IRB

Institutional Review Board (IRB) Approval

The are two IRB approvals required to conduct MPOG research. The first is a centralized "umbrella" IRB that enables the collection of a limited clinical dataset (date of service is included) from multiple institutions to be stored in the MPOG data repository. It establishes the University of Michigan as a coordinating center. It also allows research queries of that database to be conducted on these limited dataset. This IRB does NOT need to be reproduced or established at each contributing center. As additional centers or data types are added to the MPOG effort, this centralized "umbrella" IRB will require incremental addenda.

Second, each institution (including the coordinating center) will be required to receive approval from their own IRB to send their institution's limited clinical dataset to the MPOG repository. This is known as a "performance site" IRB approval. The University of Michigan’s performance site IRB is provided here as an example. This IRB can be used as a model for your institution-specific "performance site" IRB application. Plese click on the following links for the University of Michigan's Participating Site and Coordinating Site IRB approval letters: Performance Site Approval Letter and Coordinating Site Approval Letter.

If you have any questions about the IRB process, do not hesitate to contact Tory LaccaSachin Kheterpal or Amy Shanks. We can also put you in contact with the IRB leadership here at University of Michigan to assist your IRB in assessment of the application. The IRB application was approved at University of Michigan with a waiver of consent and no modifications necessary to the surgical consent. All patients may be included in the data extract, without the need to create an opt-out capability. The presentation that was used as part of the approval process is listed here.

Legal Matters

There are legal protections for clinical research data in the state of Michigan. These protections allow clinical data from multiple sites throughout the world to be stored in a data repository in Michigan, and to be protected from the Freedom of Information Act (FOIA).

HIPAA

A HIPAA waiver of consent is also assumed as part of the MPOG initiative. No patient identifiers are extracted as part of the data aggregation process. Because date of surgery is being extracted, the date of surgery is considered a limited data set and a data use agreement between MPOG and each participating research center will need to be established. For reference, we have also included a list of protected health information (PHI) elements, as defined by HIPAA. Some health centers have created their own list of PHI.

PHI in Datasets

What is PHI?

Limited Dataset

De-Identified Dataset
(No Patient Identifiers)

Name, medical record & social security number

Remove

Remove

Addresses: 
- Any geographical other than state

Remove postal address info
(city, town, state, zip are ok)

Remove
(state ok)

Dates: 
- DOB
- Date of service/surgery/admission
- Date of Visit

May be included

Remove

Contact information: 
- Telephone/fax numbers
- Zip code 
- Email addresses
- Web URLs
- IP addresses

Remove

Remove

Various numbers: 
- SSN
- Medical record numbers 
- Insurance numbers

Remove

Remove

Device identifiers

Remove

Remove

Biometric identifiers  
- (eg, fingerprints, voice prints)

Remove

Remove

Photographs

Remove

Remove