New Consent Language for Participant Payments - $600 Reporting Requirement

To accommodate tax laws, KPNW has implemented a mechanism to track compensation paid to participants. Participants who accumulate $600 or more within a year will receive a tax form from CHR Finance to be included with required tax filings. If you have a study that pays a stipend, even one that falls below the $600 threshold, the IRB will now require this consent template language to be included in the consent document. Research Compliance and Finance are working on a process to track and document participants who are close to or have surpassed the threshold and plan to roll that out closer to the end of the year.

Developing a Mobile Medical App? There’s an App for That!

As technology becomes more and more inextricably linked to our everyday lives, and we rush to greet the Singularity in its unexpectedly warm embrace, the use of ‘mobile medical apps’ has exploded in clinical, consumer and research arenas. A mobile medical app is any software deployed on a mobile platform that meets the definition of a medical device. Mobile medical apps can be subject to multiple regulatory agencies depending on the functions they serve and teasing this out during the development process can be challenging even for the most adept regulatory professional. Luckily, the Federal Trade Commission (FTC) has released a tool to help. The Mobile Health Apps Interactive Tool prompts users to answer 10 questions that will help inform researchers and regulators about which sets of regulations apply (HIPAA, FDA, FTC Act, FTC Health Breach Notification Rule).

Be Sensitive About the Use of Sensitive Data

When a study seeks to answer a research question that is directly related to sensitive information, it’s usually easy to determine what data you’ll want to collect, and why it’s important to answer the research question. Other times, the need to access sensitive data will only arise sporadically. This can be the case when tracking such metrics like health care utilization that can encompass data from a wide range of health care interactions.  In these cases, it becomes more likely that sensitive information will be captured in some form; more so if you’re accessing a large data set. Thinking about what kind of data is and is not useful to answering your specific research question during the planning phase of your research can help you to anticipate when and how to justify the use of sensitive information. This will help you and the IRB meet the ‘Minimum Necessary’ standard of HIPAA regulations. Remember, if you have appropriate security measures in place, the IRB is unlikely to restrict the use of sensitive data, but it’s important to have the rationale documented in the protocol.

Sensitive data includes collecting information from research subjects such as:

  • Genetic test results
  • Sexual attitudes and/or activities
  • HIV/AIDS, and other sexually transmitted diseases
  • Use of alcohol, drugs, or addictive products
  • Mental health diagnosis and/or records
  • Visits designated “confidential” in HealthConnect
  • Illegal conduct, which could reasonably lead to social stigmatization, discrimination, or legal proceedings and/or, if disclosed, could have adverse consequences for subjects or damage their financial standing, employability, insurability, or reputation


You can ensure you’re familiar with how to handle sensitive data by reviewing either of our protocol templates, under Privacy, Confidentiality and Data Security. Note that we’ve recently added a new category to account for member encounters or visits designated “confidential” in HealthConnect. As always, if you have any questions about the use of sensitive data in research, contact your friendly neighborhood IRB Coordinator.

Policy Updates

NWRC.RIM.01 – Research Integrity and Ethics.  Revisions were made to bring definitions and other regulatory and policy references up to date, to remove duplication with other documents, and to make minor clarifications to the policy.

IRB Tips and New Information

De-identified Data and Sharing

Research Compliance is revising the Data Privacy and Security for Research Policy, NWRC.PRIV.04, to clarify that agreements will be required for the sharing of de-identified data, if not covered in a contract. The information on data sharing should be in the Scope of Work (or equivalent), so you shouldn’t have to search through the legalese to determine whether it is covered. The vast majority of contracts will have information on how the data will be protected. So, if you have a contract in place with the data recipient, you should not need an additional agreement.

We will announce when the revised policy is approved by the Research Compliance Committee. We have also updated the Table: Privacy Rule Documentation for Research and will post it when the revised policy is posted. If you have any questions, feel free to contact the Research Compliance team at

Mark Mac’s Contest Corner

How do we distinguish between confidentiality and anonymity?

  1. Data collection can be described as anonymous if you do not know who has taken part in your study.
  2. Confidentiality can be promised in circumstances when you know who has taken part in your study, but you do not divulge this information to other people.
  3. Both A and B.
  4. Neither A nor B.

Send your answer to All correct answers will be entered into a random drawing win a pair of beaded earrings. Hand crafted by our own Myndi Bodayla, they’re made with glass beads, sterling silver ear wires and love.