A revised National Institutes of Health (NIH) policy on certificates of confidentiality went into effect Oct. 1, significantly expanding the scope of research to which it applies and adding new prohibitions to prevent investigators from disclosing “identifiable, sensitive information” about research subjects.
The updated policy, released Sept. 7, stems from Section 2012 of the 21st Century Cures Act (P.L. 114-146), which requires the Secretary of the Health and Human Services to issue automatically a Certificate of Confidentiality to investigators or institutions engaged in “biomedical, behavioral, clinical, or other [NIH funded] research in which identifiable, sensitive information is collected.” The policy applies retroactively to all NIH funded research “commenced or ongoing on or after December 13, 2016.”
Under the revised policy, a certificate of confidentiality is deemed to have been issued to all covered research as a term and condition of the award, and no physical certificates will be issued. As a result, investigators now are prohibited from disclosing such information in the context of a legal proceeding; generally, disclosure to any person outside of the research team is prohibited. Any investigator or institution that receives a copy of the identifiable sensitive information protected under the policy is subject to the disclosure restrictions, even if the recipient is not funded by the NIH. The revised policy applies to research such as genomic data that may not be considered identifiable under the Common Rule.
The NIH website on certificates of confidentiality has been revised to reflect the Oct. 1 policy change.