Management of Research Data and Records By Investigators and Academic Departments

1. Introduction

Research data and records are governed by Federal, State, and local regulations. Both the university and investigators are accountable for proper management of research data and records; and must comply with regulations, meet industry standards, and follow best practices related to collection, transmission, storage, and security of the information. Multiple offices at ECU are involved in these processes, and this guidance is provided to help navigate the complex processes and procedures.

2. Definitions

2.1 Research Data

Research data is the recorded factual material commonly accepted in the scientific community as necessary to validate research findings, including but not limited to documents, notebooks, audiotapes, photographs, scripts, protocols, and specimens (NCSU University Libraries, OMB Circular 110).

2.2 Records

Research record means an item or grouping of information obtained for the purpose of research including but not limited to correspondence, reports, and consent forms (https://www.lawinsider.com/dictionary/research-record).

2.3 Research

2.3.1 Frascati Manual Definition of Research

The Frascati Manual defines research as creative and systematic work undertaken in order to increase the stock of knowledge—including knowledge of humankind, culture and society—and to devise new applications of available knowledge.

2.3.2 DHHS Definition of Research

DHHS defines research as a systematic investigation, including research development, testing, and evaluation, designed to develop or contribute to generalizable knowledge, and similarly, NIH defines a clinical trial as a research study in which one or more human subjects are prospectively assigned to one or more interventions (which may include placebo or other control) to evaluate the effects of those interventions on health-related biomedical or behavioral outcomes.

2.3.3 NSF Definition of Research

NSF defines basic research as systematic study directed toward fuller knowledge or understanding of the fundamental aspects of phenomena and of observable facts without specific applications towards processes or products in mind.

3. Ownership, Stewardship, and Custody of Research Data and Records

The administration and investigators collaborate to ensure joint access to and responsibility for data and records.  Together, they determine appropriate usage and disposition of the information, including decisions to transfer legal ownership of research data and records to the investigator or third parties when warranted.  Data and records (as well as intellectual property) resulting from activities conducted as a paid employee of the university are owned by the university, and the university is responsible to external stakeholders for ensuring access, integrity, and security of resources.  As the originators and primary users of research data and records, investigators are the primary stewards and custodians of research information.  Faculty may receive data, information and specimens from other institutions under terms of Confidential Disclosure Agreements, Data use Agreements, and Material Transfer Agreements.  Ownership does not typically transfer in such situations, but the faculty member is responsible for stewardship of the resources as defined by the agreements under which they are obtained.

3.1 Roles and Responsibilities

3.1.1 Administration

3.1.1.1 General

The general structure, policies, and procedures of data oversight and management at ECU can be found at the Data Governance website (https://datagovernance.ecu.edu/). The Data Governance Regulation (http://www.ecu.edu/prr/01/15/06) assigns the members of Academic Council as the trustees for research data and records with final authority over use and disposition of information within their respective divisions.

3.1.1.2 Institutional Steward

The Senior Associate Vice Chancellor for Research Administration is the institutional steward for research data, and represents research on the Data Stewardship Committee (https://datagovernance.ecu.edu/data-stewardship-committee/ ).  He/she interfaces with investigators, Academic Council, and the Data Stewardship Committee, facilitating research while maintaining compliance with Federal, State, and local regulations.  He/she advises Academic Council, establishes and implements institutional policies and procedures, and executes agreements for the interinstitutional transfer and sharing of research data.

3.1.1.3 Data Security Oversight

The HIPAA Security Offices (http://www.ecu.edu/cs-acad/ORIC/HIPAA/ and https://hipaa.ecu.edu/ ), Identity Theft Protection Committee (https://institutional-integrity.ecu.edu/identity-theft-protection-committee-itpc/ ), and IT Security Computing Services (https://ecu.teamdynamix.com/TDClient/1409/Portal/Requests/ServiceDet?ID=11505 ) are engaged when the research involves human subjects, ensuring that personal health information and personal identifiable information is collected, transmitted, and stored appropriately.

3.1.1.4 Sequestered Data

In instances where data and records are sequestered as part of an investigation into allegation if research misconduct or when patent litigation is imminent, the university provides copies of data and records to the investigator as needed to allow continuation of active research projects.

3.1.1.5 Contractual Custody Outside ECU

In instances where contractual agreements stipulate that another institution shall have custody of original primary data, ECU transfers the original data to that institution and retains a true copy of all data and records generated for the study.

3.1.2 Principal Investigator

The Principal Investigator (PI) is the steward and custodian of project-specific data and has responsibility for ensuring the integrity, security, retention, and disposition of the original research data and records.

3.1.2.1 PI Responsibilities – Prior to Collecting Data

Determine the security classification of data and records involved in the study (https://datagovernance.ecu.edu/wp-content/pv-uploads/sites/2038/2019/01/ECU-Data-Classification-DSC-Approved-20181113.pdf ).

Develop a plan for managing the data (https://libguides.ecu.edu/DataManagement/datamgtplans ) in compliance with ECU’s approved guidelines for protecting (https://itcs.ecu.edu/guidelines-for-protecting-sensitive-data/ ), storing,  (https://itcs.ecu.edu/sensitive-data-storage-and-transmission/), and transmitting (https://itcs.ecu.edu/research-data-security/) sensitive data and records involved in the project.

Obtain approval from the IRB and all ancillary reviewers for collection and use of human data, including Data Use Agreements (http://www.ecu.edu/cs-acad/ORIC/irb/investigators_and_coordinators.cfm ) or from the IACUC for collection of data from animals (http://www.ecu.edu/cs-dhs/iacuc/ ).

Ensure resources are available from either internal or external funds to cover the expenses of data and record preservation and security.

Inform members of their research teams of their specific roles and responsibilities in data management, retention, and security.

3.1.2.2 PI Responsibilities – During the Project

In accordance with IRB, IACUC, HIPAA, and/or sponsor-approved protocols.

Document that project data are collected, transmitted, and stored as stated in approved protocols.

Alert the appropriate office of deviations in protocols that impact data integrity or security.

Amend previously approved protocol and data management plan to reflect changes in processes and procedures.

Appropriately organize and label data and records to allow the identification of specific information within the records by someone who was not involved with the original project.

Provide access to sponsors and institutional officials as required by contractual and regulatory obligations.

Refer requests by external parties to audit project data and records to the Chief Audit Office in the Office of Internal Audit and Management Advisory Services (https://audit.ecu.edu/ ) and Director of the Office of Research Administration (the study team does not communicate directly with external auditors without express permission from Internal Audit).

Refer requests under the Freedom of Information Act (FOIA) to the Office of University Counsel (http://www.ecu.edu/cs-admin/attorney/ ).

3.1.2.3 PI Responsibilities – After Project Completion

Consolidate and co-localize the data files and records for the project.

Ensure access by the institution as required to address issues including, but not limited to public disclosure, regulatory compliance, research integrity, misconduct, personnel actions, and public records request.

Retain the data files and records according to IRB, IACUC, FDA, sponsor, and other agency guidelines and regulations as detailed in, but not limited to, the UNC Records Retention and Disposition Schedule (See Section 4, below).

3.1.2.4 PI Responsibilities – Prior to Leaving ECU

Request from the Assistant Vice Chancellor for Research Compliance that ownership of the original data be transferred to the investigator or another institution to support continuation of the project.

Provide the Department Chair with copies of the original research data and records for permanent archiving.

Provide copies of the data and records to collaborators and co-investigators.

3.1.3 Department Chair

The department chair or designee is responsible for ensuring that copies of the original research data and records are retained in the unit as appropriate for the research activities and financial support of the project.

4. Retention of Research Data and Records

The UNC Records Retention and Disposition Schedule (https://www.northcarolina.edu/legal-affairs/records-retention ) defines rules for retention and disposition of different kinds of research information. The Schedule incorporates many of the Federal, State, and UNC System requirements into one set of rules, For data and records not covered in the Schedule, investigators should refer to sponsor and agency guidelines specific to their areas of investigation. The following is a summary of data and record retention guidelines relevant to research.

4.1 Animal Research Records (UNC Standard 6.2)

Records documenting the use of animals for research. Includes manifests, disposition logs, reports, correspondence, and other related records.

Destroy in office 7 years after final disposition of animals.

4.2 Complaints, Deviations, and Violations (UNC Standard 6.3)

Records documenting complaints related to a specific study or principal investigator under review for potential violations. Includes complaints, correspondence, and other related records.

Destroy in office 3 years after conclusion of study or resolution of complaint, whichever is longer.

4.3 Live Tissue Research Records (UNC Standard 6.7)

Records documenting the use of live tissue in research. Includes manifests, disposition logs, reports, correspondence, and other related records.

Destroy in office 7 years after final disposition of tissue.

4.4 Research Data Sets (UNC Standard 6.8)

Data sets used to produce reports by any unit in the University. Retain in office permanently, unless otherwise specified by terms of contract.

4.5 Medical Records

10 years after the last clinical encounter or  ten years after a minor reaches majority age (http://www.ncmedsoc.org/apps/faces/members/practice_management/article_detail.jsp?topicId=125 )

Documentation of HIPAA authorization or waiver/alteration of HIPAA authorization is retained for a minimum of 6 years (https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/securityrulepdf.pdf?language=es, 45CFR164.316, Page 8380)

4.6 FDA Investigational New Drug (IND)

Retain for 2 years after a marketing application is approved for the drug; or if an application is not approved for drug, until 2 years after shipment and delivery of the drug for investigational use is discontinued and the FDA so notified.” [21 CFR 312.57(c)

4.7 FDA Investigational Device Exemption (IDE)

Retain records for 2 years after the investigation is terminated of completed, or the date that the records are no longer required for purposes of supporting a premarket approval application or a notice of completion of a product development protocol, whichever is later [21 CFR 812.140(d)].

5. Intellectual Property Issues Involving Research Data and Records

Preparation and retention of research data and records are important in determining inventorship and priority of intellectual property, and in defending against patent infringement. In order to protect the rights of investigators and the university to the intellectual property generated by their research programs, university technology transfer managers recommend specific record keeping and retention practices such as the use of bound and/or electronic laboratory notebooks. Responsible faculty should be aware of and follow the record-keeping recommendations offered by the Office of Innovation and New Ventures https://rede.ecu.edu/innovation/inventors-handbook/

6. Related Policies and References

2 CFR 200.333: Uniform Administrative Requirements, Cost Principles and Audit Requirements for Federal Awards: Retention Requirements for Records

45 CFR 46: Federal Policy for the Protection of Human Subjects (The Common Rule)

21 CFR 56: FDA Regulations: Institutional Review Boards

21 CFR 312.57 and 312.62: FDA Regulations: Retention of IND Records

21 CFR 812: FDA Regulations: Retention of IDE Records

45 CFR.164: HIPAA Regulations on Retention of Protected Health Information

20 USC 1232g  Records; Privacy, Limitation on Withholding Federal Funds; Family Educational and privacy rights

G.S. § 126-22 Personnel files not subject to inspection

G.S. § 143C-6-22; 143C-6-23; 09 NCAC 03M .0703 Required Contract Provisions

UNC Records Retention and Disposition Schedule Standard 6. Grants and Research Records

ECU REG01.15.06 Data Governance Regulation

ECU Faculty Manual Part VII Section II Scholarship/Research/Creative Activity Guidelines

Data Governance Website https://datagovernance.ecu.edu/

Inventors Handbook https://idea2impact.ecu.edu/wp-content/pv-uploads/sites/337/2018/06/InventorsHandbook.pdf

7. Contact for Information

Senior Associate Vice Chancellor for Research Administration