Confidentiality and Privacy (Cont.)

What are the major techniques for protecting confidentiality?

The following techniques for assuring confidentiality are listed on a continuum according to the degree of prospective harm that may occur.

• Substitute codes for personal identifiers and to store the key in a different, secure location.
• Remove the face sheet, which typically contains personal identifying information such as name, telephone, address.
• Data with personal identifiers should be kept in locked files, and access should be controlled by the researchers with specified procedures.
• Researchers should be educated in the importance of confidentiality and the potential risks of harm to subjects. In situations of serious risk researchers should be asked to sign confidentiality agreements.
• Access to the data can be controlled electronically, perhaps by storing very sensitive data on computers not attached to a network where hackers could penetrate the files. Electronic files can be protected with key-words, and portable computers should be appropriately secured.
• The data can be manipulated electronically, for example by encrypting data files. The data can also be recoded to eliminate identifiers by collapsing it into categories.
• Research involving many data files on the same person can use anonymous linkage systems.
• CERTIFICATES OF CONFIDENTIALITY: If research is contemplated on a topic which is likely to be subject to legal proceedings, the federal government can issue a "Certificate of Confidentiality" which shields the data from required disclosure by the researcher. The Secretary of DHHS has the authority to: authorize persons engaged in biomedical, behavioral, clinical, or other research (including research on mental health, including research on the use and effect of alcohol and other psychoactive drugs), to protect the privacy of individuals who are the subject of such research by withholding from all persons not connected with the conduct of such research the names or other identifying characteristics of such individuals. Persons so authorized to protect the privacy of such individuals may not be compelled in any federal, state, or local civil, criminal, administrative, legislative, or other proceedings to identify such individuals (42 U.S.C. 242a(b)(1989)).
  • Information on certificates of confidentiality is available at the National Institute of Health and at the Office for Human Research Protections
  • For contact information click here
  • Note that certificates are available from DHHS irrespective of the source or even the existence of funding for the project.