IRB Efficiency Initiative-April 2024 Roll Out

AAHRPP Accreditation Review-Organization, Part Two

Research Data Security Review

Consent Tools Available for Clinical Research Professionals

In the News

IRB Efficiency Initiative – April 2024 Roll Out

By Kelly O’Berry, BS, CIP

Beginning April 1, 2024, Human Subjects Office staff are now setting a meeting date goal for New Project forms. This change will foster teamwork among parties involved with the IRB review process and allow reviews to happen concurrently. Recordings and resources for the April 2024 IRB Efficiency Initiative roll out are now available (see Resources section below).

Meeting Date Goal 

To support our effort to achieve a median goal of 45 calendar days for IRB approval, Human Subjects Office (HSO) staff will set a meeting date goal for New Project forms at the beginning of the staff review process. This will happen after completion of the prescreening process for biomedical research (IRB-01), social/behavioral research (IRB-02) and research conducted at the VA health Care System (IRB-03).  

Establishing a meeting date goal will: 

  • Promote transparency in the IRB review process. 
  • Foster teamwork among all parties involved with the IRB review process (Human Subjects Office Staff, the IRB, the Principal Investigator, HawkIRB Delegates, and Human Research Protection Program Committees). 
  • Allow concurrent reviews to begin at the same time, further in advance. 
  • Increase the time for IRB member Primary Reviewers to review assigned materials and submit documents before the IRB meeting. 
  • Give the Principal Investigator more time to address questions/concerns from the Primary Reviewer or IRB prior to the meeting. 

The Due Date 

The HSO will notify the PI and HawkIRB Delegate(s) of the IRB meeting date goal and the due date for completing all required actions to keep that meeting date. The due date is 12 calendar days before the meeting date goal. All requested actions identified in HawkIRB workflow must be complete by 8 a.m. on that date. If the due date falls on a weekend or holiday, the requested actions must be completed by 8 a.m. the next business day.   

The IRB may ask follow-up questions via workflow following initial submissions by the PI or Delegate. The PI or Delegate will need to address any follow-up questions by the due date to keep the meeting date goal. 


The HSO will communicate the meeting date goal and due date for completing required actions in the following ways: 

  1. Automated email from HawkIRB - Sent to the PI, HawkIRB Delegates for that project, and the HRPP Committees involved in the review.  
    [NOTE: Until the next IRB Efficiency Initiative rollout separating IRB review from other committee review, the following committees must approve by the due date to keep the meeting date goal: Conflict of Interest in Research, Research Billing Compliance and the Protocol Review and Monitoring Committee (PRMC) in the Holden Comprehensive Cancer Center.]
  2. The PI’s inbox - When the form is routed back, the PI can see the agenda date to the left of the link to open the Workflow page. 
  3. Project Summary Page - The meeting date goal will show where it always appears when a form is scheduled to a meeting (History Section, Agenda Date column). 
  4. Workflow page - A red banner at the top of the page with the meeting date goal and the due date. 
  5. Workflow messages – In every round of workflow there will be a template workflow message with the meeting date goal, due date and a reminder about the three HRPP Committees that must approve by the due date. 

HawkIRB also sends an automated email if the form is removed from the meeting agenda due to missing the due date, loss of quorum or loss of board member expertise at the meeting.  


Respond to workflow questions as quickly as possible. Do not wait until the due date to submit your response(s). It is possible there may be additional questions to address by the due date. 


The following resources are available on the IRB Efficiency Initiative website: 

You can also find these recordings plus the following documents in the IRB ICON Course for Researchers (under IRB Efficiency Initiative-Recordings and Documents):  

  • March 27 Information Session slides  
  • Supplemental document about setting a meeting date goal 

AAHRPP Accreditation Review – Organization, Part Two

By Emily Shultz, CIP
This is the second article in a series about AAHRPP accreditation.

The Human Subjects Office (HSO) takes the lead in submitting the application for the Association for the Accreditation of Human Research Protection Programs (AAHRPP) accreditation. The application and supporting documents demonstrate that all aspects of the Human Research Protection Program (HRPP) at the University of Iowa are following and supporting the relevant policies and procedures.

In last month’s article, we introduced the three domains of the AAHRP accreditation review. 

  1. The organization 
  2. The institutional review board or ethics committee 
  3. Researchers and research staff members 

The focus of the Organization aspect of the accreditation process is on “the institutional organization and how it is structured to support and meet the obligations of the Human Research Protection Program (HRPP).” Under the Organization domain, there are nine separate Standards that address the various Elements that “demonstrate that the human research protection program is systematic and comprehensive, and that it provides protections for all research participants.” 

Last month’s article covered Standard I-1. The remaining eight Standards under this Domain are:   

STANDARD I-2: The organization ensures that the Human Research Protection Program has resources sufficient to protect the rights and welfare of research participants for the research activities that the organization conducts or oversees. 

STANDARD I-3: The organization’s transnational research activities are consistent with the ethical principles set forth in its Human Research Protection Program and meet equivalent levels of participant protection as research conducted in the organization’s principal location while complying with local laws and taking into account cultural context. 

STANDARD I-4: The organization responds to the concerns of research participants.  

STANDARD I-5: The organization measures and improves, when necessary, compliance with organizational policies and procedures and applicable laws, regulations, codes, and guidance. The organization also measures and improves, when necessary, the quality, effectiveness, and efficiency of the Human Research Protection Program.  

STANDARD I-6: The organization has and follows written policies and procedures to ensure that research is conducted so that financial conflicts of interest are identified, managed, and minimized or eliminated.  

STANDARD I-7: The organization has and follows written policies and procedures to ensure that the use of any investigational or unlicensed test article complies with all applicable legal and regulatory requirements.   

STANDARD I-8: The organization works with public, industry, and private sponsors to apply the requirements of the Human Research Protection Program to all participants. 

STANDARD I-9: The organization has written policies and procedures to ensure that, when sharing oversight of research with another organization, the rights and welfare of research participants are protected.  

For purposes of brevity, this article will focus on only two of these Standards.  

STANDARD I-4: Responding to the concerns of research participants  

The ability to receive and respond to concerns and questions from research participants is central to any human research protection program.  An organization should provide a contact, unaffiliated with any specific research project, that a participant may reach out to to get information, voice a concern, or provide feedback. 

At the University of Iowa, participants can reach someone with research-related questions or concerns via the HSO website or the informed consent document. The HSO website provides contact information in two places: Info for the Public & Research Subjects and  Reporting a Human Subjects Research related Concern 

AAHRPP Info for Public Screenshot
AAHRPP Reporting a concern screenshot

The informed consent document contains the HSO contact information (address, phone number and email) and a link to the HSO website Info for the Public & Research Subjects section.  

In addition to providing avenues for participants to reach us with questions or concerns, the IRB Education and Outreach team has participated in public events that provide information about research in general and about being a research participant.  

STANDARD I-5: Measuring and Improving Compliance 

Under this standard, there are two components to ensure compliance: first, the HRPP measures and makes improvements to general organizational compliance with policies and procedures; and second, the HRPP itself must also be measured and make improvements to the quality, effectiveness, and efficiency of the HRPP.   

One of the main reasons an organization seeks AAHRPP accreditation is to have an outside, objective measures of its human research protections, it might be said that this standard is at the heart of the Organization section of the AAHRPP accreditation process. 

Standard I-5 is made up of four separate Elements. The first three address having: 

  • A quality improvement plan that periodically assesses compliance of the HRPP 
  • Goals for achieving targeted levels of quality, efficiency, and effectiveness of the HRPP 
  • Policies and procedures that describe the process for researchers and research staff to obtain answers to questions, express concerns, and convey suggestions regarding the HRPP. 

The fourth Element has specific regulatory citations, and is focused on policies and procedures that:  

  • define non-compliance  
  • ensure participant safety when non-compliance occurs, and 
  • non-compliance is reported, when appropriate. 

The noncompliance review process is outlined in the UI Researcher Guide under sections: 

  • Section I, Part 9.C.ii Noncompliance Investigations and Actions 
  • Section II, Part Noncompliance 

The supporting documents provided by the University of Iowa HRPP for this Standard I-5 include: 

In our next installment about AAHRP Accreditation, we will focus on the next Domain: the institutional review board or ethics committee.  

The information for this article was adapted from the AAHRPP website.

Research Data Security Review

By Emily Shultz, CIP

The Information Security and Policy Office (ISPO) helps the institution and individuals at the University of Iowa avoid unauthorized access and damage, and to protect institutional assets and systems.  (Read More) The process of completing a security review at the UI is comprised of multiple components that determine both the likelihood of risk and the impact the risk would have:  

  • risk management includes being aware of the likelihood each individual product, vendor or project may pose, and   
  • assessing the impact to the network and data protections that could occur from potential breaches.  

The review includes evaluating data confidentiality and data integrity, as well as estimating the specific risk to human subjects as relates to the confidentiality of their data, including protected health information (PHI) and other identifiers, such as geolocation data. 

The teams conducting the IT Security Review and assisting with the research security plan work closely with the Human Subjects Office (HSO), the Institutional Review Board (IRB), and the Division of Sponsored Programs (DSP) to assess how technology is being used in each research study, and to evaluate whether contractual agreements related to data security are being met. 

The completion of the IT Security Review is a part of an overall research plan. Ideally, this review should occur before submission of the HawkIRB application, to avoid delays in the overall IRB review process. 

The UI Research Security Plan includes  

  • defining the risk of the research data,  
  • assessing programs being used,  
  • identifying project personnel, and  
  • documents the necessary implementation details.  

The process will evaluate the sensitivity of the data, as well as the security of the specific technologies and vendors. Additionally, the security plan may result in recommendations for complying with regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulation (GDPR). Recommendations may include plans to control research data security, through multi-factor identification, data de-identification, and/or a review of data retention plans. 

Researchers are not expected to complete the workflow for the IT Security Review by themselves. For those in the Carver College of Medicine (CCOM), staff members Shannon Manley or Heath Davis can walk through the form with investigators to help them ensure it is completed accurately. For those outside of CCOM, check with your local IT staff to see who can facilitate the review process for your college or department 

For access to the IT Security Review form and for more information about the research data security review process, visit the Security Review Frequently Asked Questions.  

This article is an overview of a presentation titled “Information Security Risk Assessment in Research” provided by Kirk Corey, of the Information and Policy Office on March 7, 2024, as a part of the Institute for Clinical and Translational Science (ICTS) Clinical Lecture Series. 

Consent Tools available for Clinical Research Professionals

Public Responsibility in Medicine and Research (PRIM&R) recently announced the new online toolkit, ConsentTools. This resource helps clinical research professionals adopt evidence informed practices for informed consent. A team of NIH-funded researchers at Washington University in St. Louis led by James DuBois, DSC, PhD, developed the toolkit as a free resource 

Recommendations featured in the toolkit include guidance for using:  

  • Plain Language - to choose simple words and phrases, avoiding technical jargon, keeping sentences and paragraphs short, and writing in the active voice. 
  • Formatting - to utilize large and easy to read fonts, using bulleted lists, and headers to improve the readability of the document.  

Tools provided include: 

  • Brief videos with examples of how to implement plain language and evidence-based formatting. 
  • An example of key information that utilizes plain language and evidence-based formatting. 

Other aspects of the consent process addressed in the toolkit include assessing participants’ understanding of consent information and working with Legally Authorized Representatives (LARs) for participants. 

For more information, visit the ConsentTools website. 

(link sends e-m

In the News, April 2024