|
Privacy concerns the right of individuals to control information about
their person and their behavior. An invasion of privacy occurs when someone
accesses this information without consent. Confidentiality concerns the
ways in which information disclosed voluntarily by subjects is protected
from disclosure by the researcher.
Privacy refers to our right to control access to ourselves and to our
personal information.
Persons ability to control access to their personal information and to
their persons is determined by a variety of factors, including socioeconomic
status, age, and circumstance. For example, information about welfare
rolls is public information; information about personal stock portfolios
is not, unless you are a government official. Minors have fewer rights
to privacy than adults. Institutionalized persons may have significant
limitations on their ability to control person information.
Assuming that respect for privacy is a critical component of ethical
research, the IRB will have to determine whether or not particular activities
constitute invasions of privacy. Such determinations are complicated because
differentiating between public and private behavior is not always easy
and because concepts of privacy vary from culture to culture.
Confidentiality refers to agreements made with subjects, through the consent
process, about if and how information provided by the subjects will be protected.
These agreements may include descriptions about whether or not identifiers
will be retained, who will have access to identifiable data, and what methods
will be to safeguard data, such as encrypted storage, locked files, and
so on.
Privacy is about persons; confidentiality
is about information.
An individual's right to privacy from research inquiry is generally protected
by the right to refuse to participate in research. Privacy issues arise
when investigators wish to use personally identifiable records without
obtaining consent or conduct covert observation or participant observation.
If a data set with information about individuals is publicly available
and the information it contains cannot be linked to the individual subjects,
there are no privacy concerns.
Some records are protected by law. School records are protected by Family
Educational Rights and Privacy Act. Private health information is
protected the the Privacy
Provisions of the Health Insurance Portability and Accountability
Act (HIPAA)
Federal regulations require IRB review for observations of public behavior
which are recorded in such a way that would allow the subjects to be identified
and, when, if the recorded observations were to be made public,
they could reasonably place the subject at risk of criminal or civil liability
or cause damage to the subject’s financial standing, employability,
or reputation.
These issues necessarily raise questions about the importance of the study
itself. The IRB must determine that the knowledge to be gained is important
enough to involve unconsenting subjects.
The need for confidentiality exists in virtually all studies in which
identifiable information is collected about subjects, unless the information
is entirely innocuous.
Confidentiality is particularly important when subjects are selected because
of a sensitive, stigmatizing,
or illegal characteristic. In these cases, a breach of confidentiality
may pose a serious risk to study subjects.
If confidentiality is promised, identifying information should not be
stored with research data. Every effort should be made to protect identifying
information through the use of passwords, locked computers, locked cabinets,
etc.
Retention of the research data is dictated by Duke's Data Retention Policy
and frequently by sponsor policy; however identifying information or coding
keys
should be destroyed as soon as possible. (Consent forms must be kept for
at least five years after a research project ends.)
Certificates of Confidentiality are issued by the National Institutes
of Health (NIH) to protect the privacy of research subjects by protecting
investigators and institutions from being compelled to release information
that could be used
to identify subjects with a research project.
Certificates of Confidentiality allow investigator and others who have
access to research records to refuse to disclose identifying information
in any civil, criminal, administrative, legislative, or other proceeding,
whether at the federal, state, or local level.
NIH will issue Certificates of Confidentiality for any research for which
they are appropriate, regardless of the source of funding.
Identifying information is broadly defined as any item or combination
of items in the research data that could lead directly or indirectly to
the identification of a research subject.
Information about subjects that can be protected with a Certificate of
Confidentiality includes:
- Genetic information
- Their psychological well-being
- Their sexual attitudes, preferences or practices
- Substance abuse or other illegal risk behaviors
- Their involvement in litigation related to exposures under study (e.g.,
breast implants, environmental or occupational exposures).
NIH has prepared a kiosk
providing information about Certificates of Confidentiality, including
frequently asked questions.
Print a Checklist
|
