Just before I left for San Antonio, I held an educational session with my IRB members, focusing on the revisions to the Common Rule that were likely to have the greatest impact on our processes. As an institution focused primarily on social, behavioral, and educational research (SBER), it seems likely that a large number of our currently expedited review projects will become exempt projects, especially under .104(d)(2) and .104(d)(3).

Unsurprisingly, our IRB members were extremely interested in the provisions for the exemptions involving limited IRB review (.111(a)(7)), to assess privacy and confidentiality protection. They had many questions for me about what this review would entail and how we would implement it. Unfortunately, I did not feel like I had any clear answers for them, and the educational session I hosted probably raised more questions than it answered. I promised them that I would do my best to gather information at the conference about how other similar institutions envision this change.

During the 2017 Social, Behavioral, and Educational Research Conference I attended a session titled “Limited IRB Review of Exempt Studies with Sensitive Data: How to ‘Let it Go‘ with Data Security Plans” with presenters Teresa Doksum, Lauren Hartsmith, Daniel K Nelson, Sean Owen and Katie B Speanburg, hoping it would help me fulfill my promise to my IRB members.

One of the main takeaways from this session was that the standard for limited review is the same standard by which IRB members are currently evaluating privacy and confidentiality protections under expedited review procedures (at least until there is further guidance). During the Q&A session, one audience member pointed out that many institutions (my own included) already use a “limited review” of sorts, in which we have additional institutional requirements for technically exempt studies; for example, inclusion of a basic consent statement.  I felt the lightbulb go off in my head, and all of a sudden, this limited IRB review business seemed far less overwhelming. This clarified for me that although the revisions may require a significant change to our processes, ultimately we don’t need to reinvent the wheel with review criteria.

The question for us now will be how to operationalize the limited review process in a way that achieves the goal of decreasing administrative burden while improving participant protections. Within my own institution, I plan to use these rule changes as an opportunity to take a hard look at our data management requirements and work with different campus stakeholders to improve and standardize data security. Ultimately, in order to implement this new review process with IRB members, I anticipate heavy use of the IRB administrator’s best friend—checklists!

Jennie Wyderko, MS, is the research compliance officer at Western Carolina University located in Cullowhee, North Carolina. She oversees and coordinates the IRB, IACUC and IBC for the campus. She is also responsible for oversight of export controls, responsible conduct of research, and conflict of interest as related to research.