Home / Help for Researchers and Study Personnel / Confidentiality

Help for Researchers and Study Personnel

Confidentiality

Robert Hood

08/27/2008 12:54 pm

Help for Researchers: Confidentiality protections

Confidentiality	Information and Examples
General considerations	Confidentiality refers to maintenance of the investigator's agreement with the participant about how the participant's identifiable private information will be handled, managed, and disseminated. As used here, confidentiality refers to how a participants data will be managed and used. Data include paper or electronic databases, video tapes, audio recordings, registries, and other records involving individually identifiable information. (Even though the HIPAA Privacy Rule refers to "privacy," much of its focus is on records such as medical records; protection of such records is referred to here as protections of confidentiality). Privacy refers to persons and their interest in controlling the access of others to themselves. Investigators have obligations to protect confidentiality, including after the research is complete: Describe how will the data be collected, stored, used and shared. What kind of data--include specific descriptions (include a list of database fields, when conducting research involving secondary analysis of existing datasets). How will the data be collected--via paper forms, or electronic forms over the internet, or by phone? Where will the data be stored--in locked cabinets, or on encrypted hard drives behind locked doors? With whom will data be shared? If you think you might want to share data in the future, have you included a request for permission for future use and sharing with others in the informed consent? If the data may be inspected by government agencies, like the FDA, have you included that information in the consent process? Describe how the data is protected. For example, data might be protected through through encryption, limitations on who can access, legal agreements such as data use agreements, and physical security like storing data behind locked doors and in locked cabinets). Investigators should be particularly cognizant about protections for confidentiality when using laptops or when using removable media such as USB drives to transport data Is there significant risk of harm to participants (like criminal penalties) if the data were released? When research involves the collection of data that, as a result of forced disclosure could harm participants, then investigators may need to secure a Certificate of Confidentiality Investigators must follow DOH policies on Information Security when engaged in research at the Department Sometimes the only identifier linking a participant and the data (like in a survey) is the written informed consent document. If so, is an alteration or waiver of consent indicated to protect confidentiality? Certificates of Confidentiality are a mechanism for protecting confidentiality against forced disclosures (such as a subpoena or discovery as part of litigation). If investigators collect information that, if disclosed, could have adverse consequences for subjects or damage their financial standing, employability, insurability, or reputation, then Investigators can request a Certificate of Confidentiality from the National Institutes of Health. For example, in a federally-funded study of HIV in IV drug users, or prostitutes, where forced disclosure of information could result in harms to participants, investigators can request a Certificate of Confidentiality. However, NIH is not required to grant a Certificate. The IRB may require the investigator secure a Certificate of Confidentiality, or demonstrate an application for a Certificate was rejected as a Condition of IRB approval
Required Determinations by the IRB	The IRB is required to determine there are adequate provisions to maintain the confidentiality of identifiable data.
Accreditation Element	Element II.6.B: The Research Review Unit has written policies and procedures to evaluate proposed arrangements for protecting the confidentiality of identifiable data, when appropriate, during and after the conclusion of the investigation.
DOH policies	Including but not limited to: DOHP-400-2.5 Certificates of Confidentiality DOHP-400-4.4 Expedited Review DOHP-400-4.5 Full Committee Review
Regulations	45 CFR §46.111(a)(7), 21 CFR §56.111(a)(7)
Guidance	Certificates of Confidentiality Kiosk
References	Evaluation Instrument for Accreditation, Association for Accreditation of Human Research Protection Program