Document toolboxDocument toolbox

SOP03: Governance Principles

Revision Date: 2023.12.21

View as PDF

Table of Contents

I. Description

The purpose of this SOP is to define the operating principles that inspire, inform, and direct activities conducted by Sage Governance. These principles are further applied through Governance functions, as articulated throughout other Governance SOPs and Reliable Methods. All Governance functions and activities should lead back to these core principles as a source of purpose.

II. Scope

This SOP applies to all Sage Governance team members but is also useful information for all Sage staff to understand the Sage governance ethos.

III. Definitions & Acronyms

Definitions

Coercion - the practice of persuading someone to do something using force or threats

Governance - In the context of biomedical research, we define the processes of governance to include the freedoms, constraints, and incentives that determine how two or more parties manage the ingress, storage, analysis, and egress of data, tools, methods, and knowledge amongst themselves and with others. (Mangravite, et al., 2020)

Undue influence - refers to influencing a person's will through psychological pressure or taking advantage of an existing relationship

Acronyms

DCC - Data coordination center

FAIR- Findability, Accessibility, Interoperability, and Reusability

IV. Authorities/Responsibilities

All Sage Governance team members must understand and adhere to the principles of Governance in all their Governance activities.

V. Key Guiding Principles of Sage Governance

A. Governance Mission Statement

Sage Governance is dedicated to developing policies and procedures that enable real-world collaborative research in an ethical, transparent, secure, and respectful way.

 

We work with other Sage teams and partner with external stakeholders to

  • Design and operationalize trusted research governance and data-sharing strategies.

  • Maintain compliance with legal, regulatory, and ethical requirements for data-sharing and research collaborations.

  • Consider the needs and interests of diverse populations of solvers and research participants.

  • Contribute to progress in research ethics and data governance.

  • Hold ourselves accountable to uphold the FAIR guiding principles for scientific data management and stewardship.

 

B. Ethical Conduct of Research

Ethical conduct of research involves the application of established professional norms and ethical standards in the performance of all activities related to scientific research. Research misconducts throughout the 20th century have highlighted the need to codify the tenets of research ethics into important documents including the Nuremberg Code (1945), the Declaration of Helsinki (1964), and the Belmont Report (1979). Each of these documents provides a global foundation of basic ethical principles expected to underlie the conduct of biomedical and behavioral research involving human subjects. While a Sage-specific summary will never replace these existing documents, some key guiding principles are identified below.

 

Respect for Persons (Autonomy):

The source of human research data always leads to an individual participant. Voluntary and unambiguous informed consent from research participants must be upheld to the highest degree possible. Where consent alternatives have been used (i.e., waivers of informed consent), rigorous data protections, particularly for privacy and confidentiality, must be in place. Respect for Participant’s wishes and data privacy should be core priorities of any Sage Governance model.

 

Sage Governance also acknowledges that multi-modal approaches may be best to obtain unambiguous informed consent. The use of e-consent may give individuals a more accessible, self-paced, and interactive method to learn about a study and provide more effective informed consent. However, these approaches should also acknowledge that access to, or understanding of, various technological approaches may be imbalanced across communities. Backup approaches (such as traditional paper consent forms) should nevertheless be considered as an option.

 

The principle of respect for persons also includes the requirement to protect those with diminished autonomy. The Belmont Report states that “the capacity for self-determination matures during an individual’s life, and some individuals lose this capacity wholly or in part because of illness, mental disability, or circumstances that severely restrict liberty.” Common Rule regulations identify pregnant women, fetuses, prisoners, and children as populations who must have additional protections. However, other groups such as individuals with impaired decision-making capacity, economically disadvantaged, or educationally disadvantaged persons may also require special protections against coercion or undue influence. Sage Governance models and activities should be mindful of these populations, and apply additional regulatory protections where required or appropriate.

 

Beneficence (Reduction of Risk):

“The right of the research subject to safeguard his or her integrity must always be respected. Every precaution should be taken to respect the privacy of the subject and to minimize the impact of the study on the subject’s physical and mental integrity and on the personality of the subject.”

(Declaration of Helsinki)

 

Beneficence entails the minimization of risk and maximization of possible benefits. The Belmont Report states that “the obligations of beneficence affect both individual investigators and society at large, because they extend both to particular research projects and to the entire enterprise of research.” Sage Governance approaches take the traditional beneficence focus a step further by acknowledging that risks to groups and communities have also evolved to become a key focus in research risks, particularly as big data or big health data research and artificial intelligence have entered the research ecosystem. Whereas ethics committees are guided to “not consider possible long-range effects of applying knowledge gained in the research,” Sage takes a more protective approach toward assessing a richer scope of research risks (45 CFR 46.111(a)(2)).

 

Risks to Individuals:

Risks to individuals include such risks as: (1) re-identification by analyzing large individual-level datasets and comparing them with other datasets containing identifiers; (2) additional disclosures or uses outside of approved users or intended data uses; (3) the inadvertent disclosure of identifiable information; and (4) the general loss of control over one’s personal data. Disclosures or re-identification may not immediately result in harm to an individual, but violations of privacy – particularly when disclosure of private, identifiable information occurs when there is an expectation of privacy – must always be addressed promptly.

 

Risks to Groups or Communities:

Research conducted using “big data” or “big health data” (i.e., complex datasets of increasingly diverse data including -omics and phenotypic data from a combination of sources) can lead to group harm. Examples of group harms can include: (1) health–related algorithms produced through machine learning techniques on a homogeneous (i.e., non-diverse) data set have been found to place underserved populations at risk of biases leading to the receipt of inadequate medical care; (2) conduct of research without unambiguous consent of the individuals or the group as a whole and draw conclusions in a manner that is harmful to populations (e.g., the Havasupai case).

 

Justice:

Issues of Justice in the research environment are expansive. The historical approach to justice through the 20th century mainly concerns the equitable selection of subjects and the distribution of the risks and benefits of participating in research. Modern social discourse further includes community perception and trust, community involvement in the research enterprise, and heightened focus on representation in research with the downstream impact of progressing healthcare standards. Sage Governance seeks to consider these concerns by evaluating factors of representation in research for participants, researchers, and institution types.

 

Participants: Data should be representative of the research population. Sage Governance approaches should include an awareness of representation in study data reflecting on the many dimensions of diversity.

“Race, ethnicity, sex, gender, age, and geographic ancestry do not define distinct genetic or biological groups; yet along with social, cultural, and economic factors, these factors can be associated with important differences in disease susceptibility and manifestation, treatment response, and rates of inclusion in clinical research.”

- MRCT Center Diversity Guidance Document, Basic Principles.

 

Researchers: Content is both contributed and accessed by a diverse researcher population. Sage Governance approaches should include a focus on inclusivity, support and understanding of common barriers across institutions, education levels, cultures and languages. Sage governance must also balance the benefit of open science with the potential career risks to contributors.

 

Institution Types: Content is contributed and accessed by a broad array of institutions across the research landscape geographically, culturally, and financially.

 

Scientific Quality:

Supporting large-scale data sharing and enabling linkage among research, clinical, and environmental data increases the value and utility of data. Sage Governance practices must demonstrate good stewardship by balancing access restrictions against openness to create social goods and enable collaboration.

 

Risks in large-scale data-based research are minimized by carefully protecting the data through data security protocols and the application of evolving de-identification methods. As more data are generated and the possibility of re-identification becomes easier through high-tech systems, Sage must employ commensurately sophisticated techniques to ensure that sensitive data is evaluated and properly protected.

C. Legal Imperatives

Research activities undertaken by Sage Bionetworks must comply with national and local legislation. Applicable laws and regulations can vary based on several factors, including but not limited to: the geographic source of the data (e.g., varying requirements across regions, states, territories, and nations); the subject population (e.g., data from vulnerable populations or tribal member, and data from non-US geographic sources); and the nature of the data (e.g., clinical data, disease-specific data, mental health data).

 

Sage Governance must accurately identify the applicable laws and regulations governing Sage research activities and services based on where data is collected and how data is shared. For instance, following more restrictive practices when appropriate, and effectively interpreting laws and regulations to produce compliant governance models through tools such as data de-identification methods, data ingress agreements (e.g., data transfer/sharing agreements), and consultation with Institutional Review Boards or other Ethics Review Boards. Sage Governance acknowledges that global privacy laws are not harmonized. The default approach when faced with looser research participant protections is to apply at minimum the U.S. privacy laws, regulations, and standards (e.g., applying HIPAA safe harbor de-identification methods at a minimum).

Regulatory Standard and guidelines at a glance

Standard

Relevant for

Brief description

HIPAA Regulations

Healthcare plans, clearinghouse, and providers and anyone processing patient data on their behalf

Privacy rules = Use and disclosure of patient data

Security rules = Administrative and technical security standards

EU GDPR

Organization collecting or processing data from the EU

rules governing the collection, transfer, storage, processing, use, and deletion of personal data

US State data privacy regulations

Organization collecting or processing personal data

expansion of federal privacy regulations relevant for cyber security and medical/health data

data minimization

opt-in consent

participant rights

Common Rule

Organizations conducting human subjects research

federal regulations providing baseline protections for human subjects involved in biomedical and behavioral research

IRB oversight

informed consent requirements

Country-specific privacy laws

Organizations sharing data collected outside the US or EU

See International compilation of human research standards

D. Fairness, Transparency and Trust

Fairness in research is exemplified through proper attribution, recognition and acknowledgment of the individuals, institutions, and funders who contributed to a body of work. Transparency involves a philosophy of open data sharing, including analytical workflows, so valuable research data can be reused and results can be reliably reproduced. By promoting fairness and transparency, Sage fosters an environment of collaboration and trust.

 

An overall role of Sage is to apply and uphold privacy and regulatory standards that start inward and extend outward. As stewards of sensitive data, Sage staff are expected to comply with all data restrictions and policies on a study-, project-, or community-specific basis, including when Sage data scientists wish to access data for research purposes.

 

Examples of Sage's Governance approach to promoting fairness, transparency, and trust include:

  1. Objective requirements that apply to all users seeking access to controlled-access data.

  2. Public intended data use (IDU) statements, which simultaneously remind data requesters that their requests may be scrutinized by their peers at any time, while providing transparency to the research community as to the uses of the data.

  3. Requiring data requesters to include the acknowledgment statements prescribed by the data contributors in publications resulting from shared data.

E. Scientific Collaboration

 

Sage promotes scientific collaboration through partnerships between diverse stakeholders, including but not limited to project sponsors/funders, internal and external DCC administrators, data contributors, data consumers, and communities of solvers. Communities of solvers, in particular, can range from high school students participating in a DREAM Challenge to researchers, developers, citizen scientists, and patient populations.

 

Sage Governance efforts are centered on developing and implementing innovative, participant-centered approaches, standards, and practices to improve research quality and reliability and to empower and protect research participants.

 

“[...] the ‘right’ system of governance (including the ‘right’ types and quantities of resources for governing) is determined by the nature of the collaborative activities intended. [...] much scientific data governance revolves around how available data will be (i.e., how many and what types of people can access it) and how many freedoms are given to those who can access it (i.e., what conditions limit how can they use it).” (Mangravite, et al., 2020)

 

There are many models of Governance, each with its own pros and cons. Sage Governance helps researchers select the data-sharing framework that best meets their needs.

 

(figure from Mangravite, et al., 2020)

 

FAIR Principles

The FAIR Principles (Wilkinson, et al., 2015) are Findability, Accessibility, Interoperability, and Reusability. The extent to which these principles are followed during data management processes determines how reusable data will be by other researchers. These principles are defined well through the following graphic from Wilkinson, et al., 2015, p. 4:

F. Adaptation

Governance innovation efforts use systems-thinking and outcomes-oriented approaches to identify best practices and adapt governance at scale. These efforts expand the data types, collection sources, and access modalities of governance models, and diversify the solver communities while responding to evolving rules, regulations, and technology.

Sage Governance is available to help enable the conduct of research respectfully and appropriately.

 

Research studies and consortia vary across a broad spectrum, including data volume and type, research focus, consortia size, and funding type. Sage Governance efforts lean on generalizable solutions (i.e., governance structures and governance design patterns, as discussed in Mangravite, et al., 2020) that can be adapted to reflect the unique needs of each data-sharing endeavor. Sage Governance acknowledges that data sharing requires an understanding of unique nuances and contextualization in order for data-sharing models to be appropriately customized.

VI. Associated Documents and Resources

VII. Revision History

Revision#, Date

Description

V1, 2023.12.21

New SOP