The risks associated with social, behavioral, and educational research (SBER) are often subjective, unpredictable, and hard-to-identify. Even the most experienced reviewers struggle with quantifying potential harms associated with SBER. On March 20, 2019, PRIM&R hosted a webinar, Assessing and Mitigating Risk in SBER. Presented by Amy Ben-Arieh, JD, MPH and Lara Sloboda, PhD, this webinar helped attendees understand risk as defined in the regulations and as applied to SBER; implement strategies for mitigating risk in SBER; and appreciate the complex nature of risk assessment and mitigation in SBER.
After the webinar, Ms. Ben-Arieh responded to two attendee questions time didn’t permit us to address live. We’re pleased to share those responses with the readers of Ampersand.
How are invasion of privacy and breach of confidentiality separate harms?
Amy Ben-Arieh (AB): Invasion of privacy is primarily about the subject’s perception of a research activity. A breach of confidentiality is a misstep on the part of the research team. I’ll explain:
Invasion of privacy can occur when a researcher is observing behavior or accessing information that a participant reasonably thinks is private. This is a particular risk when the information is accessed or collected without a subjects' knowledge or consent. It can occur even if done with an appropriate waiver of consent/waiver of HIPAA authorization. An example would be if a potential subject receives a direct recruitment letter indicating that they likely meet certain inclusion criteria, and the potential subject does not know how or why the researchers have the personal information that makes them eligible.
Breach of confidentiality relates to the failure to safeguard information a participant has provided. Confidentiality can be compromised through an unauthorized release of data (like a HIPAA breach for those of us at covered entities), but can be any disclosure of research information when the research team had a fiduciary duty to keep it confidential. The breach itself is often not such a great harm—more, it’s all of the other harms that result that are of concern. One of the greatest risks of SBER is that the research information could adversely affect subjects if shared outside the research context. Breaches of confidentiality of sensitive information have the potential to result in legal harm, emotional distress, financial harm, social harm, and even physical harm.
We do a lot of survey studies that address really sensitive topics, but lately investigators find it much more expedient to recruit and survey subjects entirely online. Are there strategies for mitigating the distress the questions are likely to cause?
AB: This comes up a lot at my institution. Our standard approach to this is three tiered:
- Push back on the investigator. Is it essential to their purpose to ask these questions? Can they be phrased in such a way as to limit their potential to cause distress?
- Require that subjects be given the option to skip over survey sections. At the beginning of sections likely to be troubling, we ask that investigators provide an overview of the type of questions that subjects will encounter, and a warning that some people may find the questions triggering. Subjects are then presented with the option to skip over the question/section entirely without even reading the question(s).
- Ask for the safety plan. Our IRB then asks what resources will be provided to subjects who are triggered. We generally look for investigators to have provided appropriate resource referrals for subjects. We find it inappropriate to ask questions that elicit responses that may indicate a mental health crisis/emergency online, because there is often no way to contact the subject and no plans to review the responses in real time. This type of information is better gathered in a different format.
PRIM&R thanks Ms. Ben-Arieh for sharing her expertise.
The recording of this webinar is available for individuals to purchase in PRIM&R’s online store. If you would like to purchase the webinar for group viewing, please download the order form (PDF) and send it to email@example.com.