inewsource has uncovered another example of UC San Diego not telling vulnerable research subjects that their private information was exposed and that the university’s mistake may have put them at risk.
The privacy breach involves California prison inmates who were part of a UCSD behavioral study. Their taped conversations, including comments criticizing prison guards, were wrongly shared with the officers.
The study, which examined the effects of art on incarcerated men, was ultimately terminated in 2018 following that “intentional breach of trust,” according to records obtained by inewsource.
A UCSD institutional review board that ensures the safety of research participants wanted to alert the prisoners after learning about the breach and provide them with outside legal counsel, but University of California attorneys said no.
Risky Research
This investigation is part of inewsource’s Risky Research series, which examines shortcomings in the system meant to protect research participants.
Jackie Carr, a UCSD Health spokesperson, said, “discussions did occur about the possibility of notifications to the prisoners through attorneys.
“However, it was determined that this method would have been an improper use of attorney-client privilege and impractical in light of the prison rules around monitoring prisoner correspondence,” Carr said.
Last year, inewsource reported a similar instance of university legal counsel stonewalling attempts to notify women in an HIV research study that their confidential data was breached.
In both cases, the legal advice trumped the opinions of the independent research oversight board.
At inewsource’s request, Dr. Michael Carome, a former associate director at the U.S. Office for Human Research Protections, reviewed UCSD’s documents detailing the breach involving the prisoners. He said the university’s response suggests “an institution seeking to protect itself by minimizing the significance” of its research violations.
“Such a defensive posture in which an institution is more interested in protecting its reputation rather than protecting the rights and welfare of human subjects is all too common,” Carome said.
A history of prisoner abuses
Using prisoners as research subjects has seen “large-scale successes” since World War II, according to a government report. The Food and Drug Administration estimated that by 1972 more than 90% of all drugs in the U.S. were first tested on prisoners.
The opportunity for inmates, who are disproportionately affected by disease, substance abuse and psychiatric disorders, to access potential top-notch medical care is a long-standing argument for continuing that American tradition.
But the opportunity for coercion, ethical lapses and abuse was an argument for creating a regulatory framework to safeguard those populations.
Prisoners have suffered egregious research abuses over the past century. Animal glands were grafted onto inmates’ testes at San Quentin State Prison in the 1920s, an Ohio penitentiary injected healthy prisoners with cancer cells and the CIA conducted hallucinogenic mind control experiments on incarcerated people in the 1950s and ‘60s.
“The most egregious violations that have been recorded of research with human subjects have actually occurred with prisoners,” said David Lovell, a retired researcher with the California Board of State and Community Corrections.
These past atrocities prompted U.S. agencies to grant special protections to research participants who are under court-ordered confinement. That includes prisoners, inpatients at substance abuse programs or mental health care facilities, and others with restricted freedoms.
These people are not considered vulnerable because they’re at higher risk of being harmed by a study. They’re vulnerable because their ability to freely consent to research is problematic. A prisoner may join a study because it could look good to a judge or may feel that declining could reflect poorly during a parole hearing.
The Federal Bureau of Prisons banned biomedical experimentation and several other kinds of research on its inmates in the late 1990s. California criminalized much of that research in 2017, barring some caveats.
But the study of human motivations, activities, psychological processes and interactions is still allowed.
That’s called behavioral research — the kind that Laura Pecenco, a doctoral candidate in UCSD’s sociology program, wanted to pursue at California prisons.
An ‘egregious breach’
Pecenco hoped to examine how “men in a hypermasculine environment” broke gender boundaries through art, according to her 2012 study plan.
In an interview with KPBS in 2014, Pecenco spoke about the innumerable benefits art had on inmates: increased motivation, more self-confidence, lasting behavioral changes.
Her team started at the Richard J. Donovan state prison in Otay Mesa by conducting taped interviews with inmates who voluntarily took part in the study.
In June 2015, she got approval to expand the study to include 13 other state prisons.
One of them was the Substance Abuse Training Facility at Corcoran State Prison in central California.
Pecenco later told UCSD’s review board that in April 2017, when the researchers were on their way to conduct interviews with Corcoran inmates, the prison’s “security squad” — correctional officers who conduct investigations in the prison — got involved.
The officers called to say they would be sitting in on the focus groups. A researcher on Pecenco’s team said no. The officers then said they’d be open to listening to the audio recordings after the interview. That request was agreed to for fear the team would lose access to the inmates.
“We mistakenly said OK, which we shouldn’t have done,” said Jack Bowers, part of the study team and a senior arts mentor at the nonprofit William James Association. Bowers told inewsource the researchers didn’t realize they had violated the study protocol until discussing it later with the team.
Listening to the tapes, the officers heard disparaging talk about the prison guards.
“So you see fights here and you see the cops are like ‘get ‘em, get ‘em,’” one inmate told the researchers. “These are the guys who are supposed to be responsible for watching us and they want to see us get hurt.”
Another said, “In prison, we hear a lot from guards, staff, everybody else, that we are pieces of crap, we're worthless, we're nothing.”
The security squad asked the study team to remove those statements and the researchers complied.
All of that was done without approval from the prisoners or UCSD. It wasn’t disclosed to the university review board for nearly two months — and UCSD never told the prisoners.
“There was nothing really damning in the conversation that could have created problems for the prisoners,” Bowers told inewsource.
Asked about the specific statements involving the guards, he said, “Every prisoner in the department of corrections is going to say they don’t like the staff.”
But Carome, the research oversight expert, said, “That was an egregious breach of confidentiality that shouldn’t have happened.”
The university board suspended the research and requested the prisoners “be provided with outside, legal representation,” according to its meeting minutes. It also recommended a plan to disclose the breach to the study participants.
In September 2017, nearly five months after being alerted to the violation, the board said it was “very concerned that too much time has passed for the affected prisoners, and request that this be handled in a timely manner."
The board’s guidance to Pecenco was nearly identical to what it would recommend a year later during a privacy breach involving HIV-positive women. Both times board members asked researchers to come up with a plan for alerting the subjects, and both times they grew more concerned as time passed and the letter wasn’t sent.
Pecenco told the board no prisoner names were shared with the guards, who she said assured her no prisoner “would face any repercussions whatsoever from having the tapes listened to.”
She initially agreed to speak with inewsource about the breach but stopped responding to emails and phone calls.
UCSD confirmed the events with inewsource in an email that said, “The recording did not contain first or last names or other personal descriptors of the participants. There was no ‘data breach.’”
Carome disagrees.
“The claim that there was no data breach is ridiculous,” he said.
“The prison staff who were granted access to the recordings of the focus group would have known which prisoners participated in the focus group and potentially could have recognized the prisoners who were speaking by the sound of their voices.”
Documents show the university review board was baffled by what Pecenco did next: She drafted a letter to inmates about the breach and shared it with the warden at Corcoran — again, without UCSD approval.
“The Committee notes that the text had not been approved for use, and should not have been shared with anyone outside of UC legal counsel and UCSD,” the board wrote.
Pecenco’s letter didn’t address the prisoners’ rights and welfare, didn’t alert them to potential harms that could arise from the breach, and “on a technical point,” didn't include her name or mention UCSD in the letter.
The California Committee for the Protection of Human Subjects, a statewide research oversight board, wasn’t notified about the events at Corcoran for 11 months. The committee’s policy states Pecenco should have notified the agency within 48 hours.
Upon learning about the breach, the agency immediately terminated Pecenco’s project in February 2018. The researcher later told the UCSD review board that the termination prompted her team to destroy all personally identifiable data from the project, and therefore she had no way to contact the subjects as the board had suggested over the past two years.
In an email to inewsource, UCSD said it notified “one collaborating organization” about the research suspension but “did not need to notify any other outside organization.”
The last documented discussion about the breach inewsource could find was from UCSD review board minutes from February 2019. Pecenco wrote: “Our entire research team again apologizes for our error. We are deeply saddened to have to terminate this project.”
