Planning and designing a study
Analyzing data and publishing research artifacts
Sharing data
Obtaining data
Storing data
Archiving and destroying data
I. Planning and designing a study:
- Developing a research proposal:
The University of Wisconsin-Madison offers several valuable resources to assist researchers in proposal development. UW libraries provide access to over 1,300 subscription databases and offer an interlibrary loan service for items that are not available in UW collection. UW subject librarians are available to guide and assist with literature search. In addition, MedRAMP provides sample proposals and proposal templates that can be used as examples for your proposal development. Researchers can request preliminary data (submit SMPH Informatics Research Data Request/Consult form) from UW Clinical & Health Informatics Institute (CHI2) and/or consult CHI2 data scientists on different components of research proposal (e.g. selecting appropriate study design, analytical methods, data sources, etc.).
- Completing necessary trainings:
Researchers conducting Human Subjects Research at UW-Madison need to complete the following trainings:
- UW Human Subjects Protections Course available on the Collaborative Institutional Training Initiative (CITI Program). Note: you can login to CITI Program though UW cross-link
- HIPAA Privacy & Security Training available on UW Canvas.
- Outside Activities Reporting
PIs and research team leaders can check the status of UW faculty, staff, and students training completion through VCRGE Training Information Lookup Tool.
- Preparing and submitting the Institutional Review Board (IRB) application (if required):
Federal regulations (45 CRF 46) define:
Human Subject as “a living individual about whom an investigator (whether professional or student) conducting research: (i) Obtains information or biospecimens through intervention or interaction with the individual, and uses, studies, or analyzes the information or biospecimens; or (ii) Obtains, uses, studies, analyzes, or generates identifiable private information or identifiable biospecimens.”
Research as “a systematic investigation, including research development, testing and evaluation, designed to develop or contribute to generalizable knowledge”.
Projects that do not fall under the definition of “Human Subjects Research” (e.g. Program Evaluation/Quality Improvement or Assurance Projects, Case reports of ≤3 individuals, Oral history, Analysis of publicly available datasets), do NOT require IRB oversight. For more information on IRB requirements, review Investigator manual.
All “Human Subjects Research” studies DO require an IRB application. Depending on the proposed research, the application should be submitted to either Health Sciences IRB or Minimal Risk Research IRB using ARROW (Application Review for Research Oversight at Wisconsin). Note: for cancer-related research, the IRB application should be submitted after receiving approval from the Carbone Cancer Center Protocol Review and Monitoring Committee (PRMC). Therefore, first you will need to submit the PRMC application. For specific IRB-related questions, you can contact the IRB.
- For grant applications, check for specific requirements set by grant funding agency. For example, the National Institutes of Health (NIH) requires (effective January 25, 2023) that all grant applications include 2-page Data Management and Sharing Plan (DMSP). As outlined in NIH Data Management and Sharing Policy, the DMSP should include the information on:
- Data Types
- Related Tools, Software, Code
- Common Data Standards
- Data Preservation, Access, Timelines
- Access, Distribution, Reuse Conditions
- Oversight of Data Management
The DMSP web page created by our team provides a thorough guidance and resources to assist SMPH researchers in writing the DSMP. Other useful resources/tools to consider are NIH DSMP, NIH webinar on DMSP, SMPH medRAMP DMSP, and DMPTool.
II. Obtaining data:
- Primary data. Studies involving direct contact and data collection from human subjects require an IRB-approved informed consent. The webpages Writing a Consent Document and Informed Consent FAQs provide a thorough overview of how to prepare a consent document.
- Secondary data: UW SMPH possesses large amounts of human data that can be efficiently utilized in several research projects. Based on the level of risk (for the university, affiliates, or research projects), associated with “unauthorized disclosure, alteration or destruction of data”, UW data are classified as
- Public data shared on the UW website can be freely downloaded without prior authorization. Public data from other organizations/websites, in general, can also be freely downloaded, however it might be subject to organization or data repository-specific policies and regulations. Therefore, it is advised to check the regulations before downloading and using public data.
- Restricted data contains high level of risk for the university, affiliates, or research projects. Protected Health Information (PHI) is considered a restricted data, as described in policy UW-504. Data can be requested by submitting SMPH Informatics Research Data Request/Consult form. More information about identifiability of human data and the types of de-identification of PHI is available in policies UW-114 and UW-115.
- For non-UW data requests: obtain data use agreement and submit data request in accordance with the organizational policy. (SMPH – Work with Ben Tiller’s team, or HIPAA Privacy Coordinator, or Office of the Honest Broker…)
III. Analyzing data and publishing research artifacts:
- Preparing data for analysis, including data cleaning, manipulation (recoding, formatting, and labeling of raw variables, creating new variables), and linkage with other datasets. Our data scientists have extensive expertise in managing large, complex datasets and can advise you through the process.
- Creating supporting documentation, such as readme files, data dictionaries, and codebooks. Good supporting documentation should include information (not limited to) on data sources, volume, modality (e.g. imaging data), level of aggregation (individual vs. aggregated), description (name, type, and format) of data elements, and the list of tools and software (including versions) required for accessing data. Whenever applicable, the syntax code and the rationale for creating complex variables should be also provided.
- Analyzing and visualizing data. UW Campus Software Library provides access to UW faculty, staff, and students to variety of software that can be used for data analysis. Our Data Scientists are available to consult on different stages of data analysis, including (but not limited to) creating biologically relevant variables, ontologies, and assistance with advanced statistical methods, and data visualization techniques.
- Presenting/publishing research artifacts. A key part in sharing the results of human subject research is protection of privacy and security of health information, in compliance with Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH).
Dissemination of results is a key part in conducting research and translating research findings into practice. UW libraries provide valuable resources and tools to build the visibility of research and maximize their impact. Also, publishing research artifacts is important for building research portfolio and developing a successful career in academia, therefore scientists are encouraged to create ORCID profile and include their ID in publication to receive credits for their work.
IV. Storing data:
Research data should be stored in compliance with the FAIR guiding principles for scientific data management and stewardship, meaning that data should be easily Findable, Accessible, Interoperable, and Reusable. The webpage Selecting a Data Repository provides guidance on how to identify data repository fitting the characteristics of your data. Commonly used data repositories are:
- NIH-supported Scientific Data Repositories
- Generalist Repositories
- Data Repository Guidance
- Registry for Research Data Repositories
Additional factors to consider when selecting a data repository include cost, security, accessibility, etc. As described in policies UW-132 and UW-133, only qualified researchers can have access to PHI data, and a multi-factor authentication is required for remote access to it.
V. Sharing data:
Nowadays, many funding organizations require sharing the scientific data, to assure transparency and reproducibility of research. NIH requires that data is made publicly available no later than the end of the grant period or resulting publication, whichever comes first. Manuscript submission to peer-reviewed journals often includes data availability statement, where the authors need to indicate whether data is available to scientific community, and if not, what are the reasons prohibiting data access.
When sharing human subject data, researchers need to consider and comply with HIPAA regulations, privacy and safety of participants, information provided in informed consent, relevant laws, regulations, and policies (federal, state, local, Tribal), and agreements between organizations providing data. UW has Data Transfer and Use Agreements for different types of data: identifiable human subject data, HIPAA limited datasets, de-identified human subject data, and general data. In addition, UW offers secure transfer of PHI data to collaborators via Globus.
VI. Archiving and destroying data:
It is the Principal Investigator’s responsibility to assure appropriate archival of research data and protection of PHI. Policy UW-4032 outlines the UW requirements on Scientific data stewardship, access, and retention. A common practice is to archive data for a minimum of 7 years after the end of the project, after which PHI data should be destroyed. The purpose of data destruction is to exclude the possibility of data recovery through standard methods, such as un-delete, recover from trash/recycle, restore from backup, recover from snapshot, recover via simple third-party tools. Policy UW-130 describes the commonly used methods for destruction/disposal of PHI. More comprehensive information can be found in Guidelines for Media Sanitation (NIST SP 800-88r1). It is important to document data destruction, which can be done by using NIST Sample “Certificate of Sanitization” from Appendix G (docx). For information on specific project, please, refer to the SMPH record retention schedule.