BOX 5.2 Institutional Review Boards
The Institutional Review Board (IRB) system and process rests on two sets of federal regulation. The first requires that any conduct of research on human subjects by agencies of the U.S. government or supported by the U.S. government must receive IRB approval before proceeding; the underlying model is that of government- supported biomedical subjects. Second, the Food and Drug Administration requires research involving human subjects and new drugs or devices to be approved by an IRB. Regulations require IRBs to have at least five members, one of whom is from outside the institution. IRBs review the benefits and risks to subjects of proposed research and the importance of knowledge that may be reasonably expected to follow, and examine the process by which investigators explain relevant issues in order to obtain informed consent from the subjects.
SOURCES: Rosnow, Ralph L., Mary Jane Rotheram-Borus, Stephen J. Ceci, Peter D. Blanck, and Gerald P. Koocher. 1993. "The Institutional Review Board as a Mirror of Scientific and Ethical Standards," American Psychologist 48(7):821-826. See also Edgar, Harold, and David J. Rothman. 1995. "The Institutional Review Board and Beyond: Future Challenges to the Ethics of Human Experimentation," Milbank Quarterly 73:489-506.
reviewed published research articles to detect possible violations of the organization's policy.
Defining the circumstances under which health information may be released and to whom is a first step in ensuring that patient privacy is not violated by inappropriate disclosure. Common elements of policies on release of health information include defining (1) who is authorized to release information, (2) who is authorized to receive information and under what conditions, (3) the form and scope of information that may be released, and (4) the circumstances under which additional patient consent is required.
Organizations may track releases of patient information by retaining in the permanent health record the signed authorization form (when one is required), records of what information was released, the date of release, to whom it was released, and the signature of the employee who released the information. This record keeping creates an audit trail if unauthorized disclosure is suspected.