Recent projects conducted by the International Cancer Genome Consortium (ICGC) have raised the important issue of distinguishing quality assurance (QA) activities from research in the context of genomics. Research was historically defined as a systematic effort to expand a shared body of knowledge, whereas QA was defined as an effort to ascertain whether a specific project met desired standards. However, the two categories increasingly overlap due to advances in bioinformatics and the shift toward open science. As few ethics review policies take these changes into account, it is often difficult to determine the appropriate level of review. Mislabeling can result in unnecessary burdens for the investigators or, conversely, in underestimation of the risks to participants. Therefore, it is important to develop a consistent method of selecting the review process for genomics and bioinformatics projects. This paper begins by discussing two case studies from the ICGC, followed by a literature review on the distinction between QA and research and a comparative analysis of ethics review policies from Canada, the United States, the United Kingdom, and Australia. These results are synthesized into a novel two-step decision tool for researchers and policymakers, which uses traditional criteria to sort clearly defined activities while requiring the use of actual risk levels to decide more complex cases.