Administrators Supporting Research

The lead Principal Investigator (PI) has ultimate responsibility for the research design and implementation for all aspects of the research project. This includes:

• Initial study design, IRB application completion; 
• Recruitment and consent of participants; 
• Implementation of intervention or interaction; 
• Determining data access needs; and 
• Study closure. 
• Ensuring all research team members are trained on the research protocol itself and have completed relevant ancillary training requirements such as human subjects research training, data management training, blood borne pathogens, HIPAA, etc. 
• Ensuring consistent and clear communication among the research team regarding the IRB study protocol and participant needs.
• Providing necessary information to research administrators assisting the Lead PI with agreements such as a Data Use Agreement (DUA), Memorandum of Understanding (MOU), or Subaward where IRB related information may need to be provided. Subsequently providing the IRB office with relevant terms that need to be addressed in the IRB application. 
• Ensuring that all research team members are in compliance with REG 01.25.01 – Conflicts of Interest and Conflicts of Commitment (opens in a new window), including having an updated COI disclosure on file, if required. 
• If Lead PI delegates any of these duties to others, they retain responsibility to ensure they are completed  

The Co-PI is responsible for any of the delegated responsibilities of the Lead PI. 

The student PIs Advisor/Chair is responsible for the following: 

• The student PI’s Advisor/Chair is ultimately responsible for all aspects of the student PI’s project as the student is considered learning throughout the process. 
• Though the student may complete an IRB application, the student PI’s Advisor/Chair must meticulously review the application before the student PI’s Advisor/Chair submits the IRB application themselves. The student cannot submit the application themselves. 
• The student PI’s Advisor/Chair is expected to work with their student on the research question, study design, and IRB application and submission. Once an IRB protocol is approved, it is expected that student PI’s Advisor/Chair provide intentional guidance and support to the student PI throughout the life of the project including data collection, implementation of intervention or interaction, or access and analysis of identifiable or re-identifiable data. 

The IRB’s scope of authority and responsibility includes: 

• The IRB Office staff receive a completed IRB application and review the application for completeness, consistency, and regulatory and ethical requirements. 
• The IRB office staff provides detailed feedback to researchers in order to ensure that their protocol is ethical and compliant with the federal, state, and university level regulations. Once the application is approvable, the IRB office staff processes that approval. 
• The IRB does not design a student’s research and they do not advise students in the capacity of research design as a whole. We only discuss regulatory requirements and ethical practices as related to the participants. 

Research Administrators scope of authority and responsibilities may include: 

• Asking to review the study protocol and materials if assisting with the project 
• Assisting the PI in the coordinating the review process (PINS/RED) for any required agreements related to an IRB protocol
• If it’s within the scope of the administrator’s authority (such as a data steward or their delegate), releasing data to researchers in accordance with normal practices. In doing this, research admins can ask to review the approved IRB protocol and Informed Consent information. 
• Processing any compensation provided to participants in accordance with Fiscal Compliance requirements. 
• Completing necessary training for themselves should they be considered “engaged” in the human subjects’ research protocol due to their involvement with recruitment and consent of participants; implementation of intervention, interaction, or manipulation of a participant’s environment, or handling of identifiable or re-identifiable data, this does not include data stewards or their delegates who release data to researchers. 
• Asking the IRB questions with the Lead PI and Co-PIs copied on the email. Note: if the question is about the rights and welfare of the participants or about ethical issues in the study, please do contact the IRB office via phone or email privately.  

Unless considered a research team member on the IRB protocol, Research Administrators should not:

• Complete the IRB application on behalf of the Lead PI, Co-PI, or other research team members. 
• Complete any required training activities on behalf of the Lead PI, Co-PI, or other research team members. Administrators supporting researchers should not complete the required training for anyone other than themselves. 
• Make any changes to IRB approved documents.
• Handle identifiable data unless approved to do so on the approved IRB protocol. 
• Participate in the consent or research intervention/interaction processes unless approved to do so on the approved IRB protocol. 

IRB approval is needed for all projects completed by NC State University faculty, staff or students where the project meets the definition for “research” and “human subject” as defined by the regulation 45.CFR.46. On the homepage for the NC State University IRB website, there is a description of the  “Lifecycle” of an IRB protocol. You can find details on definitions and scope of IRB authority on “Step 1: Determining if IRB Approval is Required” 

All NC State University faculty, staff or students completing research with human subjects must also complete human subjects training and provide proof of that completion to the IRB before an IRB protocol can be completed. Anyone recruiting and consenting, implementing an intervention with, interacting with, manipulating the environment of, or accessing identifiable/re-identifiable private data about humans, must complete the required human subjects training. 

Researchers apply for IRB approval through the electronic system called the eIRB system. You can find details on how to apply for IRB approval on the IRB “Lifecycle” in the section “Step 2: Preparing and Submitting an Application”

The NC State IRB office will have given the researcher access to clinicaltrials.gov when their study was initially approved. That login information should be used to input information into PRS, the clinicaltrials.gov database.  login info. The IRB office has no authority or access to assist with entering information into this system. Please review the NC State Clinical Trials SOP and refer to Appendix B and E. For details on using the PRS system itself, please refer to the PRS Guided Tutorial.  

Yes, DoD funded human subjects research requires the researcher to complete additional steps before, during, and after IRB approval with the NC State University’s IRB. Please review the NC State IRB SOP for DoD Supported Research. The main requirements include provision of a Scientific Merit Review with the Initial IRB application and a secondary review called “HRPO” review once NC State IRB approval is granted. The HRPO review is facilitated by the researcher with their DoD Agency.

For details regarding the additional obligations that are required for DoD sponsored research, please review the content from the IRB “Lifecycle” in the section “Step 4: Responsibilities After Approval”

IRB Approval through NC State university is required when an NC State University faculty member, staff member, or student is both acting within the scope of their position and acting on behalf of the University to complete the human subjects research. When a researcher needs IRB approval for a project and they are not working within the scope of their position at NC State University, then the NC State IRB office cannot review and approve their project. Please review the IRB “Lifecycle” in the section “Step 1: Determining if IRB Approval is Required” under “Is IRB Approval Through NC State University Needed?” For information about IRB’s that may be able to help the researcher, please review the “Office of Research Commercialization” website to identify External IRBs. 

If the researcher acting out of the scope of their role at NC State is completing human subjects research with an NC State researcher completing the project within the scope of their role at NC State, then the NC State IRB may be able to review and approve the project with a formal agreement in place. Please review NC State University’s IRB “Cooperative Research” website and review the criteria related to an “Individual Investigator Agreement.” 

This is a great opportunity for collaboration. Familiarize yourself with the NC State University’s IRB “Cooperative Research” website and refer the researcher to the site to start there. Additionally, should the research collaboration lead to a research project that will include the research procedures taking place at “multiple sites,” please refer the researcher to the guidance for Multi-Site Research. 

• REG 10.10.03 – Human Subjects Research
• REG 01.25.09 – Privacy/Confidentiality, Release and Security of Protected Health Information
• REG 01.25.17 – Surveys of NC State Students, Alumni, Faculty, Staff and/or Administrators
• REG 01.25.18 – Programs that Involve the Participation of Minors 
• RUL 08.00.18 – Endpoint Protection Standard 
• Principal Investigator Eligibility and Standing

A “Data Access and Security” plan is a formal plan that individuals who are completing human subjects research, make in conjunction with an NC State University “Security and Compliance” representative. This plan is IRB protocol specific and only required for human subject research protocols that access or generate highly sensitive (red) data or ultra sensitive (purple) data as defined by NC State University’s OIT, the IRB office, and in some cases by contract from entities releasing data to NC State University. For ease of reference, the IRB defines “red” and “purple” data below:

Ultra-sensitive or Purple Data

Ultra-sensitive data includes data where unauthorized disclosure or loss poses the highest risk or impact to the human subjects, university, or its affiliates or where specific data categories require special privileged access management. Examples include data where unauthorized disclosure or loss poses the highest risk or impact to the human subjects, university, or its affiliates or where specific data categories require special privileged access management.  Examples include social security numbers, passwords, encryption keys, and biometrics (such as fingerprints and iris scans), admitted behavior that could be considered a felony. Other examples of qualitative data that should be treated as “purple” data include data that will likely lead to arrest, detention, incarceration, deportation, physical injury, or death of both primary and third party participants. Additional access and handling requirements are required for Ultra-sensitive data because it may be impossible to repair damage caused by its unauthorized disclosure. 

Highly Sensitive or Red Data

Highly sensitive data includes data where unauthorized disclosure or loss poses a high risk or impact to the university, or its affiliates. Examples include data where unauthorized disclosure or loss poses a high risk or impact to the university, or its affiliates. Examples include driver’s license, mother’s maiden name, passport, and immigration number, admitted unlawful behavior that is not considered purple. Other examples of qualitative data that should be treated as “red” data include information that could lead to persecution, harassment or retaliation, information that may or likely will irreparably harm relationships, information that will likely lead to stigmatization where physical or psychological harm may occur as a result of both primary and third party participants, or any data where unauthorized disclosure or loss poses a high risk or impact to all human subjects. 

Should a researcher need a “Data Access and Security” plan, the researcher will be informed of this during the IRB review/approval process and directed to complete a “Data Access and Security” plan request form via the NC State University “Service Now” portal. Once the request form is submitted, a representative from NC State Security and Compliance will reach out to the researchers to initiate next steps. No “red” or “purple” data can be generated or accessed until this plan is finalized and a part of the approved IRB protocol. This plan must be congruent with any associated contract or agreement. 

IRB approval is not the same as a Data Steward or their delegate making a records release determination. If the IRB approves a study that includes the release of data to a researcher, the person releasing that data can still say “no” to the researcher. Please review the guidance for Data Stewards and their delegates as related to IRB protocols. 

The Data Steward for FERPA records at NC State determines if the records can be released. Things the data steward should consider:

• Direct Permission to access FERPA records
• If the project meets the FERPA exception
• If the unit/department has the bandwidth to provide the data and if so, what level of involvement that will be. 
• What the process is for releasing the data. 
• If no direct FERPA permission is sought from individuals, consider the reason the request is submitted and if it is, or is not, in line with the unit’s role, goals, priorities etc.
• The Data Steward should ask the researcher for their IRB approval information including the approved protocol and consent form where applicable. 

The IRB thinks about incentives and compensation in one of three ways: 

“Is the compensation/incentive unduly influencing or coercive?”

“Is the compensation/incentive fair across participant groups in a study” 

“What information is needed from participants in order to disperse compensation and does that information increase risks to participants?”  

If the IRB has determined that the information collected from participants to disperse the incentives or compensation increases risk to participants, then the IRB will require a participant protection that limits the information collection and sharing. Should this be the case, and researchers not be able to provide the research office with direct IDs of participants, the IRB will provide the researchers with a letter indicating this limitation. 

The IRB expects that in the IRB protocol, the researcher describes the information needed to disperse compensation and to detail the information that their department needs for compensation/incentive disbursement. This allows the IRB to properly assess privacy and confidentiality risks.  

To assist researchers in designing their research with compensation ro incentives in mind, the NC State IRB office has created the following guidance: Incentives and Compensation for Research Participants

Many researchers at NC State University want to access data generated elsewhere (also called “secondary data”) to use for their own analysis and research projects. In many cases, these datasets are private and those releasing the datasets to NC State University researchers may require a “Data Use Agreement” or DUA. This agreement details what the data is composed of, how it can or cannot be used, and how it can or cannot be accessed, among other topics. Please review the NC State University Research Administration and Compliance “Data Use Agreements” Guidance. 

The IRB will need to know the terms of the Data Use Agreement so that they can ensure that the submitted IRB protocol matches what is expected in the Data Use Agreement. PIs should upload the executed Data Use Agreement with their IRB application. The Data Use Agreement process and the IRB process can happen at the same time. However, until the executed Data Use Agreement is a part of the approved IRB protocol, no access to the data can occur.