Table 1.
Requirements Associated With Dynamic Aspects of Data
| Requirement | Invoked by: | Met by: |
|---|---|---|
| Approval for data use (Regulatory basis HIPAA, Title 21 CFR Parts 50 and 56, Title 45 CFR part 46) | Use of data not originally collected for the investigator or data collected de novo | Institutional approval to use the data in the intended way and human subject consent and authorization where required. |
| Traceability (Regulatory basis Title 42 CFR 93,* 21 CFR 58.130 (c) and (e) and 58.35 (b)) | Data changing (any operations performed on data that change data values or create new ones) | Association of data values to transformation algorithm; association of original value to new or changed value (data processing procedures, algorithm metadata, value-level metadata) |
| Algorithm versioning, testing and association to data (Regulatory basis Title 42 CFR 93,* 21 CFR 58.130 (c) and (e) and 58.35 (b), Title 21 CFR Part 11) | Data changing (algorithms operating on or facilitating inferences from data) | Versioning and testing of algorithms. (algorithm metadata) |
| Preservation of original values and data documentation (Regulatory basis 21 CFR 58.130 (c) and (e), 21 CFR 58.3 (k)) | Data moving (transfers of data across system or organizational boundaries). | Data archival facility, including archival of data documentation. (all metadata) |
*
While Title 42 CFR 93 does not specifically call for traceability of all operations performed on data, all institutions receiving Public Health Service (PHS) funding must have written policies and procedures for addressing allegations of research misconduct. In misconduct investigations, traceability of data from it’s origin through all operations performed on the data to the analysis is necessary for developing the factual record.