Contents


General Questions

1. What do I need to know about accessing and using existing data?

Please refer to the Quick Guide for Secondary Use of Existing Data.


2 If my study does not involve human subjects research, how can I get documentation for my records?

If your study is not human subjects research and you would like to get confirmation and documentation of that, please email your request to ophs@berkeley.edu with a summary of your research purpose, procedures, and data collection. If you are unsure if your study involves human subjects research, you should call the Analyst of the Day at 510-642-7461.


3. What research falls under FDA regulations?

A human subjects research study falls under FDA regulations if it meets one of the categories listed below.

  1. Research involving the administration, dispensation, or use of a drug, such as:
    1. research conducted under an Investigational New Drug (IND) application; or
    2. certain research involving marketed drug products that are exempt from the IND regulations.
  2. Device research conducted to determine the safety/effectiveness of a device or support a research/marketing application to the FDA, such as:
    1. a device study that is exempt from the IDE regulations;
    2. a non-significant risk device study; or
    3. a significant risk device study.

See Drugs and Medical Devices in Research for additional information.


4. What are clinical trials?

(1) Controlled, clinical investigations of a drug or biologic subject to FDA regulation; and
(2) Controlled trials of devices with health outcomes and pediatric post-market surveillance.

An “applicable” clinical trial defined by the Food and Drug Administration is a trial that must be posted on clinicaltrials.gov. These are clinical trials as defined above excluding Phase 1 drug or biological studies and small feasibility studies of devices.


5. Can I invite students taking the course I teach to be in my research study?

The research regulations require that informed consent be sought in circumstances that minimize the possibility of coercion or undue influence (45 CFR 46.116). Due to the power differential between students and instructors, it is very likely that students will feel pressured to participate. For example, they may believe that failure to do so will negatively affect their grades and/or relationship with the instructor. Additionally, even though ongoing voluntary participation is emphasized in the consent process, students who wish to withdraw may find it difficult to do so when this involves informing the instructor of their decision. For these reasons, it is generally preferable for instructors to conduct research with individuals who are not taking their courses (e.g., recruit students from another class).

In certain situations, the use of an instructor’s own students is integral to the research question (e.g., introducing a new teaching strategy or novel content into an existing course). If an instructor does wish to conduct research with his or her students, the eProtocol application should include a rationale as to why the study should be conducted with these particular students. The rationale should be accompanied with a detailed description of the instructor’s plan to minimize the potential for student subject coercion/undue influence to participate. The consent document should also include appropriate language to address these issues.

Ways to minimize coercion and undue influence in a classroom setting include the following:

  • Having an independent third party (e.g., research colleague who has no pre-existing relationship with the students) announce the study and conduct the informed consent process, including the distribution and collection of the consent documents. This individual will need to be added as personnel in the eProtocol application and complete appropriate human subjects training.
    • These activities should occur at a time when the instructor is out of the room.
    • The third party individual should be sufficiently familiar with the study to serve as the contact person for all study-related questions.
  • Arranging for a colleague to run the study and collect all of the data (at time[s] when the instructor is not present. This individual will need to be added as personnel in the eProtocol application and complete appropriate human subjects training.
  • Blinding the instructor to who did and who did not participate – at least until final grades have been assigned.

Researchers may wish to consult with OPHS staff concerning further ways to minimize coercion and undue influence within the context of your own particular study design.

Quality assurance/quality improvement on the effectiveness of the curriculum—unless there is an intent to generalize the results—may not rise to the level of human subjects research. Researchers should contact OPHS staff to discuss the intent of the activity.


6. What training do you offer for non-UCB collaborators?

Please refer to the Quick Guide to Non-Affiliates and Outside Collaborations.


7. What if I will be sharing data with non-UC Berkeley investigators/institutions?

Please refer to the Quick Guide to Non-Affiliates and Outside Collaborations.


8. What do I need to know about human subjects research involving Massive Open Online Courses (MOOCs)?

Please refer to the Quick Guide to Massive Open Online Courses (MOOCs).


9. Can volunteer research assistants help us in the lab?

Please refer to the Quick Guide to Non-Affiliates and Outside Collaborations.


10. I am a student investigator who will be withdrawing from enrollment in order to conduct my human subjects research. What are some considerations I need to make regarding my protocol?

Please refer to the Quick Guide to Non-Affiliates and Outside Collaborations.


11. How can I pay subjects using campus funds?

The Berkeley Human Subject Prepaid Card Program (HSPC) allows researchers to pay study participants using Berkeley funds. In order to be eligible to participate, researchers must submit a request to Cash Handling and Banking Services for each research study for which they plan to issue payment. This request must include proof of CPHS approval, as well as a user agreement to register each employee who will have access to the Prepaid Card Program portal and the IP address of his/her workstation.

There are three types of payment options for researchers to choose from:

  • Instant Issue Plastic
    Departments will issue a Visa debit card directly to subjects after they perform an easy-to-use activation and load process.
  • Personalized (Bulk) Plastic
    Visa debit cards will be mailed directly to the subjects. This program is designed to pay a large number of study subjects.
  • Virtual Payment
    Subjects will be provided virtual card payment information via email notification to allow for online purchases or the option to transfer funds to their personal bank accounts.

12. What online platform should I use for my survey research?

In general, CPHS/OPHS recommends that investigators planning to conduct online survey research use UC Berkeley-licensed Qualtrics or Google Forms through UCB bDrive. Both sites are available at no cost to UCB investigators. However, these sites are only recommended for data classified as Protection Level 3 (P3) and below. Collection of Protection Level 4 (P4) data is not recommended for these sites.

Sometimes investigators prefer to use other survey tools for online research, such as those developed by SurveyMonkey or SurveyGizmo. CPHS/OPHS reviews research involving use of these and other third-party services on a case-by-case basis, taking into consideration the following:

  1. Vulnerability* of the subjects;
  2. Identifiability of data collection;
  3. Sensitivity of the data; and,
  4. Site security measures in place to protect subjects’ data.

*Vulnerability of research subjects refers to when some or all of the subjects are likely to be vulnerable to coercion or undue influence, such as children, prisoners, individuals with impaired decision-making capacity, or economically or educationally disadvantaged persons (45 CFR 46.111[b]).

Investigators may also want to use online subject pools or crowdsourcing communities to facilitate recruitment of research subjects. Services such as MTurk and Prolific Academic provide investigators with an easily-accessible and diverse pool of subjects, and allow for investigators to limit participation to those who meet certain eligibility criteria (e.g., geographic location, age, etc.).

When using online platforms, subject pools, or crowdsourcing communities for survey research, investigators are expected to be knowledgeable about:

  1. Data security measures implemented by the third-party service. Description of data security measures are usually posted online, on company websites. Investigators must include summary of these measures in their protocol application, and these measures must be consistent with the CPHS Data Security Policy. Questions about whether the third-party entity provides adequate level of security for the type of data to be collected should be directed to Berkeley Information Security Office or Research Data Management.

  2. Identifiability of data collection. Data collection is not considered to be anonymous when:
    1. A subject’s survey responses include or are linked to identifiers such as name, contact information, or IP address;
    2. A subject’s survey responses contain information that if combined could potentially identify subjects, such as date of birth, place of residence, and place of employment; or,
    3. A subject’s survey responses are coded with an ID number and a key to decipher the code exists, regardless of whether UCB investigators will have access to this key.
    If a, b, or c is true, then data collection is not considered to be anonymous – even if UCB investigators will only be provided with, or have access to, de-identified data. Investigators must include description of the data collection process in their protocol application and indicate whether data will be collected anonymously. For identifiability of data collected via MTurk, please review the CPHS Guidelines on Mechanical Turk for Online Research.

  3. Survey data retention. Third-party sites may store survey data beyond download by the UCB investigators. For example, Qualtrics stores backup data for disaster recovery purposes. Information about data storage is typically found in the company’s Privacy Policy. However, as noted in the CPHS Guidelines for Internet-Based Research, information about potential storage on backups or server logs beyond the life of the research project should also be provided to subjects at time of informed consent. In general, investigators should delete data from the online survey platform as soon as possible in order to minimize the risk of breach of confidentiality. It is not recommended that investigators use survey platforms such as Qualtrics for backup or data retention.

  4. Data rights and ownership. Information about data rights and ownership is typically included in the company’s Terms of Service (ToS). Although investigators should be cognizant of company policies with regard to data rights and ownership, it is not the purview of the IRB to review such information in the protocol application.

For more information, please see CPHS Guidelines for Internet-Based Research.


13. I have been asked (e.g. by a journal, funding agency, etc.) to share my de-identified research data, but I did not account for data sharing in my approved informed consent document(s).* What should I do?

Is it possible to re-contact subjects in order to obtain their consent to share their de-identified data? Yes: Submit an amendment application to update the protocol and consent form(s) to allow for data sharing.** No: Submit an amendment application to request a waiver of informed consent for data sharing along with justification for the waiver. Include information within the protocol regarding the data elements to be shared, restrictions for data usage, how the data will be managed once shared (e.g. who will be given access to these data), and related security measures.**

*Note that CPHS encourages investigators to include flexible language in their protocol and corresponding consent/permission/assent forms so that they don’t run into this situation.

**If your protocol has already been closed, you will need to clone it and submit a new application (in data analysis only) in order to account for the required amendments.

What if the data I want to share are identifiable or coded?

Sharing identifiable or coded data without prior subject consent is reviewed on a case-by-case basis. Please contact ophs@berkeley.edu for guidance.


Protocol-Related Questions

1. What does “normal education practices” mean in the context of Exempt Category 1?

This category may include research on established teaching methods, curriculum content and commonly-accepted classroom management techniques that are planned and implemented by the teacher/instructor. Normal educational practices are activities that would occur regardless of whether the research is conducted. Therefore, a study that involves implementing a new instructional strategy and/or untested curriculum would not constitute “normal education practices.” Studies that involve surveys and interviews with minors that focus on the characteristics of the children themselves rather than the educational activity being evaluated would not qualify for an exemption.

2. What is Exempt Category #70 for UC Berkeley?

Please refer to the Quick Guide for Exempt Category 70.


3. I am a student investigator. What training verification do I need to provide in my protocol application?

All UCB student investigators or key personnel engaged in human subjects research must complete either of the following CITI courses: Group 1 Biomedical Research Investigators and Key Personnel or Group 2 Social Behavioral Research Investigators and Key Personnel. Additional guidance for student researchers can be found at OPHS’s Student Investigators Guide. For information on the CITI Responsible Conduct of Research course for NSF-funded studies, please refer to RAC’s resource on training.


4. What is the difference between privacy and confidentiality?

Privacy is control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally, or intellectually) with others. Confidentiality pertains to the treatment of information that an individual has disclosed in a relationship of trust and with the expectation that it will not be divulged to others without permission in ways that are inconsistent with the understanding of the original disclosure. Examples of protecting subject privacy include conducting interviews in private areas or closing exam room curtains when conducting physical exams. Examples of minimizing the likelihood of a breach of confidentiality include sharing subject data only with other study team members, encrypting and password-protecting data files, and maintaining lists of subject names/study identification numbers in a separate, secure location from all other private study data.


5. What is anonymous data collection?

Anonymous data collection means that no identifiable information (e.g. name, address, student ID number, email address, phone number) is connected to the data either directly or through a coding system at any point in the study. In addition to videotapes and photographs, audio recordings are not considered to be anonymous. It is also possible that multiple pieces of information, none of which are identifiable on their own, may uniquely identify a person when brought together; in this case, the data would not be considered anonymous. For more information on de-identified data sets, please visit our Secondary Use of Existing Data guidance document.


6. What constitutes “identifiable information”?

Information is identifiable when (1) it can be linked to specific individuals, or (2) a combination of the information/characteristics could allow others to ascertain the identities of individuals. Examples of directly identifiable information may include (but are not limited to):

  • Name
  • Contact information (e.g., home address, work address, fax number, email address, phone number, license plate number, driver’s license number)
  • ID numbers (e.g., student ID, employee ID, social security number, IP address, IMEI number [unique number associated with a cell phone], user name, account number)
  • Voice (e.g., audio recording)
  • Facial features (e.g., photograph and video recording)
  • GPS tracking data and location data
  • Fingerprints

In some cases, elements of information/characteristics that are not regularly identifiable alone can be considered “identifiable” when combined. For example, a combination of age, gender, ethnicity, and place of employment might allow identification of certain individuals in some situations.

Regulations under the Health Insurance Portability and Accountability Act (HIPAA) are more stringent than the requirements for protection of human subjects under 45 CFR 46 and 21 CR 50 & 56. Therefore, when conducting research involving Protected Health Information (PHI), researchers should refer to HIPAA and Human Subjects Research and the list of 18 identifiers to determine whether the information is considered “identifiable.”

Effective March 2018, the National Science Foundation requires recipients of NSF funding to protect Personally Identifiable Information within the scope of an NSF award. See NSF Procedures for Breach of Personally Identifiable Information (PII) on the Sponsored Projects Office website for more information about Article 35.


7. What do I need to know about managing my research data?

Please refer to the Quick Guide for Maintenance and Stewardship of Research Data.


8. If I am in the data analysis phase of my research do I need to renew my protocol?

It depends. If you still have access to identifiable data you must continue to renew your eProtocol application until all analyses are complete or all identifiers have been destroyed. Identifiable data include audio/video recordings as well as coded data where the identifier key is retained. If all identifiable data fields have been destroyed and data analysis will be conducted using only de-identified data, no renewal application is necessary and the protocol may be closed.


9. How can electronic signatures be used to document informed consent?

Electronic signature means a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual's handwritten signature (21 CFR 11). Electronic signatures can be created using a wide variety of methods including, but not limited to, user name and password combinations, biometrics, computer-readable ID cards, and digital signatures.

Federal regulations allow for electronic consent signatures as documented consent when the subject’s identity can be verified (see Use of Electronic Informed Consent: Questions and Answers). The regulations do not specify any particular method for verifying the identities of individual subjects when obtaining electronic signatures and accepts a number of methods.

The UC Berkeley licensed version of DocuSign is one example of an electronic signature method that is usually accepted as documented consent. However, check with OPHS if your research is subject to FDA and/or HIPAA regulations, as additional requirements may apply.

An electronic consent signature obtained from a subject whose identity cannot be verified is not documented consent. In this situation, investigators must either obtain a handwritten consent signature* or ask the IRB for a waiver of documented consent. Federal regulations allow investigators to request a waiver of documented consent for minimal risk studies, and for certain greater than minimal risk studies, according to the below waiver criteria:

A. The only record linking the subject and the research would be the consent document AND the principal risk of the research would be potential harm resulting from a breach of confidentiality (criterion A and C are not described in 21 CFR 50 and therefore do not apply to FDA-regulated research).

-OR-

B. The research presents no more than minimal risk of harm to subjects AND involves no procedures for which written consent is normally required outside of the research context.

-OR-

C. The subjects or legally authorized representatives are members of a distinct cultural group or community in which signing forms is not the norm, the research presents no more than minimal risk of harm to subjects AND there is an appropriate alternative mechanism for documenting that informed consent was obtained.

*A handwritten signature means the scripted name or legal mark of an individual handwritten by that individual and executed or adopted with the present intention to authenticate a writing in a permanent form. The act of signing with a writing or marking instrument such as a pen or stylus is preserved. The scripted name or legal mark, while conventionally applied to paper, may also be applied to other devices that capture the name or mark (21 CFR 11). For example, a handwritten signature obtained on a tablet device is treated as documented consent, just as it would be if obtained as an ink signature on a paper consent form.


10. What documents need to be translated if I will be recruiting subjects in a non-English language?

For Non-Exempt protocol applications that have non-English literate subject populations, CPHS requires translated versions of all consent documents appropriate for your subject population(s). Translations should be submitted to and approved by CPHS prior to their use in the field. Certified translations are not required. However, PIs are responsible for affirming the accuracy of any translated documents. UCB does not provide translation/verification services.


Other Regulatory Questions

1. How do I comply with CA State CPHS data security requirements?

When research projects need to use personally identifiable research data (PID) from California state agencies, state CPHS requires researchers to comply with a specific set of data security requirements before releasing PID. Campus Information Security Office has developed an assessment program to help researchers to comply with these data security requirements. Please go to California State CPHS Data Security Assessment Service for more information on how to meet state CPHS data security requirements.


2. Where do I get information about Biohazard Use Authorization (BUA) numbers?

For Biomedical Non-Exempt researchers, please refer to UC Berkeley’s Environmental, Health and Safety website for information regarding BUA numbers.


3. Under the University of California Policy on Sexual Violence and Sexual Harassment, as set forth by the Systemwide Title IX Office, are Responsible Employees required to report disclosures about Prohibited Conduct received in the course of conducting CPHS-approved or certified exempt human subjects research?

Responsible Employees are not required to report disclosures of Prohibited Conduct made by an individual when participating in human subjects research that has either been approved by an Institutional Review Board (IRB) or certified as exempt from IRB review under one or more of the categories in 45 CFR 46.104.

Disclosures of incidents of alleged Prohibited Conduct made during an individual’s participation as a subject in a CPHS–approved or certified exempt human subjects research protocol will not be considered notice to the University for purposes of triggering its obligation to investigate. This exception does NOT apply to disclosures made to research personnel outside of the course of participation in the research protocol (e.g., to faculty during office hours or while providing academic advising).

This exception also does not affect mandatory reporting obligations under federal, state, or local laws, such as the Clery Act and the California Child Abuse and Neglect Reporting Act (CANRA), and other policies or laws that require reporting to campus or local law enforcement, or Child Protective Services.

If a research study is likely to elicit information about sexual violence or sexual harassment, researchers are encouraged to notify subjects, within the informed consent document, of the research reporting exception and to provide information about University and community resources.