260 likes | 496 Views
Privacy and Confidentiality. Definitions. Privacy - having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally, or intellectually) with others.
E N D
Definitions • Privacy - having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally, or intellectually) with others. • Confidentiality - methods used to ensure that information obtained by researchers about their subjects is not improperly divulged.
Regulations 46.102(f) Human subject means a living individual about whom an investigator… conducting research obtains (1) data through intervention or interaction with the individual, or (2) identifiable private information.
Regulations • Private information - information which has been provided for specific purposes by an individual and which the individual can reasonably expect will not be made public (for example, a medical record). • Identifiable information – information where the identity of the subject is or may readily be ascertained by the investigator or associated with the information.
Privacy Concerns about privacy may arise in several different contexts: • Observation of behavior • Obtaining identifiable private information from: • Records • Other individuals
Observational Studies • Most observational research, except that involving children and minors, is exempt from federal regulations unless the information is identified and sensitive • Not all behavior in public is public behavior if subjects have a reasonable expectation of privacy
Use of Records • The use of unidentifiable data is not human subjects research and does not usually require IRB approval. • Unidentifiable means that the investigator has no access to identifiers • Adequate procedures must be in place to protect access to identifiers at the source • Name and SS numbers are not the only identifiers • Accessing data may still be considered an invasion of privacy since subjects do not expect their data to be used for research purposes
Use of Records • Delinked data, where the investigator removes the identifiers, is human subjects research but may exempt from the requirements of 45 CFR 46. • Investigator does not determine whether research is eligible for exemption • In order to be eligible, the procedures for delinking must be sufficient to prevent identification of subjects
Use of Records • Research utilizing records that is not exempt, not more than minimal risk and is included in the list of eligible categories of research may be eligible for expedited review.
Use of Records • IRBs may waive some or all of the requirements for informed consent if: • The research is no more than minimal risk • The waiver does not adversely affect the rights and welfare of subjects • It is impracticable to carry out the research without the waiver • Where appropriate, subjects will be debriefed
Use of Records • The IRB may waive the requirement for written documentation of consent in cases where the research presents • no more than minimal risk; and • involves procedures that do not require written consent when performed outside of a research setting.
Use of Records Data repository • Under oversight of an IRB • IRB approves protocol specifying conditions under which data is accepted and released • Repository should have a Certificate of Confidentiality if the data presents legal liabilities
Use of Records • All data should be collected under an IRB approved protocol • Subjects must be informed that the data will be submitted to the repository, the types of research the data will be used for, the conditions under which it will be released, and procedures for protecting their privacy and confidentiality.
Information Obtained from Others • Anyone about whom an investigator obtains identifiable private information is a human subject, regardless of how the information is obtained
Confidentiality • Confidentiality and anonymity are not the same • Anonymous means no one, anywhere, ever can identify individual subjects • Names are not the only identifiers • Subjects’ participation in the research may need to be kept confidential as well as their data
Confidentiality • Methods to protect confidentiality: • substituting codes for identifiers • removing face sheets • properly disposing of papers with identifying data • limiting access to identified data • impressing on the research staff the importance of confidentiality • storing research records in locked cabinets.
Confidentiality • More elaborate procedures may be necessary for studies in which data are collected on sensitive matters such as sexual behavior or criminal activities. • Any written record linking subjects to the study can create a threat to confidentiality, including consent forms
Confidentiality • The IRB may waive the requirement for written documentation of consent in cases where: • The principle risks are those associated with a breach of confidentiality concerning the subject’s participation in the research; and • the consent document is the only record linking the subject with the research;
Confidentiality Certificates of Confidentiality • Provides protection against a subpoena for research data • Granted by DHHS but not limited to Federally funded research • Usually requires IRB determination that certificate is necessary
Privacy of Medical Records Standards for Privacy of Individually Identifiable Health Information 45 CFR Parts 160 - 164 Published in the Federal Register: December 28, 2000 Compliance Date: February 26, 2003 (2004 for small health plans) http://aspe.hhs.gov/admnsimp/
Privacy of Medical Records • Covered entities: health plans, health care clearing houses, and health care providers who transmit any health information in electronic form. • All medical records and other individually identifiable health information held by a covered entity is covered by the regulations.
Privacy of Medical Records • Entities may release records for research if: • Individual authorization is obtained from patients • An IRB or a “privacy board” waives the requirement for individual authorization (the regulations detail the criteria for a waiver)
Privacy of Medical Records • Entities may release records for research without authorization or a waiver if: • Record review is for research preparation and no information is removed from the entity • Research on information about deceased individuals