Downloadable PDF: International Human Subjects Research Process Guidance Checklist
This guidance is for research teams engaged in international studies with human subjects data, where the data is coming into the university from external sources. These steps can be done concurrently.
Process Guidance Checklist
- Researcher develops a research idea.
- Researcher/administrator schedules a research idea discussion meeting. The meeting should include the PI, study team, and/or research administrator. The meeting agenda includes:
- Discuss the research idea in detail.
- Determine if the research idea is feasible as a research project.
- Do you have the right international contacts?
- Can your team effectively collaborate internationally?
- Is there funding to carry out the research?
- Consider the privacy and security of any data you will bring into the university.
- Create a data flow diagram (Net ID required).
- Create a list of UW contacts needed to initiate the research project (see International Research Contact List).
- Researcher/administrator connects with international collaborators to identify the collaborators’ roadmap for getting started.
- If this is a new collaboration, obtain the official name and status of the organization.
- Ask if there are specific items, tasks, legal requirements that they need from the UW research team.
- Determine foreign legal requirements related to the sharing of data e.g. applicable laws or government approval needed to bring data to UW. Ask that the collaborator give you information about their privacy and security laws and regulations.
- Ask what pitfalls and successes they have seen in these types of research projects.
- Obtain main foreign contact that can assist you with international contracting, export control, IRB, regulatory issues, etc.
- After the research idea discussion meeting and connection with collaborators, the researcher/administrator immediately reaches out to the internal UW contacts identified at the research idea discussion meeting (see International Research Contact List).
- Researcher/administrator describes the research project to the internal UW contact, asks whether, when, and how the contact office should be involved, and what the office can do to support the research project.
- Researcher/administrator creates a simple timeline and checklist for the research project, including how and when internal UW offices are involved, and shares timeline with the entire research team. Add additional items when needed. Schedule meetings to stay on track.
- Researcher/administrator connects with international collaborator or other international contact again to share information and finalize understanding of legal requirements related to the sharing of data.
- Schedule standing monthly or quarterly research project status calls with stakeholders.
- Identify data sharing practices including any data privacy and security concerns, and how those will be handled. Identify where data will be stored.
- Collaborator sends data to UW. Collaborator may send data according to their own processes, regulations, or policies. HIPAA compliance is not required for this step.
- Once the data is received by UW, move the data to appropriate storage and provision appropriate access based on the guidance below:
- If the requirements of the other country are less protective than U.S. laws and institutional policy, storage and UW employee access to the data is handled as it would be had the data been collected here (e.g. Health data held within the HCC is protected like PHI; educational records are protected like FERPA-covered records). UW has tools to determine what storage option is recommended for your situation, and a list of tools approved for exchanging and storing PHI. If no tool appears suited to the research collaboration, contact cybersecurity.
- When collaborator access to data is needed, consideration will be given to the laws and regulations of the collaborator’s country. UW considers the collaborator to be accessing data from and in their own country.
- Exceptions to cybersecurity controls may be made if necessary to effectuate the collaboration and allow collaborator access. Any exception must be documented and cybersecurity must be informed of the exception.
- If the requirements of the other country are more protective than U.S. laws and institutional policy require, determine appropriate mechanisms for storage and access. Appropriate mechanisms may be determined through consulting contracts, asking international collaborators to provide information regarding their laws and regulations, discussion with cybersecurity, the Office of Compliance, and the Office of Legal Affairs.
- If the requirements of the other country are less protective than U.S. laws and institutional policy, storage and UW employee access to the data is handled as it would be had the data been collected here (e.g. Health data held within the HCC is protected like PHI; educational records are protected like FERPA-covered records). UW has tools to determine what storage option is recommended for your situation, and a list of tools approved for exchanging and storing PHI. If no tool appears suited to the research collaboration, contact cybersecurity.