Research Institute | Call 301-560-7300

Protecting Learners as Part of Research Protocols

By Martekuor Dodoo, MD

As an academic healthcare system, we have a large number of trainees (including students, residents and fellows) as part of our internal teams and research population. In addition, MedStar Health includes a dedicated cohort of investigators focused on research of education in healthcare and learning in clinical settings. As researchers, it is important to consider the requirements of the Common Rule and ethical guidance for the protection of research participants when designing and conducting research involving Human Subjects. Trainees may be part of a research participant population and may provide valuable data on field-specific research as learners. In order to protect trainees that are also research participants, it is important to be aware of aspects of recruitment, consent and the conduct of research that can impact study participation in additional to protections for their safety and privacy.

One concern for trainees as research participants is the potential for coercion or undue influence. Some have referred to trainees as “captive participants” that may be in a dependent or restricted relationship with a researcher. In this context, the participants ability to consent may be compromised by vulnerability to the power of the researchers if the research also serves in some supervisory capacity over the trainee. Consider the power dynamic between trainees and their program director, preceptors, attending, or professors. This dynamic could also be extended to employees that may serve as research participants if the researcher is in a supervisory role, either directly or indirectly, for the employees.

This dynamic can create unintended pressure for potential participants and may result in individuals agreeing to participate in research when they would otherwise decline consent or to continue when they would otherwise withdraw consent.  In one publication, the authors state that 10-25% of university students report feeling coerced to participate in research and 33% report they would feel coerced if asked to participate in their own professor’s research (Leentjens & Levenson, 2013). Some incentives to research participation (ex.: extra credit for course work, required course credit, promise of letters of reference or excessive research stipends) may also lead trainees to agree to research participation when they would otherwise decline.

Researchers should also consider the generalizability of research conducted with only trainees as participants. Results from these studies may not generalize to the larger population.   Even generalization within student populations may be difficult and may be influenced by incentives to participate. For example, if students receive extra credit for research participation this may serve as a self-selecting element for students with lower scores or those that need the extra credit to improve to the next grade (improve from an C to a B average).

The Common Rule does not provide special protections for students or trainees as it does for children, pregnant women or prisoners. However, it does state “The IRB should be particularly cognizant of the special problems of research that involves a category of subjects who are vulnerable to coercion or undue influence, such as children, prisoners, individuals with impaired decision-making capacity, or economically or educationally disadvantaged persons.”  While students, trainees and employees are not specifically mentioned as potentially vulnerable to coercion or undue influence in the regulations it is important to understand the dynamic that can exist between researchers and potential research participants based on relationships outside of the research context. Researchers should consider these dynamics when developing research protocols and build in protections to avoid. It is best whenever possible to avoid even the proception of coercion or undue influence in research.

Below are some recommendations for Participant Safeguards that should be considered when designing research protocols. While this is a good start for items to consider this is not an exhaustive list.

  • Ensure that students / trainees are essential to the research population, not just a convenient sample for the research team.
  • Engage multiple researchers/staff for consent process. This allows for removal of direct relationship between one professor / supervisor / mentor & students / trainees as part of the consent process.
  • Have an explicit and stated process in the protocol for voluntary/informed consent.
  • Ensure that there are explicit protections for the privacy of data. Consider what demographic information is required for the research. In small programs, it may be easy for professors to identify students / trainees based on the broadest of demographic information. Is this information necessary? If yes can some researchers be blinded to some of the data so that they are not aware of participation of individuals they supervise?
  • All research involving human subjects must have IRB approval

Please contact the MedStar Health Research Institute, Office of Research Integrity for additional guidance.




Leentjens, A. F. G., & Levenson, J. L. (2013). Ethical issues concerning the recruitment of university students as research subjects. Journal of Psychosomatic Research, 75(4), 394–398.


A HIPAA Refresher for Research

What is HIPAA?

The Health Insurance Portability and Accountability Act (“HIPAA”) governs how healthcare data is shared, both in terms of research and in medical care.  It has several components, which govern specific situations.

  • Security Rule (45 CFR Part 164): Safeguards to ensure confidentiality, integrity, availability of electronic PHI
  • HITECH: Debuted “Breach Notification Rule,” increased penalties for non-compliance
  • HHS Omnibus Rule: Extended regulations directly to business associates, required subcontractor compliance
  • Breach Notification Rule: Sets rules for notification to HHS and to individuals in the event of breach

Who does HIPAA apply to?

Health Plans (i.e., insurers), Clearinghouses (“billing services”), and Health Care Providers, including hospitals are considered covered entities for HIPAA. This means that they are required to follow the rules and regulations of HIPAA.

In addition, HIPAA can apply to business associates. Business associates are considered persons that create, receive, maintain, or transmit protected health information on behalf of a covered entity or another business associate. The role of business associates is to support the ability of a covered entity to execute on its ability to provided healthcare, and their access to health information is limited to what is necessary to support that work. This work can include payments/healthcare operations activities, claims processing, utilization review, quality assurance, and data analysis/aggregation. HIPAA does not consider research to be a business associate function.

HIPAA Privacy Rule

Protected Health Information is defined as “individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral communication”. This data can be in the context of an individual’s past, present, or future physical or mental health condition; or provision of health care to the individual; or past, present or future payment for providing health care to the individual. It contains enough detail that there is a reasonable basis to believe that the information can be used to identify the individual.

Under HIPAA, a covered entity may not use of disclose protected heath information, except as the privacy rule permits or requires, or the individual whose protected health information it is provides written authorization.

There are specific instances where disclosure is permitted without authorization, but those are limited to:

  • To the individual
  • Treatment, Payment, Healthcare Operation
  • Public Interest and Benefit Activities (which includes research with waiver)
  • Limited Data Set (with a Data Use Agreement)

Use and Disclosure of Protected Health Information for Research

With authorization (i.e., HIPAA Authorization embedded into or separate from the Informed Consent Form), protected heath information can be used for research purposes.

If the research team does not seek authorization from individuals, protected heath information can be accessed through the following processes:

  • Documented IRB/Privacy Board Approval of an alteration or waiver of the requirement to obtain an individual’s authorization.
  • Representations from researcher that use or disclosure of PHI is solely for a purpose preparatory to research (i.e., preparing a protocol)
  • PHI of Decedents
  • Limited Data Set

De-identified data is not considered protected heath information and not regulated by the Privacy Rule.


If you have questions specific to your research, please contact our Office of Research Integrity at [email protected]. If you have questions regarding data use agreements, business associates, or other contract vehicles for research, contact our Office of Contracts and Grants Management at [email protected].

Vulnerable Populations in Research: A CFR Refresher for Investigators

When conducting research, some populations of research participants require special considerations. The Code of Federal Regulations (CFR 45 part 46) Protection of Human Subjects includes Subparts B, C and D, that describe special protections and criteria for inclusion of pregnant women, prisoners and children. These protections are meant to safeguard of rights, welfare, and safety of these participants but does not mean they should automatically be excluded from research.

Pregnant women, human fetuses, and neonates (Subparts B): Because research may pose additional and/or unknown risks to pregnant women, human fetuses and neonates, the regulations require additional safeguards in research. It is important to include pregnant women in research, as their exclusion from research creates a wider gap in understanding and knowledge.

Prisoners (Subparts C): Because prisoners may not be free to make a truly voluntary and uncoerced decision regarding research participation, the regulations require additional safeguards for the protection of prisoners. For example: In order for an IRB to approve research involving prisoners the membership of the Board must include one or more prisoner representatives and that representative must be involved in the review of the research.

Children (Subparts D): The CFR defines children as “persons who have not attained the legal age for consent to treatments or procedures involved in the research, under the applicable law of the jurisdiction in which the research will be conducted.” It is important to include, where appropriate, children as part of a research study. Children of all ages present different disease manifestations than adults, have different pharmacokinetics/ pharmacodynamics than adults and have a different psychology/psychiatry as part of their developing brain.
While the populations afforded special protections have traditionally been labeled “vulnerable” it should be noted that they are not specifically defined as such in Sub Parts B, C and D. The common rule does not define the term “vulnerable population”. The existence of additional protections should not specifically discourage inclusion of these populations in research. Rather, the protections are intended to guide the inclusion of these populations in such a way as to protect the rights and welfare of the individuals.

Although the regulation does not define the term vulnerable they do provide examples of research subjects “that are likely to be vulnerable to coercion or undue influence.” This is different from the special populations traditionally referred to as “vulnerable populations” description of sub parts B, C, and D. While children and prisoners are included in the current list of examples, pregnant women are no longer included as of the 2018 Revised Common Rule. The types of study populations that are likely to be vulnerable to coercion or undue influence may including but are not necessarily limited to:

• Children/minors
• Prisoners
• Employees
• Military persons and students/trainees in hierarchical organizations
• Terminally ill, comatose, physically and intellectually challenged individuals
• Institutionalized, elderly individuals
• Ethnic minorities
• Refugees
• Economically and educationally disadvantaged

When some or all participants are likely to be vulnerable to coercion or undue influence the regulations mandated that the IRB ensure “…additional safeguards have been included in the study to protect the rights and welfare of subjects.”

As previously noted, there has been an historical categorization of pregnant women and women of reproductive potential as a “vulnerable population.” While Sub Part B of the Common Rule describes special protections for pregnant women there is nothing about pregnancy, in and of itself, that renders a woman susceptible to coercion or undue influence. This categorization typically results in a tendency to exclude women, particularly pregnant women, from research. This exclusion may be intended to protect women from potential risk or may be done out of a misunderstanding of the special protection’s provision. Rather than serving to protect women from risk this broad exclusion of women from research has had a detrimental impact. Instead of shielding women and their fetuses from adverse effects, exclusion from clinical research in which they may be able to safely participate has served to limit understanding of pharmacokinetic and pharmacodynamic differences in women’s responses to treatment. Without scientific evidence this has drove the medical community to make potentially faulty assumptions about safety and efficacy of therapeutics when used with pregnant women.

While it is important to protect human subjects in research from coercion, undue influence and unjustified risks, it is equally important to ensure equitable selection of research subjects. This includes (but is not limited to) the inclusion of pregnant women and women of reproductive potential in research. Broad exclusion of any population, absent regulatory restriction or legitimate safety concerns, can serve to create a knowledge gap around the appropriate treatment modalities, appropriate dosing and the potential need to modify treatment modalities for some populations.

The table below includes the populations used as exemplars in the common rule for subjects that “…likely to be vulnerable to coercion or undue influence…” The table includes a notation for those included as examples in the pre-2018 Common Rule (Former Common Rule) and those now listed in the 2018 Revised Common Rule.

If you have any questions or concerns, please contact MHRI’s Office of Research Integrity Director, Jim Boscoe, at [email protected].

MedStar Health Policy and Procedure Updates

MedStar Health regularly updates, revises and creates new policies and procedures for the operational efficiency of the organization.

Please be advised, the following policies and procedures are now in effect.

Effort Commitment and Certification

The Effort Commitment and Certification policy was updated to incorporate changes mandated in the Uniform Guidance to match MHRI Office of Contract & Grants processes in our current accounting system, and to provide a tool for collecting effort information for those staff employed by MedStar but external to MHRI.

There are no substantial changes to our business practices. However, one change does close the loop on a known audit gap regarding the reconciliation of the committed effort and the actual effort expending on a federal award or any award that invokes the federal regulations regarding effort commitment.

Government Inquiries

These policies have been updated as part of the three year periodic review.

Emergency Response Management

It is recommended by MedStar Health ER One Institute that ERM policies are reviewed annually. During the annual review, we work with ER One and they inform us of any MedStar Health changes. In addition, we confirm all contact information (e.g., telephone numbers) are still accurate.

Any questions regarding the new policy and procedure should be directed to [email protected].

MedStar Health Policy and Procedure Updates

MedStar Health regularly updates, revises and creates new policies for the operational efficiency of the organization.

A new policy and associated procedure related to the application of Uniform Guidance or Federal Acquisition Regulations to grants and contracts awarded to MedStar Health Research Institute. The Research Institute Office of Contracts and Grants Management has been following the appropriate federal regulations; this policy brings the Research Institutes official policy in line with regulations.

The new procedure closes the gap between billing and payment for contracts and grants to ensure that accounting practices are in line with regulations. 

Please be advised, the following policies and procedures are now in effect.
OCG.O-004.01 Cash Management
OCG.O-004 Uniform Guidance and FAR

Any questions regarding the new policy and procedure should be directed to [email protected].

Exempt Human Subjects Research: Pathway to Approval

Oftentimes, there is confusion surrounding with Exempt research and the requirements for IRB or institutional review. This is perfectly understandable, particularly given that the Common Rule has been revised in recent years and more research involving human subjects may fall into an exempt category.

Although federal regulations do not require IRB review of exempt research, federal agencies have issued guidance recommending that exempt determinations should be made by an individual that is not otherwise affiliated with the research. In other words, institutions should not permit study investigators to make exempt determination for their own projects.

To ensure that exempt determinations are issued by individuals that are not directly involved with the research, MedStar Health Research Institute policy states that exempt determinations must be made by either an IRB member or qualified / trained / designated members of the ORI staff.

In order to make these determinations, a formal submission is required through the Huron system. As with all other Human Subjects Research projects the formal determination must be issued before any research activities may begin.

If you have any questions regarding this process, please contact MHRI’s ORI Director, Jim Boscoe, at [email protected].

Sorting out Single IRB Review: What Investigators Need to Know at MHRI

In recent years, there has been an increasing trend toward the use of a single IRB (sIRB) review for multi-site HSR projects funded through other sources.  Specifically, many commercial sponsors prefer single IRB review for their multi-site projects.

The revised common rule includes a requirement for single IRB review of most federally funded multi-site non-exempt human subjects research projects. Initially, the Office of Human Research Protections (OHRP) indicated that compliance with this common rule requirement was required starting on January 20, 2020. Later, OHRP clarified that although sIRB review is required for all federally funded multi-site non-exempt HSR projects, the agency has granted an exemption for all projects approved prior to January 20, 2020. This eliminates the need to transition currently approve projects from review by multiple IRBs to sIRB review.

For all future federally funded projects, it is strongly suggested that investigators include IRB review fees in the budget for their grant proposals. In most cases it is assumed that sIRB review will be conducted by a commercial IRB (such as WIRB or Advarra) or a larger academic/medical institution IRB. In some limited cases, the MHRI IRB may agree to serve as the IRB of record for a multi-site HSR project but this will not be the norm.

In all cases (regardless of funding) for which a MedStar investigator intends to request the MHRI IRB serve as the IRB of record, they must submit a request to the ORI office. The request must be submitted before the investigator commits the MHRI IRB to the responsibility of serving as IRB of record for other sites and before discussing reliance with any outside institution. The request should include a copy of the research protocol, an indication of the source of funding (if any), a list of all sites that may be engaged in the project, and the scope of involvement for each site. The ORI Director will evaluate the request and in consultation with the Institutional Official determine if the request will be approved or should be declined.

This process is similar to that for investigators requesting reliance on an external IRB. When an investigator would like to rely on an external IRB for review of their non-exempt HSR project, a request to cede review must be submitted to ORI in advance. In the case of the commercial IRBs for which there is a master reliance agreement (currently WIRB and Advarra), the investigator may simply submit an external IRB application through the Huron system. For other IRBs, a reliance agreement must be executed for each individual project. In the event that MedStar has not previously had an agreement with the intended external IRB, a request should be submitted to the ORI by email. The ORI Director will evaluate the request and in consultation with the Institutional Official determine if the request may be approved or should be declined. If approved the organization will be added to the Huron system and the investigator may submit the external IRB application for the project.

Please note that in most cases request for reliance involving exempt HSR projects will not be approved. Generally speaking, it is more efficient for these projects to be reviewed individually by each institution and most institutions have not been willing to enter into a reliance agreement for these projects.

In all cases, requests for reliance (either for the MHRI IRB to serve as the IRB of record or for MedStar to rely on an external IRB) will be considered with regard to the need for reliance, the feasibility of the arraignment and nature of the project. Ultimately the determination of reliance is left to the discretion of the ORI Director and the Institutional Official.

If you have any questions regarding this process, please contact MHRI’s ORI Director, Jim Boscoe, at [email protected].

Research Billing Compliance at MedStar Health

Research compliance encompasses a wide variety of issues including research billing. Billing compliance ensures all services in a trial are paid for by helping to reduce double billing and preventing billing for services that are not covered by the trial or are not medically necessary for the research subject. Accurate billing in research is a complex and challenging process that requires a diverse group of professionals across MedStar Health to work cohesively and collaboratively with one another. We at the Research Institute seek to ensure that we have an efficient and compliant approach to billing compliance.

The research coordinators have the most critical step in the clinical research revenue cycle process. Research subject visit tracking directly drives financial management and compliance. This is the first line of defense against erroneous billing. Subject visits must be logged in OnCore within one business day to ensure timely review by the MHRI revenue cycle team for MedStar Health to maintain compliance with the Centers for Medicare and Medicaid Services (CMS) Clinical Trial Policy.

MHRI strives for efficient, compliant and transparent research billing by providing monthly metrics and encourages internal audits. In FY20, MedStar Health completed two internal research billing compliance audits which were favorable. In addition, Research Operations provides monthly metrics showing corrections made to a subject’s account before a bill is automatically sent to Medicare or a commercial payor. 

Thank you to the research coordinators and the Research Institute research revenue cycle team for all the hard work you put in daily! Know that it is recognized and greatly appreciated.

If you have any questions about research billing compliance or the process within OnCore, please contact [email protected].

Conflict of Interest Questionnaire for MedStar Health Researchers Joins with Georgetown

As of July 1, 2020, a single COI platform is available to all Researchers employed by MedStar Health (to include those located at MedStar Georgetown University Hospital (“MGUH”) or elsewhere on the Georgetown University campus). With the launch of a single COI platform for MedStar Health employed Researchers, the need for separate submissions through a MedStar Health platform and a Georgetown University platform will be eliminated. Both Georgetown University and MedStar Health have agreed to use the MedStar Health COI Platform for MedStar Health employed Researchers. The Questionnaire will be accessible to Researchers to submit disclosures throughout the entire fiscal year (July 1st – June 30th).

The COI-Smart platform will meet both organizations’ research COI reporting requirements. This new process will eliminate the Georgetown University COI disclosure for those Researchers who formerly completed a MedStar Health COI questionnaire and a Georgetown University questionnaire. MedStar Health and Georgetown University COI reviewers will have access to the information reported, will review transactions and implement a consolidated research management plan.

At the onset of a new study routing through MedStar Health/MedStar Health Research Institute or Georgetown University, in accordance with current practices, Researchers must update their COI questionnaire or verify that it is up-to-date. You will access the COI system in the same manner that you have in the past. If you held a research role at MedStar in fiscal year 2020 (FY20), you may have already entered data into the COISmart system during the fiscal year. If you have completed the questionnaire as a researcher during FY20, a link to the conflict of interest disclosure should have been sent to you.

MedStar Health policies require that all individuals engaged in the conduct of research complete the annual conflict of interest disclosure. The annual research conflicts of interest disclosure process is designed to manage financial and nonfinancial research interests. 

MGUH Researchers may contact Mary Schmiedel at [email protected] to establish a COI-Smart COI account. If you have any questions on the COI-Smart application, please contact Carol Mason at [email protected] or 410-772-6607 or Lauren Brummell at [email protected] or 410-772-6578.

Conflict of Interest Questionnaire for MedStar Health Researchers

MedStar Health policies require that all individuals engaged in the conduct of research complete the annual conflict of interest disclosure. The annual research conflicts of interest disclosure process is designed to manage financial and nonfinancial research interests. As you probably know, MedStar Health Research Institute is required to manage conflicts of interests as a condition of receiving federal funding for research.

If you held a research role at MedStar in fiscal year 2020 (FY20), you may have already entered data into the COISmart system during the fiscal year. If you have completed the questionnaire as a researcher during FY20, a link to the conflict of interest disclosure will be sent to you in July. You will be required to ensure that the disclosure on file for FY20 accurately reflects any external relationships you have for the entire fiscal year. When you receive that email in July, please follow the link in that email to certify your previous disclosure if it already reflects all external relationships you have had during FY20. Use the “revision” links in the questionnaire to update your answers if necessary and resubmit the questionnaire to ensure that it accurately reflects a full fiscal year of reporting (July 1, 2019, through June 30, 2020).  As a researcher, the FY 2021 questionnaire is also available for you to complete between July 1, 2020, and June 30, 2021.

If you have any questions about the conflict of interest policy or accessing the COISmart system to make disclosures, contact Christine Kyak, Entity Compliance Officer at (202) 510-6876 or [email protected].