A Protocol Violation is any deviation from the study procedures, as outlined in the Protocol Summary Form that has received review and approval by the IRB, that has occurred without informing the IRB prospectively*. A significant protocol deviation would be a deviation that increases the risk to participants or others, or decreases the potential benefits of the study, undermines the scientific integrity of the study, or occurs more than once. In the event of a report of a protocol violation, special monitoring may require a systematic audit of study compliance with consent documentation requirements.
* If an investigator anticipates the need for a deviation from the protocol, IRB approval for an exception must be requested via IRBmail@nyspi.columbia.edu.
A data breach is a type of Protocol Violation that needs to be reported to the IRB. A data breach compromises the security or privacy of Protected Health Information (PHI). The US Department of Health and Human Services presumes a breach, an impermissible use or disclosure of PHI, has occurred unless the covered entity (NYSPI) demonstrates a low probability that PHI has been compromised based on a risk assessment of the following factors:
1.The nature and extent of the PHI involved, including the types of identifiers and the likelihood of re-identification,
2.The unauthorized person who used the PHI or to whom the disclosure was made,
3.Whether the PHI was actually acquired or viewed, and
4.The extent to which the risk to the PHI has been mitigated.