Put Yourself in Their Shoes: Ensuring Responsible Data Management and Stewardship of Human Subjects

Seven blue silhouettes ordered from largest to smallest with a magnifying glass on the middle personThe RDM News Blog will occasionally spotlight data management advocates in our community; members working with data and supporting data management practices in various ways. This month we highlight Kim Serpico, Associate Director of IRB Operations in the Office of Regulatory Affairs and Research Compliance. In this role, Kim is responsible for managing the IRB review process at the Harvard Longwood Medical Area Schools and brings her expertise working with human subjects in research to the Research Data Management Working Group. Read about her work in regulatory compliance, and how data management impacts her work now and in the future. 

Q: What is your role at Harvard University?

A: My role is to assist researchers and investigators in protecting the rights and welfare of human subjects who participate in their research. As that pertains to research data, this includes compliance with federal regulations and ethical standards in the collection, storage, management, sharing, use, and retention of research data about human subjects.

Q: Are you a member of the Longwood Medical Area Research Data Management Working Group? When and why did you join the working group?

A: Yes, I have been a member since January 2022. I joined to assist broadly with the human research/IRB aspects of responsible data management and stewardship, as well as to offer guidance on specific initiatives like the NIH Data Management and Sharing Policy.

Q: How does data management impact you and your group?

A: Insufficient data management and data security can have serious consequences for research participants - it can breach confidentiality, potentially place them at risk if information about them is revealed outside of the research context, erode trust, negatively impact the fidelity of the data, etc. Participants entrust researchers with their private personal, behavioral, and health information; it is our duty (IRBs and researchers) to uphold and preserve that trust to the best of our abilities.

Q: How do you support and promote data management in your work?

A: Translating (in plain language to researchers) the ways that data security and appropriate data management plays a role in upholding the ethical and compliant conduct of human subjects research. We also ensure that researchers have reliable support services and the technical infrastructure to securely manage their research data.

Q: Can you share a data management horror or success story?

A: For confidentiality reasons, I don’t want to share any specifics from any of our research portfolio without permission from the researchers, however I will offer a broad cautionary tale: all Harvard research projects are subject to the Harvard Research Data Security Policy (HRDSP). Often investigators conducting research involving sensitive data have great data management and security plans, but do not realize that the review and approval of those plans must be conducted by IT via the Data Safety System. The IRB works in parallel with IT on these reviews, but it is beneficial for researchers to know, and plan, up front for the time it takes to have both an IRB and Safety application approved.

Q: What are the major data management challenges (or successes) you see as a researcher or with those you support?

A: The two biggest challenges the IRB typically sees are: 

  1. Correct use of the terms to describe the identifiability of research data. There are so many terms - anonymized, de-identified, coded, identifiable - and they can get confusing! It is critical the correct terms are used though; the IRB's review depends on this identifiability distinction. The IRB has provided a table of definitions to help researchers navigate these nuances: Identifiable/Coded/De-Identified/Anonymous Data and/or Specimens.
  2. When researchers collect sensitive data, and the IRB informs them of the additional review steps per the HRDSP, researchers sometimes immediately opt to remove such questions to avoid additional review/delay. The IRB wants researchers to ask all of the questions they need to support the aims/hypotheses of their study, and we will help make it happen! We regret to see any researcher compromise their data collection or data fidelity by removing questions. In these situations, the IRB would advise researchers to consult with their department-assigned Review Specialist before removing data collection questions outright; we can usually find a path forward or way to assist!

Q: What are the costs and consequences of the gaps in data management you see? What are one or two things you could do to help mitigate them?

A: The consequences for the IRB are clear - when research data is improperly managed, it can impact the rights and welfare of human subjects. Researchers owe their participants assurances that their personal information is secure; holding their personal data in the strictest of confidence is paramount to a trustworthy research enterprise.

Q: How do you see data management evolving in the research environment?

A: That's a good question. I think Harvard does a nice job of vetting reliable, secure technologies for our research community. I hope to see even more secure data management options in the future - perhaps with a collaborative element like collaborative cloud-sharing environments with HRDSP-compliant security levels.

Q: What is your advice for someone just getting started with data management? Do you have a "data management mantra?”

A: Put yourself in your participants' shoes - what assurances would you want that would make you feel comfortable to share your personal data with a researcher?

Contributed by Kim Serpico, EdD, CIP, Associate Director of IRB Operations, Office of Regulatory Affairs and Research Compliance

Image Credit: Canva

If you are interested in being featured in a future blog post, please respond to our easy-to-fill-out form.