privacy and confidentiality
DESCRIPTION
Privacy and Confidentiality. Definitions. Privacy - having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally, or intellectually) with others. - PowerPoint PPT PresentationTRANSCRIPT
Privacy and Privacy and ConfidentialityConfidentiality
Definitions
Privacy - having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally, or intellectually) with others.
Confidentiality - methods used to ensure that information obtained by researchers about their subjects is not improperly divulged.
Regulations
46.102(f) Human subject means a living individual about whom an investigator… conducting research obtains
(1) data through intervention or interaction with the individual,
or (2) identifiable private information.
Regulations
Private information - information which has been provided for specific purposes by an individual and which the individual can reasonably expect will not be made public (for example, a medical record).
Identifiable information – information where the identity of the subject is or may readily be ascertained by the investigator or associated with the information.
Privacy
Concerns about privacy may arise in several different contexts:
Observation of behavior Obtaining identifiable private information
from:– Records– Other individuals
Observational Studies
Most observational research, except that involving children and minors, is exempt from federal regulations unless the information is identified and sensitive
Not all behavior in public is public behavior if subjects have a reasonable expectation of privacy
Use of Records
The use of unidentifiable data is not human subjects research and does not usually require IRB approval.– Unidentifiable means that the investigator has no
access to identifiers– Adequate procedures must be in place to protect
access to identifiers at the source– Name and SS numbers are not the only identifiers– Accessing data may still be considered an invasion
of privacy since subjects do not expect their data to be used for research purposes
Use of Records
Delinked data, where the investigator removes the identifiers, is human subjects research but may exempt from the requirements of 45 CFR 46.– Investigator does not determine whether
research is eligible for exemption– In order to be eligible, the procedures for
delinking must be sufficient to prevent identification of subjects
Use of Records
Research utilizing records that is not exempt, not more than minimal risk and is included in the list of eligible categories of research may be eligible for expedited review.
Use of Records
IRBs may waive some or all of the requirements for informed consent if:– The research is no more than minimal risk– The waiver does not adversely affect the
rights and welfare of subjects– It is impracticable to carry out the research
without the waiver– Where appropriate, subjects will be
debriefed
Use of Records
The IRB may waive the requirement for written documentation of consent in cases where the research presents – no more than minimal risk; and – involves procedures that do not require
written consent when performed outside of a research setting.
Use of Records
Data repository Under oversight of an IRB IRB approves protocol specifying
conditions under which data is accepted and released
Repository should have a Certificate of Confidentiality if the data presents legal liabilities
Use of Records
All data should be collected under an IRB approved protocol
Subjects must be informed that the data will be submitted to the repository, the types of research the data will be used for, the conditions under which it will be released, and procedures for protecting their privacy and confidentiality.
Information Obtained from Others
Anyone about whom an investigator obtains identifiable private information is a human subject, regardless of how the information is obtained
Confidentiality
Confidentiality and anonymity are not the same– Anonymous means no one, anywhere,
ever can identify individual subjects Names are not the only identifiers Subjects’ participation in the research
may need to be kept confidential as well as their data
Confidentiality
Methods to protect confidentiality:• substituting codes for identifiers• removing face sheets• properly disposing of papers with identifying data • limiting access to identified data• impressing on the research staff the importance
of confidentiality • storing research records in locked cabinets.
Confidentiality
More elaborate procedures may be necessary for studies in which data are collected on sensitive matters such as sexual behavior or criminal activities.
Any written record linking subjects to the study can create a threat to confidentiality, including consent forms
Confidentiality
The IRB may waive the requirement for written documentation of consent in cases where:– The principle risks are those associated
with a breach of confidentiality concerning the subject’s participation in the research; and
– the consent document is the only record linking the subject with the research;
Confidentiality
Certificates of Confidentiality Provides protection against a subpoena
for research data Granted by DHHS but not limited to
Federally funded research Usually requires IRB determination that
certificate is necessary
Privacy of Medical Records
Standards for Privacy of Individually Identifiable Health Information
45 CFR Parts 160 - 164
Published in the Federal Register: December 28, 2000Compliance Date: February 26, 2003
(2004 for small health plans)
http://aspe.hhs.gov/admnsimp/
Privacy of Medical Records
Covered entities: health plans, health care clearing houses, and health care providers who transmit any health information in electronic form.
All medical records and other individually identifiable health information held by a covered entity is covered by the regulations.
Privacy of Medical Records
Entities may release records for research if:– Individual authorization is obtained from
patients– An IRB or a “privacy board” waives the
requirement for individual authorization (the regulations detail the criteria for a waiver)
Privacy of Medical Records
Entities may release records for research without authorization or a waiver if:– Record review is for research preparation
and no information is removed from the entity
– Research on information about deceased individuals