data set under HIPAA. If the data includes an indirect link to subject identifiers (e.g. via coded ID numbers), then the data is considered by the IRB to be coded, not de-identified.
    Please note that data can be considered de-identified under the Common Rule but NOT the HIPAA Privacy Rule (e.g., limited data sets), and vice versa (e.g., no HIPAA identifiers are included but the combination of data points could make subjects identifiable).
  • Anonymous data

    Essentially the same thing as de-identified data, this refers to data which have been stripped of all subject identifiers and which have no indirect links to subject identifiers. There should be no limited identifiers in an anonymous data set.

Data Safety Monitoring Plans (DSMP)

The IRB expects a written DSMP for studies that are more than minimal risk or are clinical investigations involving a drug/biologic or device regardless of risk.

Studies utilizing the IRB’s Biomedical Protocol template or the ICTR’s protocol template, will be prompted to provide this information.

In the case of minimal risk research, the IRB may require a formal DSMP if the committee deems that monitoring of the study is needed to ensure the protection of the rights and welfare of subjects or data integrity, which could affect the welfare of future subjects.

See HRP-335 for IRB considerations in reviewing Data and Safety Monitoring Plans.