Home > Submissions to the IRB > Analysis of Existing Data

Analysis of Existing Data

Researchers often analyze data that they did not collect. Existing data may be data sets, but may also be interview notes or audio- or video-tapes.

Existing data may have been collected for research purposes or non-research purposes, such as driver's license information or school records.

Sometimes, data providers require researchers enter into a data use agreement or provide other assurances, such as a confidentiality pledge, before they give data to a researcher. If the data supplier requires a data use agreement two things must happen:

  1. Fully executed agreements (as defined below), as well as copies of signed confidentiality pledges must be submitted to the IRB* before the protocol can be approved.
  2. Duke’s Information Security Technology Office (ITSO) must review the agreement to ensure that the department or unit receiving the data has sufficient resources to put into place data protection procedures stipulated in the agreements. The IRB* will send copies of the agreements to ITSO. (ITSO’s charge to review agreements is part of Duke initiative focusing on data security.)

Important: If data are provided to researchers without identifiers, the proposed research does not meet the definition of research with human subjects.

If the data are identifiable there is only one protocol application form, regardless of the type of review that will be used.

Federal Guidance Defining Identifiers

Identifiers include, but are not limited to names, addresses, phone number, social security numbers, geocodes, and images (but not voices).

Federal guidance addresses the question: "Are data ‘identifiable' if they include identification codes that could link the data to individuals?" The answer is "yes," unless the researcher and the data provider have a formal agreement stating that the key linking codes with the individual identifiers will never be provided to the researcher.


If data were collected for research purposes, the original agreement with the subjects must have included permission for identifiable data to be shared with other researchers.


An IRB* staff member will pre-review the protocol and determine what kind of review is needed.

Exempt, Expedited, or Full Review?

Protocols for research analyzing existing data can be exempt if identifiable data are publicly available or if the researcher strips any identifiers upon receipt of the data.

Protocols can be expedited if the only risk is a breach of confidentiality and adequate confidentiality procedures are in place.

Protocols generally require full review only when it is a requirement of the data provider.

Data Use Agreements

A fully-executed data use agreement is one signed by the data supplier and by a Duke institutional official.

The institutional officials who may sign the agreements are the Director of the Office of Research Support (ORS*), Keith Hurka-Owen, or one of his designated assistant directors. The agreements are between Duke and the data provider; therefore, researchers may not sign on behalf of the university. Data use agreements sent to you should be forwarded to an IRB* staff member who will then forward them to ORS*.

Other Data Assurances

Confidentiality pledges and data destruction agreements may be signed by researchers and do not need an institutional signature.

Anticipated Approval Time

It depends upon the type of review that will be required.

About Us | Related Offices | Duke University

© Office of Research Support, Duke University 2003-2013