This section includes relevant background text, definitions and examples, policy statements, a video debate, and expert commentary. It should be read by those looking for both a fundamental and thorough understanding of privacy and confidentiality issues.

»Foundation Text«

Table of Contents
1: Why are privacy and confidentiality of fundamental importance in research?
     1.1 What is Privacy?
     1.2 What is Confidentiality?
2: Federal Regulations, Guidance, and Protections
     2.1 Code of Federal Regulations Title 45 Part 46: The Common Rule
     2.2 Food and Drug Administration Regulation: 21 CFR
     2.3 Certificates of Confidentiality (CoC)
     2.4 HIPAA Privacy Rule: Relevance for Research
         2.4.1 Activities Preparatory to Research
         2.4.2 Recruitment: Identifying and Contacting Research Participants
         2.4.3 Authorization to Use Protected Health Information
         2.4.4 Transition Provisions: Research that started before April 14, 2003
         2.4.5 Waiver of Authorization
         2.4.6 De-identified Data
         2.4.7 Limited Data Set
         2.4.8 Drug Abuse Programs
         2.4.9 HIV/AIDS Information
         2.4.10 Decedent’s Information
         2.4.11 Public Health Surveillance Research and HIPAA
         2.4.12 Minor’s Rights to Keep Certain Categories of Protected
         Health Information Confidential
         2.4.13 Data Storage Devices
         2.4.14 Fines Imposed for Violation of HIPAA
3: IRBs’ Role in Protecting Privacy
     3.1 Informed Consent
4: Data Protection: Protecting Data is Key to Reducing Risk
     4.1 Coded Information
     4.2 De-linked or Anonymized Data
     4.3 Anonymous Data
5: State-Level Protections
6: Genetics Research: The Uniqueness of Genetic Information
     6.1 Genetic Privacy of Individuals and Databases
     6.2 Genetic Privacy and State Law
     6.3 Pedigree Research
     6.4 Pharmacogenomics
7: Special Considerations in the Application of Privacy and Confidentiality
     7.1 Mandatory Reporting
     7.2 Social Sciences and Behavioral Research (SSBR)
     7.3 Third Party Research
     7.4 Vulnerable Populations
     7.5 Couple and Family Research
     7.6 Research in the Workplace
     7.7 Neuroscience Research
     7.8 Community-Based Research
     7.9 High-Profile Research: Disclosure in the Media
     7.10 International Research and Privacy
     7.11 Tissue and Data Repositories
     7.12 Internet Research
     7.13 Secondary Research
     7.14 Public Health Surveillance Research
8: Reporting Breaches of Confidentiality to the IRB and the Privacy Officer/Board
9: Conclusion


Although this resource will be helpful in understanding privacy and confidentiality issues in research, it should not be considered legal advice. Viewing this Web-based educational program should not substitute for reading the full text of the Privacy Rule, as this program covers only a select few of the HIPAA regulations.

Please note that many of the links provided are not maintained on, or affiliated with, Columbia University servers. These links are provided simply as a service, and do not imply recommendations, endorsements, or approvals of any of the content at the linked site(s), or of their availability or accuracy.

Whatsoever things I see or hear, in my attendance on the sick or even apart there from, which on no account one must spread abroad, I will keep to myself holding such things as sacred secrets.

- Hippocratic Oath, 4th Century, B.C.E.

1: Why are privacy and confidentiality of fundamental importance in research?


Given our modern research setting, with growing dependence on computers, the Internet, and the need for databases and registries, protection of an individual’s privacy is now one of the greatest challenges in research.

Since the earliest days of medicine, the notion of privacy and confidentiality has been the cornerstone of the patient-physician relationship; more recently, it has become a crucial consideration in the research participant*–researcher relationship. (*In this module, the term “research participant” is used synonymously with "research subject.”)

We are now conducting more research in the behavioral sciences, the social sciences, economics, and psychology, resulting in increasing amounts of personal information being collected. A breach of confidentiality violates a person’s rights and poses a risk of dignitary harm to the research participant, ranging from social embarrassment and shame, to stigmatization, and even damage to social and economic status, such as loss of employment and health insurance.

There are many specific topics that fall under the rubric of privacy and confidentiality that are essential to consider by today’s researchers, Institutional Review Board (IRB) members, IRB and institutional administrators, and institutional Privacy Officers/Boards. This learning module includes a discussion of the Health Insurance Portability and Accountability Act of 1996 (referred to as the HIPAA Privacy Rule in this module) as it relates to research, yet our goal for this module is not to focus on the HIPAA Privacy Rule but, rather, to increase awareness of how protecting privacy and maintaining confidentiality in the research setting have become ever more critical, complex, and challenging.

1.1 What is Privacy?

Privacy is defined in terms of a person having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally, or intellectually) with others. Privacy refers to the right of individuals to limit access by others to aspects of their person1 that can include thoughts, identifying information, and even information contained in bodily tissues and fluids. Even though privacy is not explicitly mentioned in the United States Constitution, many consider privacy a basic human right and maintaining confidentiality a professional obligation.

In 1993, the Council for International Organizations of Medical Sciences (CIOMS) and the World Health Organization (WHO) published the Ethical Guidelines for Biomedical Research Involving Human Subjects. These guidelines provide explicit provisions for respecting the privacy of research participants and maintaining the confidentiality of their personal information.

1.2 What is Confidentiality?

Confidentiality is the process of protecting an individual’s privacy. It pertains to treatment of information that an individual has disclosed in a relationship of trust, with the expectation that this information will not be divulged to others without permission.3

The need to keep personal information private is often weighed against the need to share personal information that has the potential to benefit the public good. Sharing information from DNA sequencing, databanks and repositories, quality-assurance efforts, and public health measures is essential for the development of new medical treatments. It is important for researchers to understand how these competing values can be viewed and how to balance the researcher’s goals against these competing needs. The type of health information collected needs to be balanced against the risk of harm that could occur due to the unauthorized disclosure of that information.

People living with HIV/AIDS, psychiatric disorders, genetic abnormalities, and substance abuse disorders have reason to be especially concerned. As vulnerable populations, their concerns are important for the researcher to recognize and address as the legitimacy of a study is in jeopardy if potential participants are reluctant to reveal vital information.

Benefits of Maintaining Confidentiality:

No individuals should risk harm due to disclosure of their private information as a result of their participation in research. Participation in research is voluntary, unlike necessary medical treatment from a clinician. A researcher's obligation to protect confidentiality is higher than a clinician’s since research often does not provide benefit to the participant and provides no compelling reason to become involved in the research. In almost all situations, research needs do not trump an individual's basic privacy rights. Those involved in designing, approving, and carrying out research must determine how to conduct research that maintains participants’ confidentiality.

In limited circumstances, personal information may be disclosed in the public interest without an individual’s consent when the benefits to society outweigh the individual’s interest in keeping the information confidential.4 Disclosure of personal information, for example, is required for public health interests in disease registration, communicable disease investigations, vaccination studies, or drug adverse event reporting. Balancing societal interests in research must be carefully considered by the investigator and approved by the Institutional Review Board (IRB) and the Privacy Officer/Board.

2: Federal Regulations, Guidance, and Protections


The Belmont Report (1979), written by the National Commission for the Protection of Human Subjects of Biomedical and Behavioral Research, is the major ethical statement guiding human research in the United States and is the basis for U.S. federal research protections. The report sets out three fundamental ethical principles: respect for persons, beneficence, and justice. Individual privacy and autonomy are described in the report as necessary to honor these ethical principles.

2.1 Code of Federal Regulations Title 45 Part 46: The Common Rule

Title 45, Part 46 of the Code of Federal Regulations (45 CFR 46) also known as the Common Rule, defines human subjects as living individuals about whom a researcher obtains:

  1. data through intervention/interaction with the individual, or
  2. identifiable private information.

The common rule is clear that these data need to be protected. As stated in 46.117(7), "when appropriate, there are adequate provisions to protect the privacy of subjects and to maintain the confidentiality of data."

2.2 Food and Drug Administration Regulation: 21 CFR

The Food and Drug Administration (FDA) requires statements in the Informed Consent Form:

  1. that describe the extent to which confidentiality of records that can identify the participant in the research will be maintained, and
  2. that inform the participant that the FDA may view the research records.

2.3 Certificates of Confidentiality (CoC)

Certificates of Confidentiality (CoCs), issued by the National Institutes of Health (NIH), allow the researcher to refuse to disclose identifying information on research participants in any civil, criminal, administrative, legislative, or other proceeding, whether at the federal, state, or local level, unless the participant consents.5

Any researcher can apply to the NIH for a Certificate of Confidentiality, whether or not the research is federally funded. Certificates of Confidentiality are used when research information is considered sensitive and disclosure could have adverse consequences for participants or damage their financial standing, employability, insurability, or reputation. Researchers should consider applying for a Certificate of Confidentiality if their study involves genetics, HIV/AIDS, certain communicable diseases, including sexually transmitted diseases, substance abuse, mental illness, criminal behavior, and other stigmatizing illnesses and conditions.

There are, however, limitations to Certificates of Confidentiality. A researcher must disclose in the Informed Consent Form any circumstances in which the researcher would need to disclose identifying information to departments of health or other authorities (e.g., if the participant reveals the presence of certain communicable diseases, child abuse or elder abuse, or imminent harm to self and others).

Certificates of Confidentiality are not easily obtained as the process for obtaining a certificate is lengthy and certificates are issued prudently by the National Institutes of Health (NIH).

Certificates do not prohibit researchers from voluntarily disclosing identifying information they have collected.

Participants should also be informed that if they themselves reveal to others sensitive information, or the fact of their participation in the research study, the Certificate of Confidentiality is no longer valid.

Researchers can apply for a Certificate of Confidentiality only after IRB approval of the research protocol. The Informed Consent Form should specify that a Certificate of Confidentiality will be applied for and appropriate language should be included.6 Some institutions withhold final IRB approval for recruitment until the Certificate of Confidentiality is in place.

The application should be sent to the NIH at least three months before the start of recruitment of research participants. If there are significant changes in the research protocol after IRB approval, then an amended Certificate must be applied for through the original NIH Institute granting the Certificate.

2.4 HIPAA Privacy Rule: Relevance for Research

Note: This module provides only a brief overview of the HIPAA Privacy Rule. See the federal government sources for a more complete description.

Most federally funded and some privately funded behavioral and biomedical research in the United States includes protections to help ensure the privacy of participants and the confidentiality of information through the U.S. Department of Health and Human Services Federal Policy for the Protection of Human Subjects (Subpart A of Title 45 CFR Part 46, the Common Rule) and/or the Food and Drug Administration’s Protection of Human Subjects Regulations at Title 21 CFR Parts 50 and 56. The HIPAA Privacy Rule supplements these protections by requiring covered entities to take specific measures to safeguard the privacy of individually identifiable Protected Health Information.

The HIPAA Privacy Rule regulations took effect April 14, 2003. They were the first comprehensive federal Department of Health and Human Services (DHHS) guidelines for the protection of the privacy of Protected Health Information (PHI). The HIPAA Privacy Rule does not regulate researchers per se, but may affect their ability to access an individual’s Protected Health Information for research and may require them to meet the conditions of the HIPAA Privacy Rule by providing proper authorizations.

The HIPAA Privacy Rule allows a covered entity (e.g., a healthcare institution) to disclose Protected Health Information for research under the following conditions:

It is important to keep in mind that medical records-based research, in which the Protected Health Information comes from documents or databases, and not directly from participants, is also subject to the HIPAA Privacy Rule.

For record reviews preparatory to research, the researcher should provide the required documentation to the Privacy Officer/Board (see section 2.4.1).

2.4.1 Activities Preparatory to Research

There are times when researchers need to review medical records in preparation for research. This could be:

  1. when information may be helpful in the preparation of a research hypothesis, a protocol itself, or a grant application, or
  2. when it is necessary to identify potential participants who meet the eligibility requirements of a study.

A researcher is allowed to identify, but not contact, potential study participants under the Preparatory to Research provision. Before permitting this activity, a covered entity must receive the proper documentation from the researcher. No PHI may be removed from the covered entity during this preparatory review.

Some institutions may require all activities Preparatory to Research to be reported to and reviewed by the institution’s Privacy Officer/Board. The IRB may waive some or all of the informed consent requirements in such cases, but this decision needs to be made by the IRB. Approval under the HIPAA Privacy Rule does not in any way affect the stipulations of 45 CFR 46 regulations.

2.4.2 Recruitment: Identifying and Contacting Research Participants

When conducting a clinical trial, recruiting the appropriate participants is critical. Many individuals may need to be interviewed in order to determine who among them is eligible to be in the study. Patients expect that information about their medical condition will be kept confidential and might consider it a breach of confidentiality if they were contacted by a researcher not involved with their care.

The primary physician should contact a patient (potential participant) first to get his or her permission to be contacted by the researcher. If the nature of a study makes this very difficult (impracticable), a researcher must provide reasons to the Privacy Officer/Board that justify why such a procedure would not be practicable and obtain a Waiver for Recruitment.

A problematic situation arises when personal information is collected while screening potential research participants who are later found, for one reason or another, to be ineligible to participate. In this instance, it is best to have explicit procedures outlined in the research protocol for securing or destroying the collected screening data.

Unless otherwise permitted by the HIPAA Privacy Rule, a subsequent Authorization must be obtained from the participant before a covered entity researcher may use or disclose the participant’s PHI for the clinical trial itself.

In 2003, the American Association of Medical Colleges (AAMC) conducted a survey of researchers, IRB members, privacy officials, deans, and others. Out of 331 responses, 74% reported that HIPAA had affected patient recruitment involving both data access and acquisition. Some researchers have called for revisions of the HIPAA Privacy Rule that would remove the barriers and burdens that the Privacy Rule has created for recruiting.7

2.4.3 Authorization to Use Protected Health Information

A research participant must give specific written permission to a researcher to use the participant’s Protected Health Information (PHI). According to the HIPAA Privacy Rule, the Authorization for Research applies to the specified research and not to any future unspecified projects.

The Authorization must inform the individual (potential participant) what PHI will be used and the purpose for which it will be used, as well as meet the other requirements of the HIPAA Privacy Rule. Alternatively, a covered entity may provide a researcher access to the PHI for reviews preparatory to research, provided the required representations are obtained. (See section 164.512(i) of the HIPAA Privacy Rule at

2.4.4 Transition Provisions: Research that started before April 14, 2003

If research was ongoing or originated before the date HIPAA went into effect—April 14, 2003—HIPAA contains provisions that allow a researcher to use prior permissions obtained from a participant granted either by the participant through the informed consent process or by an IRB waiver.

If a waiver of consent had been granted prior to April 14, 2003, but informed consent was or will be obtained after that date, then the participant’s Authorization is required under HIPAA unless a Waiver of Authorization is granted.

2.4.5 Waiver of Authorization

Under certain circumstances, it may be difficult for researchers to obtain a written Authorization from research participants. Research conducted on existing databases or repositories in which no contact information may be available is a good example. To address these situations, the HIPAA Privacy Rule contains criteria for the Waiver or alteration of the Authorization requirement by a Privacy Officer/Board. The Privacy Officer/Board can waive the requirement that the research participant needs to sign an Authorization. This would be when:

When researchers receive PHI under a Waiver of Authorization and subsequently disclose any of that information to other researchers, institutions, or agencies, the researchers become responsible for keeping an Accounting of Disclosures for PHI. Under HIPAA, research participants can request a record of how often their health information was released to others in the previous six-year period.

2.4.6 De-identified Data

Information that is de-identified is generally defined as "information (1) that does not identify the individual and (2) for which there is no reasonable basis to believe the individual can be identified from it."10 De-identified health information is exempt from the HIPAA Privacy Rule. In order to de-identify data, the 18 identifiers listed below must be removed from the health information.

2.4.7 Limited Data Set

A Limited Data Set is similar to the de-identified data set but has fewer of the 18 identifiers removed. The Limited Data Set is health information that may include city, state, zip code, elements of date, and other numbers, characteristics, or codes not listed as direct identifiers. Limited data sets are often utilized in multi-center studies when using fully de-identified data is not useful. The use of a Limited Data Set allows a researcher and others to have access to dates of admission and discharge, birth and death, and five-digit zip codes or other geographic subdivisions other than street address. A Limited Data Set does not include specified direct identifiers of the individual’s relatives, employers, or household members.

To use a Limited Data Set, the researcher must sign a Data Use Agreement that limits who can use or receive the Limited Data Set. It requires that the researcher neither re-identify the data nor contact the research participant and contains assurances that appropriate safeguards will be used to prevent improper use or disclosure of the Limited Data Set.11

2.4.8 Drug Abuse Programs

If a covered entity is also a federally assisted drug abuse program, the covered entity is also subject to the Confidentiality of Alcohol and Drug Abuse Patient Records Regulation. It may, therefore, be necessary for covered entities to properly use and disclose individually identifiable health information in compliance with both sets of regulations. Information on the relationship between the HIPAA Privacy Rule and the Confidentiality of Alcohol and Drug Abuse Patient Records Regulation is available on the Substance Abuse and Mental Health Services Administration (SAMHSA) Web site at"12

2.4.9 HIV/AIDS Information

HIV/AIDS information is Protected Health Information and is protected by local, state, and federal laws and regulations. Questions about the use or disclosure of HIV/AIDS data should be directed to an institution’s Privacy Officer/Board. It is mandatory to report positive HIV test data to state health departments. By April 2004, all states had adopted some type of system for reporting HIV diagnoses to the Centers for Disease Control and Prevention (CDC).

Depending on the state where the research is conducted, Waivers of Authorization may not be permitted with fully identified HIV data.

2.4.10 Decedent’s Information

Research on decedent (deceased persons) information is still protected under the HIPAA Privacy Rule even though it is not covered by the Common Rule regulations  (45 CFB 46) and thus does not require IRB approval. However, different institutions vary in their policies concerning decedent research. Check your institution’s policies.

To use or disclose PHI of deceased persons for research, covered entities are not required to obtain an Authorization, a Waiver, an Alteration of the Authorization, or a Data Use Agreement from the personal representative or next of kin. However, the covered entity must obtain from the researcher who is seeking access to the decedents' PHI:

2.4.11 Public Health Surveillance Research and HIPAA

Obviously, Public Health services provide important essential public health protections. The HIPAA Privacy Rule permits the sharing of PHI for public health purposes without individual Authorization if the PHI is provided to a legally authorized Public Health Authority for the purpose of preventing and controlling disease, injury, or disability. 13

2.4.12 Minor’s Rights to Keep Certain Categories of Protected Health Information Confidential

State laws and HIPAA provide minors with the authority to control certain categories of their own Protected Health Information. It is generally accepted that adolescents’ concerns about protecting their privacy might prevent them from seeking medical treatments for certain conditions (e.g., sexually transmitted diseases, substance abuse, and pregnancy) and might also prevent them from volunteering for important research studies. Consequently, various federal and state laws, as well as the policies of various medical and healthcare professional organizations and institutions, provide confidentiality protections for adolescents.

A minor’s personal representative (e.g., parent, legal guardian, or other person having legal custody) may not have a right to receive a minor’s health care information as it relates to HIV/AIDS and other sexually transmitted disease testing and treatment, pregnancy and prenatal care, abortion, chemical dependence, and mental health outpatient service.14 Researchers need to be aware of the impact of such regulations on protecting the confidentiality of research data for adolescents and the impact this has on their protocols, particularly when obtaining informed consent that involves parents or guardians.

2.4.13 Data Storage Devices

HIPAA requires researchers to use secure procedures for all computer-based storage of Protected Health Information including servers, laptops, handheld computers, and any other type of data storage device.15 Security procedures (e.g., encryption, password protection) should be standard practice whenever conducting research using databases that include identifiers.

2.4.14 Fines Imposed for Violation of HIPAA

Violations of the HIPAA Privacy Rule can result in both civil and criminal penalties, including fines and possible time in jail.

The Office of Civil Rights of the Department of Health and Human Services enforces civil violations. Civil penalties usually involve monetary fines. The HIPAA Privacy Rule allows fines of up to $100 per person for each violation of the law, to a limit of $25,000 per year for violations of a single standard per calendar year.16

The Department of Justice enforces criminal violations of the HIPAA standards. Covered entities and individuals (e.g., directors, employees, or officers of a covered entity), "who 'knowingly' obtain or disclose individually identifiable health information in violation of the Administrative Simplification Regulations face a fine of up to $50,000, as well as imprisonment up to one year. Offenses committed under false pretenses allow penalties to be increased to a $100,000 fine, with up to five years in prison. Finally, offenses committed with the intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm permits fines of $250,000 and imprisonment for up to ten years."17


3: IRBs’ Role in Protecting Privacy


IRBs and Privacy Boards/Officers, which may or may not be separate entities, depending on the institution, are designed to ensure that there are adequate provisions to protect the privacy of participants and to maintain the confidentiality of the data.

Research participants must be given fair, clear, honest explanations of what will be done with information that has been gathered about them and the extent to which confidentiality of records will be maintained. However, the promise of confidentiality cannot be absolute. Under court order or subpoena for example, there may be legal reasons for compelling a researcher to disclose the identity of, or information about, a research participant. In some instances, a researcher may be mandated to report information to government agencies as in cases of child abuse or elder abuse, certain communicable diseases, illegal drug use, and other situations such as gunshot wounds.

3.1 Informed Consent

Researchers are often unsure about what privacy protections to include in the Informed Consent Form. Easter et al., provide the following suggestions to IRBs when reviewing protocols:18

Also perplexing, are situations in which the IRB must determine which safeguards should be in place to protect past participants who need to be contacted to sign a new Informed Consent Form. The IRB or Privacy Officer/Board must review the researcher’s plan to deal with these situations and determine whether the privacy protections specified in the protocol adequately protect the participants.


4: Data Protection: Protecting Data is Key to Reducing Risk


All studies require protecting privacy and maintaining confidentiality of data even if they are not covered under the HIPAA Privacy Rule. Behavioral and social sciences research conducted at a university that is not a covered entity may not fall under the HIPAA regulations. Such research would involve the HIPAA Privacy Rule when disclosure from a covered entity is needed to conduct the research.

Designing study-specific protections for confidentiality requires planning, diligence, time, and knowledge of privacy and confidentiality strategies and procedures. It is important to develop a specific Data Protection Plan. A plan would include:

4.1 Coded Information

A researcher may opt to code information by replacing identifying information of the individual with a number, letter, symbol, or some combination. A key that deciphers the code allows re-associating or linking the coded information with the identity of the participant. If applicable, codes may need to be protected by an outside agency or third party. It is important that a clear policy be defined for re-identification. Generally researchers themselves should not be able to re-identify the data but might ask a third party to trace identifiers back to the individual.19

4.2 De-linked or Anonymized Data

Data, originally collected with identifiers, which subsequently have been removed, are considered de-linked or anonymized.

4.3 Anonymous Data

Anonymous data are data originally collected without any identifiers where the data were never associated or linked to an individual.


5: State-Level Protections


The HIPAA Privacy Rule is not the only government regulation that pertains to the privacy of health information. Various states have laws governing the privacy of such information. Therefore, it is important to check state laws to determine whether the HIPAA Privacy Rule or state privacy laws prevail. Generally, state laws that provide additional privacy protections in a specific area will supercede the HIPAA regulations in those areas. State laws that require reporting of disease or injury, child abuse, elder abuse, birth, death, or public health surveillance, are not overridden by the Privacy Rule.21


6: Genetics Research: The Uniqueness of Genetic Information


There are differences of opinion about the significance of genetic information for individuals and their families. What makes genetic information unique is that it reveals information not just about the individual from whom it was collected, but also about his or her family members who may not even be aware that genetic information was gathered. It may also reveal information about the larger population of which the individual is a member. Genetic information also can be revealed about individuals (and their families and populations) simply from a tissue sample or database.

Consequently, the decoding of the human genome makes privacy and confidentiality issues extremely acute. In the future, genetic data on individuals and families—including, ultimately, an individual’s entire genome—will become increasingly known and available. Medical research centers and other health care organizations will need to revise current protection procedures to avoid dignitary harms, such as stigmatization and discrimination associated with violations of genetic privacy.22

The results of genetic research even have the potential to stigmatize whole populations that share a common gene pool. Policies must address challenging questions such as: how genetic information and other health information differ, whether and how to use archived DNA samples23, and how to monitor and enforce these policies.24 Fears of stigma and discrimination resulting from participation in studies involving genetic tests may deter individuals and groups from participating if there is risk of a breach of confidentiality.25

With the advent of genomics, the potential exists for developing personalized medicines or designer drugs specifically targeted to individual genetic variation. This will present a significant challenge to protecting privacy and maintaining confidentiality in the collection and storage of DNA samples for pharmacogenomic research. The linkage of such genetic information to an individual’s medical records presents important ethical dilemmas that need to be addressed.26

6.1 Genetic Privacy of Individuals and Databases

Participants often express anxiety and concern about privacy aspects of the informed consent process. Participants in genetic studies may not want family members to know that they carry a specific trait fearing that they will be ostracized or blamed. Furthermore, they may not want to disclose to family members the results of their genetics tests because of potential discrimination by insurance companies and concerns that test results may make the family uninsurable. Many have encouraged the U.S. Congress to pass a Genetic Information Nondiscrimination Bill.

Researchers interested in the possibility of studying genetic markers for diseases or treatments need to learn how to plan appropriately to collect data and how to contact participants for future research and follow-up. Other considerations should include:

Although the potential legal liability of a “duty to warn” family members of their inherited health risk is still unclear, nonetheless, the failure to warn relatives of inherited health risks has resulted in malpractice lawsuits in the U.S. When a physician’s “duty to warn” is in conflict with his or her obligation to respect the privacy of patients, Offit et al., believe that health care professionals “have a responsibility to encourage, but not coerce, the sharing of genetic information in families.”27

Lowrance (2001) provided, for researchers, a list of the “Ethical requirements for genetic databases.”

6.2 Genetic Privacy and State Law

Careful consideration of a state’s genetic privacy laws is called for when conducting genetic research. Many states have passed genetic privacy laws that provide protections in addition to the protections provided by federal privacy laws. Some states require informed consent and the offer of genetic counseling before performing a genetic test. Some states explicitly define genetic information as personal property; some consider DNA samples as personal property, and some states have penalties for violating genetic privacy laws.

The National Conference of State Legislatures publishes information on the specific laws passed by each state.

In addition, many states have passed genetic and health discrimination laws.

6.3 Pedigree Research

Privacy and confidentiality of family members must be considered in pedigree research. Ethical issues in pedigree research are complicated because there can be potential conflicts between the rights and responsibilities of an individual and of a group. The privacy and autonomy of one family member can conflict with the privacy and autonomy of another individual or a family.30

Pedigree research relies on an accurate determination of family history, therefore, it is important to get full family participation. When publishing the family pedigree, care must be taken to protect families, especially in instances of rare diseases because these families are uniquely identifiable by the nature of their branches. There are strategies to protect identities in published pedigree diagrams such as omitting gender information in unaffected family members, collapsing unaffected children into a single icon, and including only a portion of the family.

6.4 Pharmacogenomics

The Human Genome Research Project will yield knowledge about disease prevention and treatments utilizing information about gene function. Accessing DNA data banks and the medical histories of many people will be required to determine how genetic variation affects disease incidence, and to determine pharmacologic effects of various treatments. Finding the appropriate balance between privacy and genetic research should be continually considered as genomic medicine progresses.31

To find the right balance between privacy and research, researchers and policymakers might consider anonymizing the data or permitting the use of Protected Health Information in limited circumstances. Ethical or IRB review of the circumstances is needed to ensure that the risks are minimized and that proper safeguards for confidentiality will be used.

Researchers should consider getting informed consent in advance if there is any possibility of future use of the genetic sample. There may be instances in which prior consent for future studies is advantageous because the risk level of the future study precludes a waiver of informed consent.32

7: Special Considerations in the Application of Privacy and     Confidentiality


Specific types of research can present unique challenges to protecting privacy and maintaining confidentiality. A brief review of some of these additional challenges is presented below to provide a more comprehensive picture of considerations needed to protect research participants.

7.1 Mandatory Reporting

A researcher may be required to report Protected Health Information to certain agencies and authorities, particularly to local and state agencies when required by judicial requests. Often, a participant’s authorization is not required for such mandatory reporting. The types of mandatory reporting, and the agencies that must be reported to, vary by locality. An institution’s Privacy Officer/Board should be consulted.

7.2 Social Sciences and Behavioral Research (SSBR)

The major risk in social sciences and behavioral research “is that of inadvertent disclosure—either during collection, processing, or storage of the original data, or through the identification of participants in data files that are made available for secondary analysis.”33 Stigmatization of specific individuals or groups—for example, by ethnicity, mental health, medical diagnosis, family history, or substance abuse—is an important concern that requires extra assurances of confidentiality.

Social and behavioral research may present dilemmas for researchers when data resulting from a behavioral study (such as the use of a personality scale or depression inventory) suggest that a participant might be at risk of harming himself or herself. There may be an obligation to provide ancillary care when certain diagnostic insights are realized during research. The researcher’s response to these situations can affect the well-being of participants. The researcher should consider that participants entrust only specific aspects of their health to the researcher, not necessarily their health in general. The researcher should consider the scope of what is entrusted to him or her by the participants, and what is his or her duty to care for their well-being. It is best to address, in the protocol and informed consent document/process, what might be offered to the participants if they are in need of care.

7.3 Third Party Research

Researchers sometimes seek to obtain private and sensitive information about others who are not participants in the research. Especially in epidemiological studies, researchers often collect data from the proband (the affected individual who led to the research done on their family) about family members even though informed consent is provided only by the proband.

However, if the information collected about these “others,” is considered private and sensitive and these “others” are readily identifiable, these “others” can be considered third party research participants. Generally in these situations, whenever informed consent can be sought, it is best to obtain it from the third party, depending on the urgency, practicability, and cost of obtaining it. In designing protocols, researchers must consider whether any third party may be adversely affected by the research.

The Office for Protection from Research Risks (OPRR), now the Office for Human Research Protections (OHRP), closed down hundreds of research studies at Virginia Commonwealth University (VCU) in 1998 as a result of concerns about protections of privacy, informing the University, in the case of Richard Curtin, that the VCU researcher should have sought Mr. Curtin’s informed consent before asking his daughter (the proband) sensitive questions about his highly personal medical history (e.g., about his genitalia and whether he suffered from depression).34

7.4 Vulnerable Populations

Researchers need to be sensitive to how fears of dignitary harms due to breaches of confidentiality may vary or express themselves differently in certain communities or ethnic groups, or for particular diseases.

Several specific populations have been defined as vulnerable (e.g., children, prisoners, the cognitively impaired, substance abusers). However, it is important to remember that vulnerability may apply to populations that are otherwise not viewed as vulnerable but are considered vulnerable depending on the particular research conditions.

Sensitivity to being vulnerable is relative. Data considered sensitive by one person or group may not be considered sensitive by another. In addition, attitudes and vulnerabilities change over time.35 Certain data deserve special attention to confidentiality (e.g., reproductive data, drug abuse and mental health data, parentage).

Many African-Americans are less trusting of medical research, given their fears of discrimination based in part on past experiences (e.g., Tuskegee and disparities in health care).36 In contrast, Latinos may be overly trusting and assume that physicians conducting clinical research would not be “doing experiments” on them. Gay men and lesbians also may be particularly concerned about their privacy and wary of medical research. 37 Research participants living with HIV, mental illness, or particular genetic disorders may also have specific concerns. Gender differences may exist as well. Given this, many groups may require especially arduous consent procedures needing detailed explanation.

Researchers and their staff need to be trained to be sensitive to the complexities and particular dilemmas potential participants face concerning privacy and disclosure and to communicate appropriately so participants can make informed decisions about volunteering for research.

7.5 Couple and Family Research

Couple and family research studies can be complicated because family members may confront competing interests. These studies require special attention to privacy and confidentiality.

The researcher needs to carefully consider what research data might be disclosed, to whom, and under what circumstances. Typically, standard ethical guidelines and federal regulations do not adequately address issues regarding disclosure of data involving the privacy of multiple family members. Therefore, researchers need to establish clear boundaries before the release of data from their research, and they should communicate these boundaries to all family members.38

An important issue is whether researchers should share with parents information about their child. Family researchers should clearly specify their policy on the limits of confidentiality with minors and include those in both their consent and assent processes. This is particularly important when the information disclosed concerns child abuse or elder abuse.40 Disclosure by adolescents about their use of drugs or alcohol, or about their suicidal ideation, could be motivated by a hope that the researcher will help them with their problem. Parents and adolescents prefer protocols that give permission to the researcher to obtain help if there is a serious problem such as drug use or suicidal behavior.41

7.6 Research in the Workplace

An increased concern regarding employee health and safety has resulted in an increase in studies conducted in the workplace. Employers and peers may persuade reluctant workers to participate in research. This leads to an often subtle vulnerability that can be easily discounted by the researcher. The most important issue in these instances is maintaining confidentiality of private data. The risk to employees due to a breach in confidentiality can be severe, including effects on benefits, job retention and/or job advancement, and other financial consequences, particularly if genetic information is involved. That health information could be released inappropriately, particularly if employers own and retain the employee’s records, thus increasing the risk imposed on participants.42

7.7 Neuroscience Research

The recent proliferation in neuroscience and behavioral research (e.g., neurogenetics) has created an increase in the amount of sensitive information collected that research participants might prefer to be kept private. There are many strategies involved in providing special protections to such information, such as obtaining a Certificate of Confidentiality, data encryption, firewalls, etc.

New technologies in neuroscience, such as brain imaging studies (e.g., fMRI, SPECT, PET), have recently led to unproven claims about the interpretation of such images. Reports purport to show that imaging of private thoughts can be used for detecting lies and negative bias, assessing the validity of a memory, and showing what people are thinking.

Greely remarks that “because neuroscience information may reveal central aspects of a person’s personality, cognitive abilities, and future, one could argue that it … requires special protection.” However, he also counter-argues that providing special protections for neuroscience information may not always be necessary, since not all neuroscience information may prove to be meaningful or sensitive and may be hard to separate from other types of medical information.43

The future of neuroscience research requires the vigilant monitoring of privacy and confidentiality implications to determine when situations provide acceptable privacy protections and when additional protections are necessary.

7.8 Community-Based Research

In population-based research, the individual as well as the broader community must be considered. Individuals might be linked to or identified with the community or a subgroup within the community, and may experience stereotyping, discrimination, or stigmatization simply by being identified as a member of that group.

Therefore, as Marshall states, “it is vitally important for researchers to work collaboratively with the study population to ensure those participants and the communities they represent are benefitted from and are empowered by the research, not devalued or harmed.” This can be done by working with the communities involved on a continuing basis. A community-based advisory board can be formed to address continued input from the community. “Safeguarding the interests of local populations begins with the establishment of a solid foundation that supports a relationship based upon trust and engagement with community members.”44

7.9 High-Profile Research: Disclosure in the Media

Although only a few research studies fall within this category, occasionally a high-profile clinical trial, one involving a new, dramatic, high risk, potentially life-saving technology, attracts avid media coverage. Morreim discussed the AbioCor Artificial Heart Trial as an example in which the company, ABIOMED, tried (unsuccessfully) to implement a limited information-dissemination policy designed to protect the privacy of the research participants as well as the research/clinical team. Morreim argued that researchers have an obligation to keep the public informed about such trials, but she also raised questions about what types of information belong, or do not belong, in the press. Even though a participant’s identity can be kept confidential, specific details about the participant can inadvertently reveal the identity of the participant, particularly in the local setting (e.g., the hospital).

Disclosures in such clinical trials should be limited. While participants may agree to let their identity be known, they may not want specific details revealed, such as adverse events affecting bladder or bowel incontinence. At the same time, keeping a participant’s identity private and maintaining anonymity can be a burden on the participants and their families.45 In some situations, hospital staff and administration may have to take forceful actions to protect privacy (e.g., admitting the participant under an assumed name).


7.10 International Research and Privacy

The World Medical Association Declaration of Helsinki (found at declares, as a basic human right, that all medical and personal data be confidential except:

Among countries, various international laws and regulations regarding privacy and confidentiality apply. Also, varied rules apply when data cross borders.

For example, many clinical trials conducted by U.S. pharmaceutical companies take place in the European Union (E.U.). Even though member states of the E.U. follow the same Data Protection Directive, each member state has passed unique national legislation to ensure local compliance with the directive; it is the national laws of the member states that specify the national requirements that can vary in wording and substance. Therefore, researchers conducting studies in the E.U. need to ensure compliance with the Data Protection Directive of the E.U., as well as with any specific regulations within each of the countries from which the data may be derived.48

7.11 Tissue and Data Repositories

Issues of privacy and confidentiality must be considered when biological materials or tissue samples used in research contain identifiers. Also, in many health care settings, an array of administrative, billing, and clinical databases exist (e.g., adverse events databases, disease registries, genetic registries, cancer registries, vaccination databases, Public Health registries). Researchers must carefully consider why they are using the databases or the repositories. When databases and specimen repositories (e.g., registries, banks, and libraries) are used for research, they must satisfy both the Common Rule (45 CFR 46) and the HIPAA Privacy Rule.

Today, the proliferation of databases for all types of data collection, and the potential to network and link databases for a variety of purposes across academic, commercial, and public health research, require careful stewardship. Linking multiple databases may provide a means to identify individuals to a greater degree than if the data were not linked, increasing the need for additional safeguards to protect confidentiality.50

7.12 Internet Research

Internet research is an area replete with research ethics concerns that need to be addressed. The Internet is the most comprehensive electronic archive of written material representing people’s opinions, concerns, and desires.51, 52 Internet communities (e.g., chat rooms, discussion boards) are fertile and invaluable sources of qualitative data uniquely accessible to researchers. These sources raise many unresolved questions concerning privacy, confidentiality, and informed consent.

A fundamental question is whether the Internet should be considered a public space or a private room. Members of Internet communities do not have the expectation to be research participants and may consider a researcher lurking around a self-help chat room to be a voyeur, taking advantage of people in distress. Their privacy can easily and unintentionally be violated by a researcher who quotes their exact words. Even if the researcher deletes all personal information, powerful search engines can index Web pages so that the original message, including the email address of the sender, could be retrieved by anyone using the direct quote as a query.

Internet-based research can be classified into three types: (1) passive analysis, when researchers gather information from discussion groups without identifying themselves; (2) active analysis, when researchers participate in the communications (they may or may not identify themselves as researchers); and (3) information analysis, when researchers identify themselves and gather information through online interviews or focus groups to recruit participants for other forms of research.53

Before approving Internet research, Eysenbach and Till propose seven issues for researchers and IRBs to consider and address, including (1) the extent of intrusiveness, (2) perceived privacy, (3) vulnerability, (4) potential harm, (5) informed consent, (6) confidentiality, and (7) property rights.54

Specific questions for researchers to consider when conducting Internet-based research are:

  1. What are the risks of exposure of the research participant’s identity during data gathering, data dissemination, and publication?
  2. Since Internet users often use pseudonyms, how do you guard against the possibility of recruiting vulnerable populations such as children into your study?
  3. How much do you quote directly from online conversations and stories?

Increasingly, researchers are using the Internet to screen potential participants for study eligibility, recruit participants, and, transfer data. Potential participants may have concerns about Internet privacy. Researchers need to be aware of the potential ramifications of privacy breaches, the potential harms of such activities, and how to address them. As in all research involving identifiers, researchers need to develop “tight” security policies, such as increased password protections, encryption techniques, and firewalls on computers to obstruct outside hackers.

7.13 Secondary Research

Data collected for previous research and considered to be “on the shelf” at the time of the second study can provide very useful information that might be difficult and expensive to acquire otherwise. Utilizing existing data can be time and cost efficient, avoiding the expense of collecting original data from real-life settings.55

The important question is whether secondary use of data could be harmful to the individuals from whom the data had been collected. The privacy risks to these individuals must be weighed against the potential societal benefits from the research.56 IRBs need to exercise good judgment to determine whether a researcher conducting secondary research needs access to coded data or Protected Health Information with identifiers.57

Secondary use of data is allowed for the purpose of research, public health, or health care operations. In these situations, however, certain identifiers (e.g., name, age, address, telephone, fax numbers, medical-record numbers, vehicle license-plate numbers, and fingerprints) must be redacted (edited to remove sensitive or confidential information) in order to safeguard the privacy of the participants.
If the secondary data set contains no identifiers, then 45 CFR 46 may not apply.

7.14 Public Health Surveillance Research

Some ethicists and researchers have argued that in certain circumstances, privacy should be limited to enable appropriate and much needed public health surveillance.58 ,59 ,60 Others argue that medical information used for purposes of research without the knowledge or consent of the donor, often as part of national databases and biobanks, is problematic.61

Bayer and Fairchild have called for some form of explicit, systematic, ethical review in public health surveillance, particularly since it is often difficult to distinguish between research and practice in certain public health surveillance efforts. In addition, discrepancies exist between state and federal definitions of what is practice and what is research, thereby making it difficult to determine the need for IRB review. Bayer and Fairchild believe the tensions between individual privacy interests and collective public health interests would be better served by some form of explicit systematic review in order to avoid breaches of confidentiality and stigmatizing events.62


8.0 Reporting Breaches of Confidentiality to the IRB and the Privacy       Officer/Board


A breach of confidentiality should be taken seriously by researchers and a plan of action should be implemented to rectify any breaches of confidentiality. A breach of confidentiality might be considered an adverse or unanticipated event by an IRB, therefore, breaches need to be reported promptly to both the IRB and the Privacy Officer/Board. The IRB will determine what actions are necessary to make reparations, including notifying affected participants. In addition, a review session with the Privacy Officer/Board might be required and additional data protections, such as encryption, might be necessary.

9.0 Conclusion


The right of a research participant to privacy and to have his or her Protected Health Information (PHI) kept confidential is both respected and expected today. As research in science and medicine advances, particularly in the ever-expanding fields of genetics, neurosciences, and behavioral sciences, and as more PHI is collected, protecting privacy and maintaining confidentiality are becoming increasingly complex and complicated tasks.

This educational module has touched on a variety of critical concerns for researchers to consider regarding protecting privacy and maintaining confidentiality. Researchers and IRB members need to recognize the overt and covert threats to privacy that participants face, and use appropriate strategies to promote confidentiality. Consistent vigilance is required if researchers are to maintain the trust of the public that is so essential in the pursuit of knowledge designed to improve the health and welfare of society.

Continue to the next section: → Resources

Reference Notes

1 McCabe M. Comment from the Conflicts of Interest, Privacy/Confidentiality, and Tissue Repositories: Protections, Policies, and Practical Strategies Conference co-sponsored by PRIM&R and the Columbia University Center for Bioethics. 2004 May 3-5; Boston, MA. back

2 Brandeis LD, Warren E. The Right to Privacy. Harv L Rev. 1890;(4)5. back

3 National Human Genome Research Institute [Web site on the Internet]. Washington, DC: Protecting Human Research Subjects: Office for Protection from Research Risks, 1993 Institutional Review Board Guidebook; [updated 2005 Sept; cited 2005 December 3]. Available from: back

4 Lowrance W. Learning from experience: Privacy and the secondary use of data in health research. J Biolaw Bus. 2003;6(4):45. back

5 National Institutes of Health [Web site on the Internet] Office of Extramural Research: Certificates of Confidentiality: Background Information. [updated 2006 Feb14; cited 2006 Feb 16]. Available from: back

6 National Institutes of Health [Web site on the Internet]. Office of Extramural Research: Certificates of Confidentiality Kiosk. 2005 Dec 2 [cited 2005 Oct 10]. Available from: back

7 IRB Advisor. 2005 Apr;5(4):37-48. back

8 National Institutes of Health. [Web site on the Internet]. Information for Researchers: Clinical Research and the HIPAA Privacy Rule; 2004 Feb 5 [updated 2004 June 22; cited 2005 Oct 11]. Available from: back

9 National Institutes of Health. [Web site on the Internet]. How Can Covered Entities Use and Disclose Protected Health Information for Research and Comply with the Privacy Rule: Minimum Necessary Restriction. [updated 2004 Aug 4; cited 2005 Nov 18]. Available from: back

10 Partners Healthcare System. Partners Human Research Committee. [Web site on the Internet]. HIPAA and the Privacy Rule. [cited 2005 Jan 9]. Available from: back

11 National Institutes of Health. [Web site on the Internet]. HIPAA Privacy Rule Information for Researchers. [updated 2004 February; cited 2005 February 28]. Available from: back

12 National Institutes of Health. [Web site on the Internet]. How do other privacy protections interact with the Privacy Rule? [updated 2004 Aug 84; cited 2005 Nov 18]. Available from: back

13 HIPAA Privacy Rule and Public Health: Guidance from CDC and the U.S. Department of Health and Human Services. MMWR 2003 April 11; 52:1-12. [updated 2003 Apr 11; cited 2006 March 9]. Available from: back

14 English A, Ford CA. The HIPAA Privacy Rule and adolescents: legal questions and clinical challenges: Perspectives on sexual and reproductive health. 2004;36(2). back

15 Columbia University. Columbia University Research Administration System (RASCAL). [Web site on the Internet]. [cited 2005 December 3]
Available from: back

16 U S Department of Health and Human Services [Web site on the Internet] Centers for Medicare & Medicaid Services: Enforcement of HIPAA Standards: HIPAA Information Series. c2003 [updated 2005 Dec 14; cited 2006 March 10]. Available from: back

17 American Medical Association. AMA Doctor’s Helping Patients. [Web site on the Internet]. HIPAA Violations and Enforcement. [updated 2005 Nov 1; cited 2005 Nov 16]. Available from: back

18 Easter MM, AM Davis, et al. Confidentiality: more than a linkage file and a locked drawer. 2004; IRB 26(2):13-17. back

19 Lowrance, 2003;42- 43. back

20 Lowrance, 2003;42. back

21 National Institutes of Health [Web site on the Internet]. How do other privacy protections interact with the Privacy Rule? [updated 2004 Aug 4; cited 2005 Nov 18]. Available from: back

22 Anderlik MR, Rothstein MA. Privacy and confidentiality of genetic information: What rules for the new science? Annu Rev Genomics Hum Genet
2001;2:401-433. back

23 Reily P. Been there; done that (we've been there; they've done that). IRB: Ethics & Human Research. 2001;23(1):8-9. back

24 Edwards JG, Young SR, et al. Developing genetic privacy legislation: The South Carolina experience. Genet Test. 1998;2(1):37-41. back

25 Miller PS. Genetic discrimination in the workplace. J Law Med Ethics 1998;26(3):189-97,178. back

26 Corrigan OP. Pharmacogenetics, ethical issues: Review of the Nuffield Council on Bioethics report. J Med Ethics. 2005;31:44-148. back

27 Offit, K. Groeger, E. Turner, S. Wadsworth BA. Weiser MA. The “duty to warn” a patient’s family members about hereditary disease risks. JAMA. Sep 2004;292(12):1469-1473.back

28 Hadley DW, Jenkins J, et al. Genetic counseling and testing in families with hereditary nonpolyposis colorectal cancer. Arch Intern Med. 2003;163(5):573-582. back

29 Lowrance WW. The promise of human genetic databases. BMJ 2001 Apr 28;322:1009-1010. back

30 Worrall BB, Chen DT, et al. Ethical and methodological issues in pedigree stroke research. Stroke. 2001;32(6):1242-1249. back

31 Robertson JA. Privacy issues in second stage genomics. Jurimetrics 1999;40:59-76. back

32 Robertson, JA. back

33 Panel on Institutional Review Boards, Surveys, and Social Science Research, The National Academies. 2002. Committee on National Statistics (CNSTAT). Letter Report: Protecting Participants in Behavioral and Social Science Research. Available from:

34 Matthews J. Father's complaint shuts down research: U.S. agencies act on privacy concerns. The Washington Post. 2000; Jan 12;Sect. B:07. back

35 Lowrance 2003;34. back

36 Fischbach R. The Tuskegee Legacy. Harvard Medical Alumni Bulletin. 1993;25-28. back

37 Klitzman R, Greenberg J. Patterns of communication between gay and
lesbian patients and their healthcare providers. Journal of
Homosexuality. 2002;42(4):65-75. back

38 Margolin, 159. back

39 Margolin, 159. back

40 Margolin, 162. back

41 Fischer A. Patient confidentiality. Med J Aust. 1993;158(1):69-70. back

42 Rogers B. Research with Protected Populations -- Vulnerable Participants. AAOHN Journal 2005; 53(4)156-157. back

43 Greely HT. Neuroethics: The Neuroscience Revolution, Ethics, and the Law. Remarks for the Regan Lecture on April 20, 2004. Santa Clara University: Markkula Center for Applied Ethics [Web site on the Internet]. [cited 2005 Oct 14]. Available from: back

44 Marshall PA, Rotimi, C. Ethical Challenges in Community-Based Research. Am J Med Sci. 2001;332(5):259-263. back

45 Morreim, EH. High-profile research & the media: The case of the AbioCor artificial heart. The Hastings Center Report. 2004 Jan-Feb; 34(1):11-24. back

46 Morreim, EH. back

47 Lowrence, 2003;37. back

48 Bernstein SW, et al. Transfer of clinical research data from the European Union to the United States. Medical Research Law & Policy. 2004 Apr 7;3(7): 271-276. back

49 Lowrance, 2003;35, 55. back

50 Lowrance, 2003;47- 49. back

51 Eysenbach G, Till JE. Ethical issues in qualitative research on internet communities. BMJ. 2001;323(7321):1103-5. back

52 Eysenbach G, Wyatt J. Using the Internet for surveys and health research. J Med Internet Res. 2002;4(2):E13. back

53 Eysenbach, 2001:1003-1105. back

54 Eysenbach, 2001:1103-1105. back

55 Lowrance, WW. Privacy and Secondary Use of Data in Health Research. Privacy and Medical Information. Bioethics Institute. In: Proceedings of the Inaugural Robert H. Levi Leadership Symposium: Privacy and Medical Information; 2000 April 13-14; The John Hopkins University. 13-28. back

56 Lowrance, 2003;21. back

57 Hyman SE. The needs for database research and for privacy collide. Am J Psychiatry. 2000;157(11):1723-1724. back

58 Melton LJ. The threat to medical-records research. N Engl J Med.1997;337(20):1466-1470. back

59 Bayer R. Fairchild A. Public health: Surveillance and privacy. Science. 2000;290(5409):1998-1999. back

60 Fairchild AL, Bayer R. Public health. Ethics and the conduct of public health surveillance. Science. 2004;303(5658):631-632. back

61 Caulfield, T. Upshur, REG, Daar, A. DNA databanks and consent: A suggested policy option involving an authorization model. BMC Medical Ethics. 2003;4:1. [published 3 January 2003;cited 2006 March 8;] Available from:
[This article is available from:
© 2003 Caulfield et al.; licensee BioMed Central Ltd. This is an Open Access article: verbatim copying and redistribution of this article are permitted in all
media for any purpose, provided this notice is preserved along with the article's original URL.] back

62 Fairchild AL, Bayer R. Public Health. Ethics and the conduct of public health surveillance. Science. 2004 Apr 30;304(5671):681-684; author reply 681-684. back