The Institute for Family Health
Institutional Review Board

The Institute’s Institutional Review Board (IRB) is a peer-review body that is responsible for ensuring that research at the Institute safeguards the rights of human research subjects.  The IRB is guided by the Belmont Report: Ethical Principles and Guidelines for the Protection of Human Subjects Research, prepared by the National Commission for the Protection of Human Subjects of Biomedical and Behavioral Research, and by related federal regulations, including the Common Rule (45 CFR Part 46) and those promulgated by the FDA (21 CFR Parts 50 and 56).   HIPAA (Health Insurance Portability and Accountability Act) regulations protecting personal health information, which apply to the Institute and its medical records as a covered entity, also have provisions related to research which serve to guide the actions of the IRB. 

The Institute’s IRB has jurisdiction over human subjects research taking place at all Institute sites and by all Institute employees.  Research that involves Institute patients, as well as employees, as research subjects must be reviewed by IRB.  Information about IRB review at the Institute is provided below.  Links to IRB forms and resources are located at the left of this page.  Please contact the IRB Administrators, Diane Hauser (212-633-0800 x1290) and Michelle Pichardo (212-633-0800 x1279) with any questions and for further information.

When does a project need to be reviewed by the IRB?

Any project that involves research and human subjects must be reviewed by the IRB.  Research is defined as a systematic investigation, including research development, testing and evaluation, designed to develop or contribute to generalizable knowledge.  Continuous quality improvement (CQI) projects designed exclusively for use within our own practices, and that are not intended to be published, would not be defined as research.  Human subjects are defined as living individuals about whom an investigator (whether professional or student) conducting research obtains 1) data through intervention or interaction with the individuals, or 2) identifiable private information.  Any project that proposes to utilize medical record data must be reviewed by the IRB.  In many of these projects, investigators remove identifiable patient information and are deemed to be “exempt” studies, but they still must be reviewed by the IRB.

How does my project get reviewed by the IRB?

Research Committee Review:

●  Before a project is reviewed by the IRB, the Institute’s policies require that it be reviewed by the Institute’s Research Committee. 

● The purpose of the Research Committee review is to consider the research project in the context of the Institute’s mission, current research activities, and available resources. 

● Research Committee meetings are held the first Monday of every month.  

IRB Application Process:

● After review by the Research Committee, an IRB application form must be completed and signed by the study’s principal investigators.  All resident and student projects must have a faculty or staff member serve as a co-principal investigator. 

● IRB applications must be submitted to the IRB administrator two weeks prior to an IRB meeting, generally held the fourth Monday of every month.  The IRB administrator conducts a pre-review of the applications to ensure that it is complete and signed, and may request revisions before passing it on to the IRB members for review. 

● All investigators and key project staff must participate in human subjects protection education prior to IRB review of their research proposals.  This is commonly accomplished through the completion of the following web-based course:  http://cme.cancer.gov/clinicaltrials/learning/humanparticipant-protections.asp.  It takes approximately one hour to complete.

What criteria are used to approve IRB applications?
In order to approve human subjects research, the IRB must determine that all of the following requirements are satisfied:

● Risks to subjects are minimized: (i) By using procedures which are consistent with sound research design and which do not unnecessarily expose subjects to risk, and (ii) whenever appropriate, by using procedures already being performed on the subjects for diagnostic or treatment purposes.

● Risks to subjects are reasonable in relation to anticipated benefits, if any, to subjects, and the importance of the knowledge that may reasonably be expected to result.

● Selection of subjects is equitable.

● Informed consent will be sought from each prospective subject or the subject's legally authorized representative, and will be appropriately documented (see requirements for informed consent detailed in the IRB application form).

● When appropriate, the research plan makes adequate provision for monitoring the data collected to ensure the safety of subjects.

● When appropriate, there are adequate provisions to protect the privacy of subjects and to maintain the confidentiality of data.

● When some or all of the subjects are likely to be vulnerable to coercion or undue influence, such as children, prisoners, pregnant women, mentally disabled persons, or economically or educationally disadvantaged persons, additional safeguards have been included in the study to protect the rights and welfare of these subjects.

How do I de-identify identifiable personal health information?
The HIPAA Privacy Rule (45 CFR, Parts 160 and 164(A) and (E)) specifies that patient data can be to de-identified by removing 18 elements that could be used to identify an individual or an individual’s relatives, employers, or household members; these elements are enumerated in the Privacy Rule.  Investigators also must have no actual knowledge that the remaining information could be used alone or in combination with other information to identify the individual who is the subject of the information.  Under this method, the following identifiers must be removed:

1. Names

2. All geographic subdivisions smaller than a state, including street address, city, county, precinct, ZIP code, and their equivalent geographical codes, except for the initial three digits of a ZIP code if, according to the current publicly available data from the Census Bureau, a) the geographical unit formed by combining all ZIP Codes with the same three initial digits contains more than 20,000 people or b) the initial three digits of a ZIP code for all such geographic units containing 20,000 or fewer people are changed to 000.

3. All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such ages and elements may be aggregated into a single category of age 90 or older.

4. Telephone numbers

5. Facsimile numbers

6. Electronic mail addresses

7. Social security numbers

8. Medical record numbers

9. Health plan beneficiary numbers

10.  Account numbers
 
11. Certificate/license numbers

12. Vehicle identifiers and serial numbers, including license plates

13. Device identifiers and serial numbers

14. Web universal resource locators (URLs)

15. Internet protocol (IP) address numbers

16. Biometric identifiers, including fingerprints and voiceprints

17. Full-face photographic images and any comparable images

18. Any other unique identifying number, characteristic, or code, unless otherwise permitted by the Privacy Rule for re-identification.

Statistical methods to establish de-identification can be used instead of removing all 18 identifiers.  Investigators seeking exemption for their study must complete a HIPAA De-Identification Certification Form.  See Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule at left for further information.

What happens after my application is reviewed by the IRB?
●  The IRB can approve or disapprove applications, or it can provide a conditional approval which details changes that must be made in order to receive a full approval.  With a conditional approval, changes must be presented in writing and approved by the IRB. 

●          Investigators receive a letter explaining the IRB’s decision regarding their applications.  The letter also provides the date on which the IRB will follow up with the investigator for continuing review of an approved project, which takes place no later than one year after the approval date.  The Institute can choose to stop a research project that the IRB has approved, but it cannot allow a study to move forward that the IRB has disapproved.