Advance Notice of Proposed Rule-Making HHS-OPHS-2011-0005-0001 Comment Tracking Number: 80f10e98 I fully support the ANPRM's proposals of (1) elimination of continuing review for all minimal-risk studies that undergo expedited review and for all previously reviewed studies that no longer involve contact with subjects, (2) expansion of the 45 CFR 46.101(b)(4) exemption from review to include suitably consented use of identifiable data whose collection is supplemental to the original research proposal, and (3) substitution of individual IRBs' subjective, variable, implicit and often ill-advised standards for data protection with a uniform, well specified and well informed standard. Regarding Question 5, except in cases of discernibly emotional or sensitive questions, IRBs tend to have gone overboard when it comes to imagining possibilities of psychological harm. The fact is that everyday life is filled with possibilities for psychological harm, the vast majority of which turn out not to be particularly significant. The presumption ought to be that a study is of negligible potential for psychological harm, absent specific indications of strongly emotional or otherwise sensitive lines of enquiry. Regarding Question 12 on reducing the burden on researchers, as students come and go from laboratories quite frequently - especially at undergraduate institutions - it's quite an onerous requirement to have to file an amendment to each of our active protocols every time a new undergraduate joins the lab. Adding a student research assistant, or indeed any individual who does not hold primary responsibility for conduct of the research, whose work is overseen by a senior investigator on the protocol, and who has satisfied requirements for education on the protection of human subjects, ought to require not a protocol amendment with review and approval, but rather a simple, unilateral notification to the IRB, preferably by email or web form. Because many undergraduates have been involved in my work, THIS MODIFICATION WOULD BE THE SINGLE MOST TIME-SAVING FEATURE THAT I CAN ASK FOR. Other investigators at undergraduate institutions will tell you the same, if you ask them. Regarding Questions 21 and 22 relating to the ANPRM's propsoal for retrospective, randomly selected auditing by the institution (presumably the institution's IRB office or division) of a percentage of studies that have been exempted from review, as one of the purposes of the regulatory changes contemplated in the ANPRM is to reduce regulatory burden, it seems wise not to impose any such auditing burden on the institution. Instead, audits could be conducted only in instances where specific and credible concerns have been raised. The requirement for advance registration of such studies with the IRB, in combinarion with the composition of an IRB with its external and non-scientist members, is itself a sufficient check on misuse of the exempt category. Regarding Question 23 on waiver of informed consent, in the case of a multi-site, retrospective study in which a blanket consent for research has been obtained by one site at the time of prospective data collection and a second site wishes to use the data retrospectively for a supplementary purpose, separate consent forms filed at the second site should not be required, as obtaining such consent would result in revealing subjects' names and other personal details to the second site. THIS CASE HAS ACTUALLY ARISEN IN MY RESEARCH. IRBs ought to have explicit guidance on such cases from DHHS; otherwise a patchwork of conflicting individual cases arises, and in fact has arisen. Regarding Questions 30 through 34 on multi-site IRBs of record, a mandate that participating institutions rely on an external IRB of record is long overdue. Without any such mandate, gun-shy institutions continue to conduct local reviews in the interest of risk management. As the ANPRM notes, the number of iterations of review, and hence the delay before the research can begin, increases quadratically with the number of local IRBs involved. To cite just one simple example, when I was at an institution that had no MRI scanner, in order to use another institution's scanner I had to have my study approved by my own institution's IRB and by the external institution's IRB. The revisions requested by each of the two IRBs were, of course, inconsistent with each other, resulting in an extended and time-consuming process of negotiation and re-review that did nobody any good. I favour, therefore, a mandate the requires review only by a single institution's IRB, for all studies whether or not these studies are explicitly "multi-site," and promulgates specific and unequivocal criteria for deciding which institution's IRB will handle the review. Such explicit criteria also would prevent the danger of "IRB shopping" that the ANPRM contemplates. Regarding Question 35 on the length of consent forms, the greatest factor contributing to this length is again, institutional and individual investigators' gun-shy approach to the prospect of regulatory or judicial punishment for any inadvertent transgression. Availability of approved, standardised consent language would go some distance towards relieving this burden. In my involvement as a research subject in other investigators' studies, I have in many instances felt pressure to skip a detailed reading and discussion of the consent form, from research assistants who are trying to keep to a rigid schedule (for example involving a pre-arranged time on an MRI scanner or other expensive instrument). It must also be recognised that the goal of accessibility to an eighth-year reader and the goal of completely informed consent often oppose each other: it can be impossible, in many instances, to provide complete and specific information on every possible risk and eventuality at an eighth-year reading level. In my experience, this fundamental conflict between completeness and accessibility is a major factor driving conflicting reviews of consent forms by multiple IRBs in multi-site studies, and even conflicting reviews by different members of a single IRB performing expedited review in successive years. Regarding Question 45 on researchers' re-use of anonymised data for research purposes aside from those originally specified, the new prohibition on such use would be acceptable given the ANPRM's observation that "In most intstances, the consent requirements described above would have been met at the time that the biospecimens or data were initially collected, when the subject would have signed a standard, brief general consent form allowing for broad, future research" (Federal Register 76(143):44519, column 3, 26 July 2011). So as to preclude misunderstandings and divergent interpretations, DHHS should promulgate standard language that researchers can use in their consent forms to establish consent (or specific withholding of consent) for such re-use. Whilst it is true that cases exist in which re-use of data would be - or has been - met with disapproval from the subjects who provided those data (e.g. "Indian Tribe Wins Fight to Limit Research of Its DNA," The New York Times, 22 April 2010, "http://www.nytimes.com/2010/04/22/us/22dna.html") and appropriate protections including consent mechanisms ought to be in place to cover such cases, these cases are rare. Regarding Questions 52 and 53 on retrospective consideration of consent for re-use of data for additional research purposes, the balance between subjects' interest in having maximal societal benefit from the data that they have provided versus subjects' interest in having individual control over each use of those data seems to me to support a presumption of consent in the retrospective case in which specific consent for re-use has not been addressed. Regarding Question 58 on the retrospective application of new data protection requirements to previously collected data, such a requirement seems inappropriate given that researchers have not had opportunity to consider the data protection issue and to build it into the designs of their studies and analyses. Regarding Question 61 on data protection standards, I don't think that any such standards will be reliably enforced unless doing so is made easy for the individual institutions. What would make it easy? One way would be an open-source, shareable piece of research database software, distributed by DHHS, that would handle data protection issues such as encryption and audit trails via built-in functions. The software would have to be able to handle data items and data files of any size and type, and would have to be extensible to new data types.