Presentation is loading. Please wait.

Presentation is loading. Please wait.

What is a Certificate of Confidentiality?

Published byShannon McDaniel Modified over 6 years ago

Similar presentations

Presentation on theme: "What is a Certificate of Confidentiality?"— Presentation transcript:

1 What is a Certificate of Confidentiality?
Certificates of Confidentiality (CoCs) protect identifiable research information from forced disclosure. They allow the investigator and others who have access to research records to refuse to disclose identifying information on research participants in any civil, criminal, administrative, legislative, or other proceeding, whether at the federal, state, or local level. By protecting researchers and institutions from being compelled to disclose information that would identify research subjects, Certificates of Confidentiality help achieve the research objectives and promote participation in studies by helping assure confidentiality and privacy to participants.

2 Why the need for Certificates of Confidentiality?
Congress initially enacted legislation in 1970 to help protect the confidentiality of individuals participating in research on drug abuse and treatment. Some police departments were attempting to force researchers to turn over information about participants in research projects studying drug addiction and treatment. The statute (currently codified in the Public Health Service Act at 42 USC §241(d)) has been broadened over the years to include biomedical, behavioral, clinical and other forms of research.

3 Why the need for Certificates of Confidentiality?
In 2010, the Virginia state attorney general subpoenaed research data from a prominent climate researcher, formerly with the Univ. of Virginia, following release of s concerning data on global warming, to determine whether the professor “violated Virginia’s fraud laws in seeking state funding for [the] research.” Arizona’s Superintendent of Public Instruction sought data from university researchers who conducted research on education of English-language learners in Arizona. The Superintendent sought to use the data to challenge conclusions by the researchers who were acting as expert witnesses in a federal lawsuit concerning the state’s approach to ELL education.

4 Why the need for Certificates of Confidentiality?
In August 2011, the U.S. Justice Department, acting under a mutual-legal-assistance treaty, subpoenaed all the Belfast Project records on behalf of Britain. The Belfast Project collected oral histories from participants in the Troubles (Northern Ireland's sectarian conflict). Boston College holds the project's tapes and transcripts. Participants were guaranteed confidentiality in the oral history project were guaranteed confidentiality. The college tried to have the subpoena quashed – in July 2013, a federal appeals court ruled that the college must hand over 11 out of 85 records subpoenaed by the U.S. government on behalf of British authorities.

5 Other federal statutes pertaining to data confidentiality
Some federal agencies have different processes for protecting confidentiality of sensitive information, particularly DOJ and AHRQ. DOJ requires a Privacy Certificate. AHRQ has a statute protecting all identifiable information (42 U.S.C. § 299c-3(c)). If you are doing research funded by the U.S. Department of Justice or by AHRQ, you should follow the policies and procedures of those agencies with respect to protection of sensitive data.

6 Who Issues Certificates of Confidentiality?
Various components of HHS have authority to issue CoCs. NIH, CDC, HRSA, and SAMHSA can issue CoCs for research that they fund; FDA is authorized to issue CoCs for studies with an IND/ IDE that do not have other DHHS funding. NIH is authorized to issue CoCs for sensitive research that is not federally funded, at its discretion, if the research is related to the NIH/DHHS mission. At NIH, issuance of CoCs has been delegated to the individual NIH Institutes and Centers. The NIH Institutes & Centers collectively issue approximately 1,000 new CoCs each year. HHS components are NOT required to issue a CoC for any particular research project – it is within the discretion of the reviewing agency whether to issue a CoC.

7 Identifying Information
Broadly defined – not just name, address, SSN Identifying characteristics include things such as: name, address, social security or other identifying number, fingerprints, voiceprints, photographs, genetic information or tissue samples, or any other item or combination of data about a research participant which could reasonably lead, directly or indirectly by reference to other information, to identification of that research subject.

8 Eligibility for a CoC Collecting identifiable information
Approved by an IRB Disclosure could have adverse consequences for subjects or damage subjects’ financial standing, employability, insurability, or reputation Federal funding NOT required -- a CoC can be awarded whether or not a research project is federally funded.

9 Examples of sensitive research
Sensitive information includes (but is not limited to) information relating to: sexual attitudes, preferences, or practices; information relating to the use of alcohol, drugs, or other addictive products; information pertaining to illegal conduct; information that, if released, might be damaging to an individual's financial standing, employability, or reputation within the community or might lead to social stigmatization or discrimination; information pertaining to an individual's psychological well-being or mental health; and genetic information or tissue samples.

10 What types of projects are not eligible for a CoC?
Studies that are NOT eligible for a COC would include projects that are: not research based, not approved by an IRB, not collecting sensitive information or information that, if released publicly, might harm the research participants, not collecting personally identifiable information, or not involving a subject matter that is within a mission area of the U.S. Department of Health & Human Services.

11 Application requirements
The PI and the Institutional Official must both sign an application for a CoC. Students and pre/post-doctoral fellows can apply for a CoC (there are some additional application requirements for such research projects) Must have proof of IRB approval Consent form needs to include appropriate language discussing the protections of a CoC and exceptions to those protections. As of April 2015, NIH has an electronic application process for all CoC applications submitted to NIH. NIH states that the application for a CoC should be submitted at least three months prior to the date on which enrollment of research subjects is expected to begin.

12 Data collected outside the United States
If data will be collected in a foreign country, a research project can still qualify for a CoC if the data are maintained within the United States. If the data are maintained only in the foreign country, a Certificate of Confidentiality would not be effective.

13 How long does a Certificate of Confidentiality’s protection last?
Individuals who participate as research subjects (i.e., about whom the investigator maintains identifying information) in the specified research project during any time the CoC is in effect are protected permanently- even if the subject gave the researcher data before the CoC is issued. A certificate is in effect from the date of issue by NIH or another DHHS agency.  Prior to this, subjects who are enrolled would not have the CoC protection.  However, once the CoC is issued, all subjects subsequently enrolled, as well as identifiable info the researchers have on previously enrolled subjects, are protected and would be protected permanently.  If a CoC expires and subjects are enrolled after this expiration, those subjects would not be protected.

14 What types of disclosures are not protected by a CoC?
Voluntary disclosure of information by study participants themselves or any disclosure that the study participant has consented to in writing, such as to insurers, employers, or other third parties; Voluntary disclosure by the researcher of information on such things as child abuse, reportable communicable diseases, possible threat to self or others, or other voluntary disclosures provided that such disclosures are spelled out in the informed consent form; Voluntary compliance by the researcher with reporting requirements of state laws, such as knowledge of communicable disease, provided such intention to report is specified in the informed consent form; or Release of information by researchers to DHHS as required for program evaluation or audits of research records or to the FDA as required under the federal Food, Drug, and Cosmetic Act.

15 CoCs and Informed Consent
Research subjects must be told in the consent form about the protections afforded by the CoC and any exceptions to that protection. Researchers should also review the language about confidentiality and data security that is routinely included in consent forms to be certain that it is consistent with the protections of the Certificate of Confidentiality. Sample informed consent language discussing the protections and limits of CoCs is available on the NIH website at

16 CoCs and Mandatory Reporting laws
There is a tension between the protections for participant data confidentiality offered by the CoC statute and state laws that require mandatory reporting of abuse and neglect. For projects that will be obtaining a CoC, federal agencies prefer that the consent form not include language saying that the researchers “must” or “are required to” report abuse/neglect under state laws. Rather, the consent should say that the research team will voluntarily disclose such information to the appropriate authorities.

17 Where can I get more help with CoCs?
If you are unsure about which NIH component is most appropriate for your research topic, you can contact the NIH CoC Central Coordinator at The NIH Certificates of Confidentiality Kiosk at The SBS IRB website contains guidance about Certificates of Confidentiality at

18 Privacy Certificates for DOJ-funded Research
Research funded by the National Institute of Justice (the research arm of the U.S. Department of Justice) must obtain a Privacy Certificate. NIJ does not issue or accept Certificates of Confidentiality issued by NIH or other agencies. The NIJ human subjects regulations are at 28 CFR Part 46.

19 Privacy Certificates and Mandatory Reporting Laws
Current or past abuse is NOT reportable, unless a separate consent to allow reporting is obtained from the research subject -- this is in addition to a consent to participate in the research study. (Note, this is DIFFERENT than for Certificates of Confidentiality.) For more information, see NIJ’s website at

20 An Important Reminder Certificates of Confidentiality do not take the place of good data security or clear policies and procedures for data protection, which are essential to the protection of research participants' privacy.

Download ppt "What is a Certificate of Confidentiality?"

Similar presentations

National Forum on Education Statistics sponsored by the National Cooperative Education Statistics System and the National Center for Education Statistics.

National Forum on Education Statistics sponsored by the National Cooperative Education Statistics System and the National Center for Education Statistics.
FERPA: Family Educational Rights and Privacy Act

FERPA: Family Educational Rights and Privacy Act
The Family Educational Rights & Privacy Act (FERPA) & other statutes related to student information.

The Family Educational Rights & Privacy Act (FERPA) & other statutes related to student information.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
FERPA: WHAT YOU SHOULD KNOW ILASFAA April 18, 2008 Amy Perrin Director of Financial Aid Elgin Community College.

FERPA: WHAT YOU SHOULD KNOW ILASFAA April 18, 2008 Amy Perrin Director of Financial Aid Elgin Community College.
Family Educational Rights and Privacy Act What you need to know...

Family Educational Rights and Privacy Act What you need to know...
FERPA: Family Educational Rights and Privacy Act.

FERPA: Family Educational Rights and Privacy Act.
School Based Research: The Family Education Rights and Privacy Act (FERPA) & The Protection of Pupil Rights Amendment (PPRA) IRB C Member Presentation.

School Based Research: The Family Education Rights and Privacy Act (FERPA) & The Protection of Pupil Rights Amendment (PPRA) IRB C Member Presentation.
FERPA and IRB: Implications for Testing Centers Judith W. Grant, Ph.D.,CIP NCTA Conference San Antonio, Texas August 6, 2009.

FERPA and IRB: Implications for Testing Centers Judith W. Grant, Ph.D.,CIP NCTA Conference San Antonio, Texas August 6, 2009.
Code of Federal Regulations Title 42, Chapter 1, Subchapter A Part 2 – CONFIDENTIALITY OF ALCOHOL AND DRUG ABUSE PATIENTS BRYANT D. MILLER CAC II, MAC,

Code of Federal Regulations Title 42, Chapter 1, Subchapter A Part 2 – CONFIDENTIALITY OF ALCOHOL AND DRUG ABUSE PATIENTS BRYANT D. MILLER CAC II, MAC,
2/16/2010 The Family Educational Records and Privacy Act.

2/16/2010 The Family Educational Records and Privacy Act.
 Federal regulations specify “engagement” at the institutional level  Cornell has a Federalwide Assurance specifying its commitment to comply with regulations.

 Federal regulations specify “engagement” at the institutional level  Cornell has a Federalwide Assurance specifying its commitment to comply with regulations.
CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.

CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.
IRB Monthly Investigator Meeting Columbia University Medical Center IRB October 11, 2005.

IRB Monthly Investigator Meeting Columbia University Medical Center IRB October 11, 2005.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
Office of Safe and Drug-Free Schools Advisory Committee Meeting February 21, 2007.

Office of Safe and Drug-Free Schools Advisory Committee Meeting February 21, 2007.
8/28/2015 The Family Educational Rights and Privacy Act (FERPA)  Also known as the Buckley Amendment.  Statute: 20 U.S.C. 1232g; Regulations: 34 CFR.

8/28/2015 The Family Educational Rights and Privacy Act (FERPA)  Also known as the Buckley Amendment.  Statute: 20 U.S.C. 1232g; Regulations: 34 CFR.
The Family Educational Rights and Privacy Act of 1974 February, 2014 Presented by Daniel Cordas Employee Services, Seattle Community Colleges.

The Family Educational Rights and Privacy Act of 1974 February, 2014 Presented by Daniel Cordas Employee Services, Seattle Community Colleges.
1 Developed by: U-MIC To start the presentation, click on this button in the lower right corner of your screen. The presentation will begin after the.

1 Developed by: U-MIC To start the presentation, click on this button in the lower right corner of your screen. The presentation will begin after the.

Similar presentations

Ads by Google