Transcript Privacy and Confidentiality - Tehran University of Medical

Privacy and
Confidentiality
Definitions


Privacy - having control over the extent,
timing, and circumstances of sharing
oneself (physically, behaviorally, or
intellectually) with others.
Confidentiality - methods used to
ensure that information obtained by
researchers about their subjects is not
improperly divulged.
Regulations
46.102(f) Human subject means a living
individual about whom an investigator…
conducting research obtains
(1) data through intervention or
interaction with the individual,
or
(2) identifiable private information.
Regulations


Private information - information which has
been provided for specific purposes by an
individual and which the individual can
reasonably expect will not be made public (for
example, a medical record).
Identifiable information – information where
the identity of the subject is or may readily be
ascertained by the investigator or associated
with the information.
Privacy
Concerns about privacy may arise in
several different contexts:
 Observation of behavior
 Obtaining identifiable private information
from:
– Records
– Other individuals
Observational Studies


Most observational research, except
that involving children and minors, is
exempt from federal regulations unless
the information is identified and
sensitive
Not all behavior in public is public
behavior if subjects have a reasonable
expectation of privacy
Use of Records

The use of unidentifiable data is not human
subjects research and does not usually
require IRB approval.
– Unidentifiable means that the investigator has no
access to identifiers
– Adequate procedures must be in place to protect
access to identifiers at the source
– Name and SS numbers are not the only identifiers
– Accessing data may still be considered an
invasion of privacy since subjects do not expect
their data to be used for research purposes
Use of Records

Delinked data, where the investigator
removes the identifiers, is human
subjects research but may exempt from
the requirements of 45 CFR 46.
– Investigator does not determine whether
research is eligible for exemption
– In order to be eligible, the procedures for
delinking must be sufficient to prevent
identification of subjects
Use of Records

Research utilizing records that is not
exempt, not more than minimal risk and
is included in the list of eligible
categories of research may be eligible
for expedited review.
Use of Records

IRBs may waive some or all of the
requirements for informed consent if:
– The research is no more than minimal risk
– The waiver does not adversely affect the
rights and welfare of subjects
– It is impracticable to carry out the research
without the waiver
– Where appropriate, subjects will be
debriefed
Use of Records

The IRB may waive the requirement for
written documentation of consent in cases
where the research presents
– no more than minimal risk; and
– involves procedures that do not require
written consent when performed outside of
a research setting.
Use of Records
Data repository
 Under oversight of an IRB
 IRB approves protocol specifying
conditions under which data is accepted
and released
 Repository should have a Certificate of
Confidentiality if the data presents legal
liabilities
Use of Records


All data should be collected under an
IRB approved protocol
Subjects must be informed that the data
will be submitted to the repository, the
types of research the data will be used
for, the conditions under which it will be
released, and procedures for protecting
their privacy and confidentiality.
Information Obtained from
Others

Anyone about whom an investigator
obtains identifiable private information is
a human subject, regardless of how the
information is obtained
Confidentiality

Confidentiality and anonymity are not
the same
– Anonymous means no one, anywhere,
ever can identify individual subjects


Names are not the only identifiers
Subjects’ participation in the research
may need to be kept confidential as well
as their data
Confidentiality

Methods to protect confidentiality:
• substituting codes for identifiers
• removing face sheets
• properly disposing of papers with identifying
data
• limiting access to identified data
• impressing on the research staff the importance
of confidentiality
• storing research records in locked cabinets.
Confidentiality

More elaborate procedures may be
necessary for studies in which data are
collected on sensitive matters such as
sexual behavior or criminal activities.

Any written record linking subjects to
the study can create a threat to
confidentiality, including consent forms
Confidentiality

The IRB may waive the requirement for
written documentation of consent in cases
where:
– The principle risks are those associated
with a breach of confidentiality concerning
the subject’s participation in the research;
and
– the consent document is the only record
linking the subject with the research;
Confidentiality
Certificates of Confidentiality
 Provides protection against a subpoena
for research data

Granted by DHHS but not limited to
Federally funded research

Usually requires IRB determination that
certificate is necessary
Privacy of Medical Records
Standards for Privacy of Individually Identifiable
Health Information
45 CFR Parts 160 - 164
Published in the Federal Register: December 28, 2000
Compliance Date: February 26, 2003
(2004 for small health plans)
http://aspe.hhs.gov/admnsimp/
Privacy of Medical Records


Covered entities: health plans, health
care clearing houses, and health care
providers who transmit any health
information in electronic form.
All medical records and other
individually identifiable health
information held by a covered entity is
covered by the regulations.
Privacy of Medical Records

Entities may release records for
research if:
– Individual authorization is obtained from
patients
– An IRB or a “privacy board” waives the
requirement for individual authorization
(the regulations detail the criteria for a
waiver)
Privacy of Medical Records

Entities may release records for
research without authorization or a
waiver if:
– Record review is for research preparation
and no information is removed from the
entity
– Research on information about deceased
individuals