Upload
chloe-mcdonald
View
216
Download
0
Embed Size (px)
DESCRIPTION
3 Topics to be Covered Data ownership Data collection Data protection Data sharing Data management
Citation preview
Data Ownership and Security(RCR Week-5 Lecture)
Delia Y. Wolf, MD, JD, MSCIAssistant Dean, Regulatory Affairs & Research ComplianceDirector, Human Research AdministrationAssistant Professor, Health Policy and ManagementHarvard School of Public Health
Email: [email protected]
October 5, 2012
Finding of Research Misconduct There must be significant departure
from accepted practices of the relevant research community
The misconduct must have been committed intentionally, knowingly, or recklessly
The allegation must be proven by preponderance of the evidence
2
3
Topics to be Covered Data ownership
Data collection
Data protection
Data sharing
Data management
Data Ownership Bayh-Dole Act (Public Law: 96-517)
Sponsored by two senators, Birch Bayh of Indiana and Bob Dole of Kansas
Enacted by the United States Congress on December 12, 1980
Governing intellectual property arising from federal government-funded research
Allows for the transfer of exclusive control over many government funded inventions to universities and businesses for the purpose of further development and commercialization
4
Data Ownership (cont.) Sponsors/funders
Government Grants – the institution receives funds owns and
controls the data Contracts – government owns and controls the
data Private companies – usually seeks to retain
the right to the commercial use of data Charitable organization /foundations – retain
or give away ownership rights depending on their interests.
5
Data Ownership (cont.) Points to consider
Distinguish between grants and contracts Research institutions usually claims ownership
rights over data collected with support awarded to the institution
Be familiar with institutional policies Who owns the data I am collecting? What rights do I have to publish the data? Does collecting these data impose any obligations on
me? Do not enter into agreements without approval
from the institution
6
Ownership of Biological Materials Moore v. Regents of the University of California
Moore was treated for hairy cell leukemia by Dr. Golde at UCLA Medical Center from 1976 and 1983
Test results revealed that Moore’s cells would be useful for genetic research, but Golde did not inform Moore of his plans to use the cells for research
A cell line was established from Moore’s T-lymphocytes sometime before 1979
On January 6, 1983, UCLA applied for a patent on the cell line, listing Gold and Quan as inventors
USPO issued patent on March 20, 1984
7
Ownership of Biological Materials Moore v. Regents of the University of California
In 1983, Moore was given a consent form indicated “I (do, do not) voluntarily grant to the University of California all rights I, or my heirs, may have in any cell line or any other potential product which might be developed from the blood and/or bone marrow obtained from me”
Moore refused to sign the form and eventually turned over to an attorney, who the discovered the patent
After patent was issued in 1984,UCLA and Golde negotiated agreements with Genetic Institute for commercial development, Golde became a paid consultant and acquired 75,000 shares of stock
8
Ownership of Biological Materials Moore v. Regents of the University of California
Moore filed a lawsuit naming Golde, Quan, the Regents, Genetics Institute, and Sandoz Pharmaceuticals as defendants
Moore complaint stated thirteen causes of action, including conversion, lack of informed consent, breach of fiduciary duty and intentional infliction of emotional distress
The court found that Moore had no property rights to his discarded cells or any profits made from them
The court concluded that the researcher did have an obligation to obtain informed consent, and to disclose financial interested in the cells harvested from Moore
9
Ownership of Biological Materials Washington University v. Catalona
Dr. Catalona, highly respected urologist and urologic surgeon, as well as a well-established prostate cancer researcher at Washington University in St. Louis
While at WU, Dr. Catalona was instrumental in establishing the Biorepository for the collection and storage of biological research materials
More than 30,000 research participants enrolled in prostate cancer research
In 2003, Dr. Catalona left for Northwestern University and to continue his prostate cancer research
In February 2003, Dr. Catalona sent a “Medical consent & Authorization” form to about 60,000 research participants
10
Ownership of Biological Materials Washington University v. Catalona
About 6000 recipients signed the form and returned it to Dr. Catalona
The University sought a declaratory judgment that it owned the biological specimens
In March 2006, the District Court concluded that the University owned the research specimens. Dr. Catalona and the eight research participants appealed
The Court held that Wash. U “owns the biological materials and neither Dr. Catalona nor any contributing individual has any ownership or proprietary right in the disputed biological materials.”
11
DHHS Draft Guidance “All future research that uses your samples may
lead to the development of new products, you will not receive any payments for these new products.”
“By agreeing to this use, you are giving up all claims to any money obtained by the researchers from commercial or other use of these specimens.”
“I voluntarily and freely donate any and all blood, urine, and tissue samples to the [name of research institution] and hereby relinquish all property rights, title, and interests I may have in these samples.”
12
Data Collection Reliable methods Accuracy Authorization/Permission
IRB IACUC
Documentation Hard-copy data Electronic data
13
Data Protection Storage Record retention Confidentiality and information security
Data from non-Harvard sources Data use agreement (DUA) that states use limitations
and/or protection requirements Individual researchers do not have the authority to sign
DUA on behalf of the institution Data from Harvard sources
Five data/information security categories Legal requests – contact OGC Certificates of confidentiality
14
Information Security Categories Level 1: De-identified research information about
people and other non-confidential research information
Level 2: Benign information about individually identifiable people
Level 3: Sensitive information about individually identifiable people
Level 4: Very sensitive information about individually identifiable people
Level 5: Extremely sensitive information about individually identifiable people
15
Level 2 Information Individually identifiable information,
disclosure of which would not ordinarily be expected to result in material harm, but as to which a subject has been promised confidentiality
Example: Research participant in a study that was
exempt by the IRB16
Level 3 Information Individually identifiable information, if
disclosed, could reasonable be expected to be damaging to a person’s reputation or to cause embarrassment
Example: Student record
17
Level 4 Information Individually identifiable High Risk
Confidential Information that if disclosed, could reasonably be expected to present a non-minimal risk of civil liability, moderate psychological harm, or material social harm to individuals or groups
Example: Social security number Individual financial information Medical records
18
Level 5 Information Individually identifiable information that
could cause significant harm to an individual if exposed, including serious risk of criminal liability, serious psychological harm or other significant injury, loss of insurability or employability, or significant social harm to an individual or group
Example: Certain genetic information
19
Data Protection (cont.) Level 1: no specific University requirements Level 2: Password protection Level 3: Must not be directly accessible from the
Internet (i.e. email) unless the data is encrypted Level 4: servers must be located only in
physically secure facilities under University control
Level 5: information must be stored and used only in physically secured rooms controlled by University. No master keys are allowed
20
Certificates of Confidentiality Issued by the National Institutes of Health (NIH) Protect investigators and institutions from being
compelled to release information that could be used to identify research study participants
Allow the investigator and others who have access to research records to refuse to disclose identifying information in any civil criminal administrative legislative, or other proceeding, whether at the federal,
state, or local level21
Identifying Information Broadly defined Not just name, address, social
security number, etc. Includes any item or combination of
items that could lead directly or indirectly to the identification of a research participant
22
Eligibility For IRB-approved research collecting
identifying information If disclosure could have adverse
consequences for subjects or damage: financial standing employability insurability, or reputation
NIH or PHS funding not required 23
Examples Collecting genetic information Collecting information on psychological well-
being of subjects Collecting information on sexual attitudes,
preferences or practices Collecting data on substance abuse or other
illegal risk behaviors Studies where participants may be involved in
litigation related to exposures under study (e.g., breast implants, environmental or occupational exposures)
24
Requirements Must tell subjects that Certificate is in effect in
Informed Consent form Must provide fair and clear explanation of
Certificate’s protection, including limitations exceptions
Must document IRB approval and IRB qualifications
Must provide a copy of the informed consent forms approved by the IRB
PI and Institutional Official must sign application25
Limitations and Exceptions Protects data maintained during any time the
Certificate is in effect Protects those data in perpetuity Does not protect against voluntary disclosure:
child abuse threat of harm to self or others reportable communicable diseases subject’s own disclosure
Must disclose information about subjects for DHHS audit or program evaluation or if required by the Federal Food, Drug, and Cosmetic Act
26
Assurances Agree to protect against compelled disclosure
and to support and defend the authority of the Certificate against legal challenges
Agree to comply with Federal regulations that protect human subjects
Agree to not represent Certificate as endorsement of project by DHHS or NIH or use to coerce participation
Agree to inform subjects about Certificate, its protections and limitations
27
An Important Caveat Certificates of Confidentiality do not obviate
the need for data security Data security is essential to the protection
of research participants’ privacy Researchers should safeguard research
data and findings. Unauthorized individuals must not access
the research data or learn the identity of research participants
28
Data Sharing NIH believes all data should be considered
for data sharing “Data should be made as widely and freely
available as possible while safeguarding the privacy of participants, and protecting confidential and proprietary data
Data sharing plan required for applications requesting >$500,000/year from NIH
29
Data Management Data monitoring plan in each protocol Collected data should be open to scrutiny by
both investigators and the sponsor When possible, statistical analysis should be
conducted by an independent entity Stopping rule should be included in the
protocol Study results and data analysis should be
shared with the principal investigators as soon as they become available
30