Complying With Non-Compliance of Researchers and Research Staff

Deficient written policies and procedures, and practices to address non-compliance (Element I.5.D.) continue to be among the most common problems observed in the accreditation process. In eighty-two percent of organizations problems related to Element I.5.D. were found, either in their Step 1 Review of Application Materials or in their Draft Site Visit Report. The deficiencies included incomplete policies regarding determinations of non-compliance and reporting, and, in practice, to both the IRB’s failure to decide whether an incident of non-compliance is serious or continuing and the lack of internal and external reporting according to regulations and internal policies and procedures.

But putting the specific technical issues aside, people⎯including IRB staff, IRB chairs and members, and research administrators—have difficulty dealing with non-compliance. They have expressed concerns like these about non-compliance:

• “IRBs get enough complaints; we don’t want to get the researchers even angrier.”
• “We don’t want to taint someone’s reputation by making and documenting a determination of non-compliance.” 
• “It’s too much work. We have to do an investigation—we just don’t have enough staff. And we probably have to get legal counsel involved.”
• “We don’t want to report to external agencies.”

These are all understandable concerns. However, as with most systems of rules in society, the integrity of a process is only as good as its enforcement.

The IRB and, more broadly, the organization are charged with protecting human research participants and must do so when their policies and procedures are not followed. The ethical mandate is to take steps and make decisions to protect participants, which will perhaps prevent further non-compliance with the protocol or by the researcher. The regulatory requirement is to report cases of serious or continuing non-compliance to organizational officials and regulatory agencies.

While AAHRPP requires organizations to define non-compliance, serious non-compliance, and continuing non-compliance, each organization may develop its own definitions. A common question is whether conducting human participant research without IRB approval should be considered serious non-compliance. Organizational policies often state that serious or continuing non-compliance is based on harm to the participants. So, if research is conducted without IRB approval and no harm occurs, is that serious non-compliance? The IRB must review protocols to evaluate the risks the research poses and ensure that risks are mitigated by requiring changes in the protocol. In many cases, the IRB determines that the research poses no more than minimal risk, but failing to afford the opportunity for the IRB to review the protocol is a serious breach of regulations, as well as organizational policies and procedures. 

Non-compliance is discovered or reported in many different ways. Commonly, non-compliance is discovered when organizations conduct audits of researchers or analyze protocol deviations, unanticipated problems, or complaints from participants. Non-compliance is usually reported to the IRB by employees or staff not involved in the research, or by the researchers or research staff themselves. The organization should investigate any allegation of non-compliance, and that investigation and any subsequent determinations should be appropriately documented, even if merely to document that the allegations are not true.

Investigating allegations of non-compliance adequately and fairly may require audits or interviews. Indeed, many cases of alleged non-compliance either do not turn out to be non-compliance, in fact, or are determined to be non-serious non-compliance. In 2010, 162 organizations reported to AAHRPP 1,923 allegations of non-compliance that were investigated. Investigation determined that 23 percent involved serious non-compliance and 13 percent continuing non-compliance.

What actions does the IRB have the authority to take when non-compliance occurs? At a minimum, AAHRPP requires that IRBs have the authority to suspend or terminate IRB approval of research and to require notification of current participants (when notification might inform participants about risks related to the non-compliance or influence their willingness to continue to take part in the research). Optional actions that the IRB may take include modifying the research protocol, modifying information disclosed during the consent process, providing additional information to past participants, requiring current participants to re-consent to participation, modifying the continuing review schedule, monitoring the research, and monitoring the consent process.

The IRB’s ability to address non-compliance is limited to actions it can take related to the protocol. Thus, it is important to have internal reporting requirements to other organizational entities, such as legal counsel, risk management officials, research administrators, the organizational official, and the office that investigates scientific misconduct in place, because these entities have the various levels and types of authority over the researchers and research staff. By dealing not only with the protocol and participants enrolled in the protocol, but also the non-compliance individuals is the organization able to ensure a comprehensive solution is implemented to protect participants, correct the non-compliance, and take steps to prevent future occurrences.

Developing and maintaining a complete non-compliance policy and implementing the policy when needed are essential to a well-functioning HRPP. Educating IRB staff and members, as well as researchers and research staff, about non-compliance and the non-compliance policy can be preventive as well as informative. Although identifying, investigating, managing, and reporting non-compliance are not easy or pleasant aspects of any IRB administrator’s or IRB member’s job, these actions are essential to maintaining the integrity of the research oversight system and protecting human participants.