Certificates of Confidentiality, and what they can, and can’t, do
Some research may touch on sensitive or potential illegal behaviors, such as drug addiction. Or a subject’s research participation may be of interest in a legal matter; for example, a parent in a custody battle may seek access to the other parent’s medical information. In cases like these, a Certificate of Confidentiality can be a useful way of protecting both research subjects and researchers.
As stated in UAMS IRB Policy 13.1, Certificates of Confidentiality are issued by federal agencies, such as the NIH or FDA, as a means to protect the researcher from compelled disclosures, such as by subpoena, of identifying information or characteristics of research subjects. If a researcher whose study has a Certificate of Confidentiality receives a subpoena for information on a research subject in that study, the researcher does not have to disclose the requested information.
Please note: Certificates of Confidentiality do not prevent against every possible type of disclosure. Some examples of disclosures that may (or must) happen even if a certificate is in place are listed below. If your study has a Certificate of Confidentiality, consent materials should make clear that these types of disclosures are still possible or, in some cases, required
- The subject voluntarily discloses his or her own information
- Mandated reporting of matters such as suspected abuse or an intent to harm self or others
- Auditing or monitoring of the research to ensure human subject protection and regulatory compliance, by either internal offices, such as Hospital Compliance or the Office of Research Compliance, or outside agencies such as the Food and Drug Administration or the Office for Human Research Protections. From an institutional perspective, the IRB cannot protect the safety of human subjects, and other oversight offices cannot ensure the institution is following the relevant regulatory requirements, if institutional access to the protocol information is restricted.