Presentation is loading. Please wait.

Presentation is loading. Please wait.

Certificates of Confidentiality

Published bySibyl Patterson Modified over 6 years ago

Similar presentations

Presentation on theme: "Certificates of Confidentiality"— Presentation transcript:

1 Certificates of Confidentiality
Emory IRB Webinar 2/9/2017

2 Objectives Review the need for confidentiality protection
Cover definitions and basic protections provided by a Certificate of Confidentiality – and what it does not protect Outline steps for Obtaining a Certificate of Confidentiality IRB Requirements for approval of a Certificate of Confidentiality

3 Key Concepts: Privacy v. Confidentiality
Privacy is a sphere of protection surrounding a person and his/her property or information, in which s/he can be let alone, without unwarranted interference or intrusion Confidentiality is the limited scope in which a person’s private information is shared with others Breach of confidentiality happens when a person’s private information is taken outside the scope of confidentiality by someone else (intentionally or not, with resulting harm or not)

4 Privacy, Confidentiality and the Belmont Report
Respect for persons (autonomy) Researchers actively protect subject’s privacy Comply with all applicable rules and laws, including HIPAA Researchers don’t breach confidentiality of subject’s private info Use appropriate data security measures

5 How to Describe Risks of Breach of Confidentiality
Honestly E.g., “no known risk,” “remote” or “slight” risk Avoid “no risk” Give statistical risk if available Specify data security measures E.g., locked file, encryption, stripped of identifiers (name, address, SSN, date of birth) at what point, electronic technical protections, who will have access to personal identifiers

6 Certificate of Confidentiality
What is it? A legally effective form of protection permitting a PI and/or institution under subpoena not to identify subjects in the research study Whom does it “cover”? The PI and/or institution, not the subject But the subject benefits from preservation of confidentiality

7 Certificate of Confidentiality
Subpoena A legally enforceable written command to appear at a certain time and place to give testimony upon a certain matter. A subpoena is served on a person (e.g., a PI).

8 CoC: Statutory Authority
Section 301(d) of the Public Health Service Act, 42 U.S.C. 241(d) Secretary of DHHS may authorize persons engaged in biomedical, behavioral, clinical and other research to protect the privacy of individuals who are the subjects of that research Authority has been delegated to the NIH NIH can grant CoC for non-NIH-funded studies as well

9 Certificate of Confidentiality
Boundaries of its protection: Date of issuance to date of expiration (but covers research data collected prior to issuance) Does not protect against PI’s voluntary disclosure Does not protect against request for disclosure without a subpoena PI can say “yes” or “no” voluntarily, unless IRB bars disclosure

10 Certificate of Confidentiality
Does not prevent subject from voluntarily disclosing private information Does not prevent mandatory reporting by PI in accordance with law Child abuse Threat of harm to self or others Reportable communicable diseases

11 Certificate of Confidentiality
Does not prevent seeker from getting same private info from other sources (e.g. medical records) Though it does protect research data that is added to the medical record NIH, FDA, IRB may still audit files and view research information

12 CoC: Requirements PI/Institution obtaining CoC must:
Disclose its existence to subjects In consent form or information sheet PI may need to recontact subjects and reconsent with new information Include a clear explanation of COC What it does, its power v. a subpoena What it doesn’t do, its limits

13 CoC: Requirements PI/Institution obtaining CoC must also:
Document IRB approval and IRB qualifications Provide a copy of the informed consent forms approved by the IRB PI and Institutional Official must sign application

14 CoC: Assurances undertaken by PI/institution
Agree to protect against compelled disclosure and to support and defend the authority of the Certificate against legal challenges Agree to comply with Federal regulations that protect human subjects Agree not to represent Certificate as endorsement of project by DHHS or NIH or use to coerce participation Agree to inform subjects about Certificate, its protections and limitations

15 CoC: Eligible Studies What kind of information is eligible for its protection? Only “sensitive” information, i.e., if disclosure could have adverse consequences for subjects or damage their: financial standing employability insurability, or reputation

16 CoC: Identifying information
“Identifying Information” is broadly defined Not just name, address, social security number, etc. Includes any item or combination of items that could lead directly or indirectly to the identification of a research participant

17 CoC: Eligible Studies Collecting genetic information
Collecting information on psychological well-being of subjects Collecting information on sexual attitudes, preferences or practices Collecting data on substance abuse or other illegal risk behaviors Studies where participants may be involved in litigation related to exposures under study (e.g., breast implants, environmental or occupational exposures)

18 COC: Non-Eligible Projects
Not research Not collecting personally identifiable information Not reviewed and approved by the IRB as required by NIH guidelines Collecting information, that if disclosed, would not significantly harm or damage the subject (e.g; Information that is already part of the medical record)

19 CoC: Does it Work? The CoC been challenged in a few cases but was ultimately upheld

20 Certificate of Confidentiality
Privileges protecting against subpoena are rare: Attorney-client Doctor-patient Marital Clergy CoC – provides high degree of protection and privilege to the PI

21 Certificate of Confidentiality
Caveat: CoC does not obviate need for data security Data security is key to protecting subjects’ private information Unauthorized persons must not be granted access to research data or learn the identities of human subjects CoC does not protect a subject from a negligent researcher

22 CoC: For more information
Go to the Certificates of Confidentiality Kiosk includes: background information and Instructions application information for extramural investigators application information of intramural investigators FAQs contact list

23 Steps to Obtain a CoC Go to the NIH’s CoC Kiosk submit your application electronically. After it is received, the NIH will provide you with a form that must be signed by the PI and the Emory Institutional Official.  Once you have the form ready to be signed, DO NOT send the form directly to the Emory Institutional Official. Instead,  the IRB analyst who is responsible for your study.  

24 Submitting CoC Request to IRB

25 Details to Include with IRB Request
The full CoC application, as an attachment, along with the “Assurances” form that needs to be signed; The nature of the sensitive data to be generated during the research study and how that data will be identifiable/linked to the subject; Whether that sensitive information also exists somewhere outside the research record (e.g. HIV diagnosis already present in subjects’ medical record - either at EHC or elsewhere - before the study begins).

26 Following CoC Approval
If you are granted a CoC for a study that has already been approved, you should submit an amendment in eIRB to do the following: Upload the approved CoC into the eIRB system under the "Miscellaneous Documents" section. Add the required language in the ICF to note the CoC 

27 CoC Timing and Consent Form
The CoC’s protections – and limitations – must be stated in the Informed Consent form once the CoC is granted, and the language is dictated by the NIH If the IRB agrees that enrollment prior to obtaining the CoC is acceptable, the IRB can approve a non-CoC version of the consent form, along with a CoC version that you can submit to the NIH with your CoC application - but which cannot be used to enroll until the CoC is granted.

28 CoC vs “Sensitive Study” Status
When a study is declared to have "sensitive status“ at Emory, steps are taken to limit the amount of information that is put into the EHC medical record. The CoC doesn't limit the information put into the record but instead it covers that information with privacy protections. 

29 21st Century Cures Act In an effort to enhance the impact of “big data” through data sharing, CoC’s will be provided to all NIH-funded scientists as part of the Act.

30 Contact the IRB Contact the QA and Education Team! Name Email Phone
Maria Davila, MD, CCRC, CIP (404) Shara Karlebach, WHNP-BC, CIP (404) Jessica Baker, BS (404) Clarissa Dupree, BS (404)

Download ppt "Certificates of Confidentiality"

Similar presentations

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Confidentiality and HIPAA

Confidentiality and HIPAA
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
RESEARCH COMPLIANCE Agenda 1. No Destruction of local research documents after scanning 2. Training for shipping biological samples/specimens 3. Regulatory.

RESEARCH COMPLIANCE Agenda 1. No Destruction of local research documents after scanning 2. Training for shipping biological samples/specimens 3. Regulatory.
Criteria For Approval 45 CFR 46.111 25 CFR 56.111 Minimized risks Reasonable risk/benefit ratio Equitable subject selection Informed consent process Informed.

Criteria For Approval 45 CFR CFR Minimized risks Reasonable risk/benefit ratio Equitable subject selection Informed consent process Informed.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA)
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Complying with Privacy to Enable Innovation & Research

Complying with Privacy to Enable Innovation & Research
Exempt Research Mary Banks BS, BSN IRB Director CRC IRB and BUMC IRB.

Exempt Research Mary Banks BS, BSN IRB Director CRC IRB and BUMC IRB.
John Naim, PhD Director Clinical Trials Research Unit

John Naim, PhD Director Clinical Trials Research Unit
CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.

CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.
Informed Consent and HIPAA Tim Noe Coordinating Center.

Informed Consent and HIPAA Tim Noe Coordinating Center.
IRB Monthly Investigator Meeting Columbia University Medical Center IRB October 11, 2005.

IRB Monthly Investigator Meeting Columbia University Medical Center IRB October 11, 2005.
Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA)
Cornell Evaluation Network The Use of Human Participants in Research Office of Research Integrity and Assurance 255-3943 ~ May 14, 2007.

Cornell Evaluation Network The Use of Human Participants in Research Office of Research Integrity and Assurance ~ May 14, 2007.
1 Developed by: U-MIC To start the presentation, click on this button in the lower right corner of your screen. The presentation will begin after the.

1 Developed by: U-MIC To start the presentation, click on this button in the lower right corner of your screen. The presentation will begin after the.

Similar presentations

Ads by Google