Regulatory Changes in ANPRM

Comparison of Existing Rules with Some of the Changes Being Considered

Current rule

Changes being considered

Rationale for change

Issue 1: There are no specific data security protections for IRB-reviewed research: regulations require IRBs to determine, for each study, “when appropriate [that] there are adequate provisions to protect the privacy of subjects and to maintain the confidentiality of data.”

Specified data security protections would apply to such research, calibrated to the level of identifiability of the information being collected.

IRBs were not designed to evaluate risks to privacy and confidentiality, and often have little expertise in these matters. Setting uniform specific standards will help to assure appropriate privacy and confidentiality protections to all subjects, without administrative burden of needing a specific committee review of each study.

Issue 2: Research using existing biospecimens (clinical or from prior research) can be done without consent by stripping the specimens of identifiers.

Reforms would require written consent for research use of biospecimens, even those that have been stripped of identifiers.  Consent could be obtained using a standard, short form by which a person could provide open-ended consent for most research uses of a variety of biospecimens (such as all clinical specimens that might be collected at a particular hospital). This change would only apply to biospecimens collected after the effective date of the new rules.

Changing technology in the field of genomics has dramatically increased the amount and nature of information about individuals that can be obtained from their DNA. Surveys indicate a desire on the part of most respondents to be able to decide whether their specimens can be used in research.  Providing mechanisms for such control should enhance public trust in biomedical research.

Issue 3: Federal protections only apply to studies that are funded by certain federal agencies (Common Rule agencies), or to clinical investigations that involve products regulated by the FDA.

Regulations would apply to all studies, regardless of funding source, that are conducted by a U.S. institution that receives some federal funding for human subjects research from a Common Rule agency.

Many have called for legislation to extend the Common Rule protections to all research with human subjects conducted in the U.S., regardless of funding source.  This change would help narrow the current gap in protections.

Issue 4: Adverse events and unanticipated problems occurring in research are reported to multiple agencies and with various time-lines, with no central database as a repository for such data.

A single web site would be created for the electronic reporting of all such events:  this would meet all federal reporting requirements and the collected data would be stored in a single database. Reporting requirements would be harmonized across agencies.

This reform would enhance the capacity to harness information quickly and efficiently to identify and respond to risks from experimental interventions, while also decreasing administrative burdens imposed by existing framework.

Current rule

Changes being considered

Rationale for change

Issue 5: Current provisions of the Common Rule provide only basic information about the elements of informed consent and how consent documents should be written. Many consent forms are too long and hard to understand, and fail to include some of the most important information.

The regulations would be revised to provide greater specificity about how consent forms should be written and what information they should contain.  The goal would be consent forms that are shorter, more readily understood, less confusing, that contain all of the key information, and that can serve as an excellent aid to help someone make a good decision about whether to participate in a study.

The informed consent of the subject is critical to the conduct of ethical research.  The proposed changes will substantially enhance the quality of consent in many studies.

Issue 6: Each site in a study requires IRB review. Although the regulations allow one IRB to carry out the review for multiple sites, it is common for a single study conducted at multiple sites to have many IRBs separately reviewing the study.

For all of the U.S. sites in a multi-site study, the changes propose a single IRB of record.

There is very little evidence that having multiple IRBs review the same study results in enhanced protections for subjects. By diffusing responsibility for that review, it might actually contribute to weakened protections.

Issue 7: Each Common Rule agency, and the FDA, is authorized to issue its own guidance with regard to interpreting and implementing the regulations protecting human subjects. That guidance may substantially differ from agency to agency.

The ANPRM does not propose a specific change but through questions, seeks to determine whether or not the differences in guidance from agency to agency are justified by differences in the applicable statutes or missions of those agencies, and if not, to determine how to make guidance more uniform.

If the differences in guidance are not justified, then it would be appropriate to eliminate those differences.

Issue 8: Research involving more-than-minimal risk requires review by a convened IRB.

This requirement would remain unchanged.

Higher-risk studies should be subject to the highest level of scrutiny.

Current rule

Changes being considered

Rationale for change

Issue 9: Research that requires review by a convened IRB requires continuing review at least annually.

Continuing review would generally not be required after all subjects in the study have completed all study interventions, and the only remaining procedures are standard-of-care procedures that are used to obtain follow-up clinical information (e.g., standard annual CT scans to detect any spread of the patient’s cancer), and the analysis of the research data.

 Since the research risks to subjects after completion of study interventions are limited to privacy and confidentiality concerns, which would be dealt with by the new uniform protections, this change would enable IRBs to focus attention on higher risk protocols.

Issue 10: Research that poses minimal risk and includes only research activities in a list approved by the HHS Secretary is eligible to be reviewed in an “expedited” manner (e.g., with one reviewer, instead of a convened IRB).

This list would be updated now, and at regular intervals, using appropriate data about risks to the extent possible.

Determinations about the risks imposed by various research activities should be based upon appropriate data.

Issue 11: Research that is eligible for expedited review requires continuing review at least annually.

Continuing review would not be required of studies that are eligible for expedited review unless the reviewer, at the time of initial review, determines that continuing review is required, and documents why.

Research eligible for expedited review can involve only research activities that are included in the approved list.  These activities are well-understood and it would be very unlikely that research involving such activities would lead to the new or unexpected risks with which continuing review is intended to deal.

Issue 12: For a research study to be eligible for expedited review, an IRB member must determine that it is minimal risk.

The “default” assumption will be that a study otherwise eligible for expedited review will be considered minimal risk unless a reviewer documents the rationale for classifying the study as involving more than minimal risk.

Since research that is eligible for expedited review can involve only research activities that are included in the approved list, very few such studies will involve more than minimal risk. This change will better assure that the level of review is well targeted to the level of risk.

Current rule

Changes being considered

Rationale for change

Issue 13: For a research study to be approved, even if it qualifies for expedited review, the same approval criteria must be met as for studies that are approved by a convened IRB.

The ANPRM does not propose a specific change, but through questions seeks to determine whether some approval criteria do not meaningfully increase protections for subjects (i.e., in the case of studies that otherwise would qualify for expedited review).

Appropriate approval criteria may be different for studies that otherwise qualify for expedited review and those that do not.

Issue 14: Six categories of studies qualify as “exempt” from the regulations, meaning that they do not have to comply with any of the requirements of the regulations.

These studies would no longer be fully exempt from the regulations. In particular, they would be subject to the new data security protections described above; and for some studies (e.g., those using biospecimens) new consent requirements would apply.

Research that might pose informational risk to subjects should adhere to reasonable data security protections.

Issue 15: The categories of studies that qualify as “exempt” are not very clearly defined. As a result, it is sometimes difficult to determine whether a study qualifies as exempt.

The criteria for determining whether a study is exempt would be more clear-cut and less open to interpretation.   

Clearer criteria will increase the transparency of the system and reduce the time and effort spent in determining whether or not a study qualifies as exempt.

Issue 16: Although the regulations do not require administrative review before a study is determined to be exempt, most institutions follow current federal recommendations and carry out such an administrative review.

The recommendation that all such studies undergo administrative review would be eliminated. Researchers would file a brief “registration” form with their institution or IRB, and would be permitted to commence their research studies immediately after filing the form. Audits of a small percentage of studies would take place to ensure appropriate application of and compliance with the revised regulation.

The major risk in most studies that might qualify as exempt is a breach of confidentiality. Given that there will be clearer criteria to determine when a study meets the standards for exemption, and that all studies will be covered under appropriate data security protections, there should be little need for or benefit from reviewing each study before it commences to determine that it meets the criteria for being exempt. 

Current rule

Changes being considered

Rationale for change

Issue 17: One of the six exempt categories applies to research using educational tests, survey procedures, or observation of public behavior, but not if both (i) information is recorded in a way that allows subjects to be identified, and (ii) disclosure of the subjects’ responses outside of the research could reasonably place subjects at risk of criminal or civil liability or cause damage to financial standing, reputation, or employability.

This exempt category would be broadened by eliminating criteria (i) and (ii)  for studies that involve competent adults, i.e., such research would be exempt even if the information was recorded in an identifiable way and the disclosure could pose such risks to the subject.

 The new data security protections obviate the need for (i) and (ii).

Issue 18: Currently, research studies in the social and behavioral sciences that do not qualify for exemption category 2, but that involve certain types of well-understood interactions with subjects (e.g., asking someone to watch a video and then conducting word association tests), require IRB review.

The ANPRM does not propose a specific change, but seeks public comment on  whether a broad subset of studies using common social and behavioral science methodologies can be identified that should be eligible for exemption 2 .

To identify areas of research that do not warrant the current degree of regulatory oversight so that review requirements are better calibrated to the level of risk. 

Current rule

Changes being considered

Rationale for change

Issue 19: One of the six exempt categories applies to research involving the use of existing data, documents, records, and pathological or diagnostic specimens, but only if the sources are publicly available or if the information is recorded by researchers in such a manner that subjects cannot be identified, directly or through identifiers linked to them.

The requirements in this category that (1) all the data or specimens must exist as of the time that the study commences, and (2) the researcher cannot record and retain information that identifies the subjects, would be eliminated. If a researcher chooses to obtain and record identifiable information, the subject’s consent would generally be needed (as required by the current rules), but that could be obtained at the time the materials are collected by using a general, open-ended consent to future research. With regard to studies using existing biospecimens, see Issue 2 above.

The new data security protections obviate the need for limitations in this exempt category.   


Content created by Office for Human Research Protections (OHRP)
Content last reviewed