[Kevin_S]

As an academic researcher, it's most frustrating in that it feels like IRB scrutiny doesn't seem to align with risk.

I do accounting research. My human-subjects research involves surveying practitioners about their jobs, interviewing them about their experiences, and conducting very simple experiments online that ask them to make decisions. There is virtually 0 real risk to any participants of my studies. IRB does always give my studies "exempt" status, but it still has to be reviewed. And they will pester me about different things like where will store our data (Onedrive is fine, but dropbox is not for some reason). This process will typically take a couple weeks of back and forth.

Yet I have a friend who participated in a Kinesiology dissertation study where they were asked to do extremely strenuous physical activity. He fainted(!) at one point from the activity. And it seemed to them that there were relatively few safeguards from that happening. Now, I'm sure that study did have IRB approval, but it really got me thinking... are we really scrutinizing studies optimally?

[mmooss]

> IRB does always give my studies "exempt" status, but it still has to be reviewed.

How could they do it more efficiently?:

How could they know it's exempt without reviewing it? Should they take researchers' at face value? That seems to undermine the reason we have IRBs, which was unscrupulous researchers. Should we assume they are willing to torture people but not to mislead the IRB?

Why shouldn't data be private? How hard is it?

> a Kinesiology dissertation study where they were asked to do extremely strenuous physical activity. He fainted(!) at one point from the activity. And it seemed to them that there were relatively few safeguards from that happening.

Informed consent is essential to an IRB; your friend would have read and signed something detailing the activities and risks. Strenuous excercise to the point of exhaustion is a part of sports performance research, at least. As long as you inform people, they have the power to opt-out (not prisoners, 6 year olds, etc.), and no undue risk.

[bpodgursky]

> How could they do it more efficiently?:

Think about how taxes work. The IRS doesn't check every person. You make rules, you perform random audits.

IRBs could easily do the same thing. Set some rules like (simplified) "No IRB necessary if your research doesn't physically touch a person". Researchers will read the rules and skip an IRB if they're in an exempt category. Then just audit at a high enough rate they won't lie.

[dr_dshiv]

There is a huge opportunity in simplifying and automating IRB review.

Here in the Netherlands (we call it HREC, human research ethics committee) the process takes months and months to get permission to talk to people.

Like, “hey I’ve designed some cool new interaction design, I want to get permission to interview people and do human-centered design iterations.” Yes, you will need to spend dozens of hours on forms and wait months.

It cannot be ethical to put these many barriers on talking to humans. And, if you want to do something like an educational game for kids? Or support for the elderly? Or for your students? Well, those are vulnerable populations, so add a few more months.

Education research is extremely difficult here (in the USA it is exempt). How to conduct research on the use of AI in a class you are teaching? You can’t get retroactive consent.

The system is not reasonable.

[mmooss]

Nobody dies if someone's taxes are wrong. Also, IRBs are not usually about lies, but about scientists not understanding the risks and solutions.

[bpodgursky]

> Also, IRBs are not usually about lies, but about scientists not understanding the risks and solutions

You have never submitted an IRB.

[mmooss]

Have I? Haven't I? Are you really saying that all these scientists - anyone doing human subject research at least in advanced democracies - are mostly liars trying to defraud people?

[bpodgursky]

Have you submitted an IRB?

[jampekka]

We are not. Here's a great essay about the subject:

https://journals.sagepub.com/doi/abs/10.1177/174701611100700...

The author also has a blog about IRBs: http://www.institutionalreviewblog.com/?m=1

[inetknght]

> I do accounting research. My human-subjects research involves surveying practitioners about their jobs, interviewing them about their experiences, and conducting very simple experiments online that ask them to make decisions. There is virtually 0 real risk to any participants of my studies.

Cool, I guess. I wouldn't want to participate if my answers were visible to my employer because honest answers could put my employment at risk.

> As an academic researcher, it's most frustrating in that it feels like IRB scrutiny doesn't seem to align with risk.

As a worker^H^H^H^H^H^Hhuman I find it most frustrating when academics don't understand what things I consider to be risks.

If my answers to your research are leaked, can they be tracked back to me? Onedrive is terrible, just look at Microsoft's repeated flagrant disregard for security. Dropbox is awful too, just look at how easy it is to accidentally a whole folder. Why would you store your data in such places instead of on a research computer with locked down access? That screams to me of a researcher who doesn't understand the value (and risk) of the data they hold. Or perhaps of a researcher who doesn't value that risk appropriately. Perhaps also researcher who doesn't coordinate with their IT department, or an IT department who's equally or worse as competent.

[p_j_w]

>Onedrive is fine, but dropbox is not for some reason

As far as I know, it's possible to get OneDrive even HIIPA compliant, but I don't think so for Dropbox.

[eszed]

Dropbox claims that it can achieve HIPAA-compliance, and I personally know two (large and serious) organizations who use it as such.

https://help.dropbox.com/security/hipaa-hitech-overview

In keeping with the theme of the OP, I don't know if that's been tested in court, soooo... Take that all for what you will.