Risks to Participants

Safeguarding Rights of Research Participants/Subjects

Safeguarding the rights and welfare of all participants/subjects involved in research is paramount. Even with informed consent, a project can only receive IRB approval if the potential risks to the individual participants are outweighed by potential benefits.  In evaluating risks and benefits, the Committee for the Protection of Human Subjects (CPHS)/Institutional Review Board (IRB) shall not consider long-range effects of applying knowledge gained in the research. 

Responsibilities

Researchers have the primary responsibility for protecting human participants/subjects from harm. They must minimize potential risks, ensure the risk-to-benefit ratio is reasonable, and obtain voluntary informed consent unless the study meets criteria for a waiver or alteration of informed consent. Additionally, researchers must safeguard participant data, report events promptly, and maintain proper ethical training. In order to do this, researchers must be able to proactively identify all potential risks to participants including physical, psychological, social, economic, and legal. Researchers then have the responsibility to reduce these risks to the lowest possible level by utilizing the safest appropriate methods and ensuring the research team is fully qualified to handle any complications that may arise. Risks must be reasonable in relation to the anticipated benefits to the participants or the importance of the knowledge to be gained. Researchers must avoid exposing subjects to any risks that can be practicably avoided without compromising the research goals. 

Prior to initiating any study, researchers must submit their protocol, which details their risk-assessment and mitigation plans, to the IRB for review and approval. Researchers are then obligated to strictly adhere to the approved protocol and maintain ongoing IRB approval for the duration of the study.  

Additional information regarding investigator responsibilities can be found on our Investigator Responsibilities website.  

Level of Risk

Risks should be considered in relation to the magnitude and probability of the harm or discomfort posed by the research.  

  • Magnitude pertains to the severity, duration and likelihood of recovery from any research-related harm or discomfort. Because magnitude may vary in significance, researchers must consider magnitude in relation to the overall impact. This includes considering specific effects on individual participants, the total number of participants affected, and any potential consequences for others outside of the study if the risk occurs.   

Examples

  • High Magnitude: A risk resulting in death represents a high magnitude of risk due to the extreme severity and lack of recoverability.  
  • Low Magnitude: A breach of confidentiality involving non-sensitive survey data for a small number of participants represents a low magnitude of risk. Such a disclosure would not reasonably place the subjects at risk of criminal or civil liability, nor would it be damaging to the subjects' financial standing, employability, educational advancement, or reputation.  

 

  • Probability pertains to the likelihood or chance that a specific harm or discomfort will occur due to research participation. Probability can vary and should be evaluated based on the known or expected frequency of the risk. Researchers should consider studies with similar risks, the specific vulnerabilities of the participant population, and the effectiveness of any safeguards designed to prevent or minimize research harm or discomfort. 

Examples

  • High Probability: In a study requiring a standard venous blood draw, there is a high probability that participants will experience momentary pain or minor bruising at the needle insertion site. 
  • Low Probability: In a study utilizing a secure method for storing data and plans to de-identify data at the earliest possibility, the probability of a data breach that compromises the confidentiality of the participant data is low. 

 

The risks of participation in research may be a consequence of the research design, the research procedures, and/or the research methods. 

Examples: 

  • Research Design: In a study assessing the safety profile of an investigational drug, the risk of an adverse reaction is inherent to the research design itself, as the primary goal of the study is to identify those drug reactions. 
  • Research Procedures: The risk of minor bruising from a research blood draw is a direct consequence of the physical procedures participants undergo. 
  • Research Methods: Using audio or video recordings when conducting interviews is a research method that introduces a potential risk of loss of privacy or confidentiality. 

 

Research is categorized into two risk levels:  

  1. Minimal Risk in which the probability and magnitude of harm or discomfort anticipated in the research are not greater in and of themselves than those ordinarily encountered in daily life or during the performance of routine physical or psychological examinations or tests and  
  2. Greater than Minimal Risk in which the probability and magnitude of harm or discomfort anticipated in the research are greater than minimal risk.  

 

The risk level will determine how the project is reviewed by RCS and the IRB. Minimal risk studies can be reviewed either at the Exempt or Expedited level depending on how the study procedures and populations map to the applicable regulatory categories for each level of review. Greater than minimal risk studies and studies that do not fall under any of the exempt or expedited categories require review by the convened IRB. For more information, see the RCS webpage on the Review Process: What to Expect

Potential Risks to Subjects

Potential risks generally fall into one or more of the categories described below. Research Compliance Services and the CPHS/IRB will weigh the potential risks of research against the potential benefits as part of the review process.  All risks that are brought about and/or affected by the methods and procedures of the research should be considered. Researchers are expected to take steps to minimize potential risks. 

Physical risks
Physical risks include pain, injury, illness, physical discomfort, and/or disease. Physical risks may result from physical stimuli such as noise, electric shock, heat, cold, electric magnetic or gravitational fields and/or research interventions such as giving participants study drugs or asking participants to engage in research exercises.   
Psychological risks
Psychological risks involve threats to participants’ mental or emotional wellbeing. Examples of psychological risks include triggering painful memories, anxiety, depression, guilt, emotional distress/discomfort, altered self-perception, and/or altered behavior. Sensory deprivation, sleep deprivation, use of hypnosis, deception, or mental stresses are examples of research methods that may cause psychological risks. 

 

Social risks
Social risks occur when participation or sensitive information gathered during research could damage a person’s relationships, reputation or be stigmatizing. Examples of social risks include embarrassment, loss of respect or rapport, conflict, labeling, and/or loss of opportunities.  
Economic risks
Economic risks may include financial costs incurred by the participant as a result of their involvement in the study. Examples of economic risk include payment by subjects for procedures/activities not otherwise required outside of the research context, loss of wages or other income, and any other financial costs, such as damage to a subject's employability, as a consequence of participation in the research. 

 

Legal risks
Legal risks may involve a participant’s actions or disclosures during the study that could lead to criminal or civil liability. Examples of legal risk include a participant admitting to illegal drug use, undocumented status, or disclosing criminal activity during an interview. It could also include a participant’s disclosure of illegal activities by others. 
Loss of Confidentiality
A loss of confidentiality in research occurs when a participant's private, identifiable information is mishandled, disclosed, and/or accessed without their authorization. Confidentiality breaches can erode participant trust and can cause tangible harm, such as social stigma, legal repercussions, or discrimination in employment and insurance. Loss of confidentiality may occur due to data security breaches, human error, cyberattacks, and/or improper data sharing. Examples include lost or stolen laptops, unsecured data inappropriately accessed, sending data to the wrong recipient, and/or leaving documents in an unsecured area.  

Mitigating Risk

Mitigating risks in human subject research requires a combination of robust study design, stringent privacy and data confidentiality practices, continuous informed consent, and active participant monitoring. Researchers should conduct comprehensive risk assessments, implement strict safety and confidentiality protocols, maintain transparent informed consent procedures, and provide continuous oversight throughout the study.  

Key Strategies

  1. Study Design and Procedures

When designing the study and planning the activities that participants will do during the research, researchers should consider ways to minimize risks by using procedures that are consistent with sound research design and that do not unnecessarily expose participants/subjects to risk. Researchers should also build in check points and other safeguards where possible.

  • Minimize invasive procedures: When possible, substitute invasive measures with less intrusive alternatives (e.g., using existing medical records, or drawing blood via a pre-inserted IV rather than multiple needle sticks). 
  • Pre-screening: Exclude individuals for whom the research intervention/activities pose an unacceptably high risk. 
  • Safety nets: Ensure qualified medical or psychological personnel are on standby to handle emergencies and provide participants with access to mental health resources or counseling if needed.  

  1. Privacy and Data Confidentiality

    Researchers are responsible for protecting the identities of subjects and the confidentiality of their data. This involves collecting only essential personal information, implementing strong data encryption and secure storage, and coding data as early as possible.   

    • Research Setting: Informed consent procedures and research procedures should take place in a private location whenever possible. Researchers should encourage participants who participate in virtual activities to use a private location. Researchers should disclose any limitations to privacy during the informed consent process.  
    • De-identification: Code identifiable data and biospecimens early. Store master key codes separately and securely. When the key to the code that links identifiers back to the coded data is no longer needed, destroy it.  
    • Data security: Use encrypted platforms, secure servers, and restricted access protocols (e.g., password protection, role-based access) to store sensitive personal information. See the following UO sources for more information: 
    • Certificates of Confidentiality: Studies that contain sensitive identifiable data and are funded by the National Institutes of Health (NIH) automatically receive certificates of confidentiality. When data is particularly sensitive in research not funded by the NIH, researchers can apply to NIH for certificates to legally protect sensitive research data (such as information on illegal behaviors or substance use) from being subpoenaed. Note: there may limitations to certificates of confidentiality.

  2. Informed Consent

    A cornerstone of human subject protection is ensuring participation is strictly voluntary and based on full understanding. Researchers must provide potential subjects with a clear, accurate, transparent, and comprehensive explanation of the study's activities, the associated risks, and their right to withdraw at any time without penalty. 

    • Clear communication: Avoid complex clinical or academic jargon. Ensure participants understand the study's purpose, risks, benefits, and their right to withdraw at any time without penalty. 
    • Comprehensive explanation: For non-exempt research, the consent discussion and associated documentation must contain specific elements and details. Regardless of the review level for the study, the consent should provide potential participants with the information they need to make an informed decision about participation. See the UO website on informed consent which contains templates and additional guidance.  
    • Ongoing consent: Continuously check in with participants throughout studies which have multiple study visits to ensure their understanding of the research and their ongoing willingness to participate. If participants are minors when they join the study and turn 18 while the study is still ongoing, researchers will need to consent those minors as adults before continuing study participation.   

  3. Continuous Monitoring and Oversight

    For studies that are greater than minimal risk, an ongoing monitoring plan is required to ensure participant safety throughout the study. Some funding agencies also require a formal monitoring plan. It is also a best practice for a monitoring plan to be established for all types of research. If any unanticipated problems, non-compliance events, subject complaints, or new risks emerge during the research, researchers must notify the Institutional Review Board (IRB) and relevant oversight bodies. See the UO website on how to Report New Information for more details.   

    • Data and Safety Monitoring Plans (DSMPs): Establish a structured plan to review safety monitoring practices and any events as they occur. When an independent monitor or a DSMB will be utilized to further review the study for safety, this should be explained in the plan.  
    • Data and Safety Monitoring Boards (DSMBs): For higher-risk studies, utilize an independent committee to periodically evaluate study data, monitor participant safety, and recommend trial modifications or halts if necessary.  

  4. Training and Qualification

    • Investigator competence: RCS and the IRB must ensure all research team members possess the appropriate expertise and have completed any relevant training required to conduct the research activities safely. 
    • Ethics certifications: Research team members are required to complete human subject protections training (such as CITI training) prior to interacting with subjects. See the UO Required Training website and the CITI section of our Frequently Asked Questions page for more information.