Identifying and managing risks to participants is one of the most important and challenging tasks facing researchers and the IRB. The IRB looks for the researcher to minimize risks and evaluates the methods by which they do so in the protocol.
Risk is determined by the severity (magnitude) of harm in relation to the probability (likelihood) of that harm occurring.
Minimal risk is defined in the regulations and means "that the probability and magnitude of harm or discomfort anticipated in the research are not greater in and of themselves than those ordinarily encountered in daily life or during the performance of routine physical or psychological examinations or tests." 45 CFR 46.102(i)
All greater than minimal risk research requires review and approval by the full board during a convened IRB meeting.
Research harms may occur as a result of:
Invasion of Privacy
Individuals have rights and expectations to privacy that may be compromised as a result of participation in research. Examples include:
- Personal information that is accessed or collected without the subject's knowledge or consent
- Purposely or inadvertently revealing a subject's participation in research despite assurances to the contrary
Breach of Confidentiality
An unauthorized release of personally identifiable research or health data resulting in risks of:
- loss of employment or insurability, including financial repercussions
- social stigma
- legal consequences for illicit behavior
- psychological or emotional harms
Harms from Study Procedures
Harms resulting from study procedures, though more rare, may include:
- loss of physical or cognitive functioning
- temporary or permanent side effects including debilitating illness or injury leading up to and including death
- psychological or emotional repercussions
- unintended consequences to non-research participants (fetuses, partners, group harms, general public)