Privacy and Health Research. 8. Principles


The following principles are recommended for organizations that conduct, sponsor, or regulate health research involving personally identifiable data. They can be transposed into professional guidelines, standard operating principles, regulations, or laws. Detailed criteria and procedures should be established that are specific to the context.

  • Overall in health research, cultivate an atmosphere of respect for the privacy of the people whose health experience is being studied.
  • Collect or use personally identifiable data only if the research is worthwhile and identifiability is required for scientific reasons.
  • Urge Institutional Review Boards and other ethics review bodies to become fully engaged with the privacy, confidentiality, and security aspects of subject protection, in secondary research on data as well as in direct experimentation.
  • Respect such standard fair-use practices as announcing the existence of data collections, allowing data-subjects to review data about themselves, and the like. If for scientific reasons exceptions have to be made to normal practice, this should be discussed as part of the informed consent process before the study starts.
  • Attend sensitively to informing data-subjects and gaining informed consent.
  • Safeguard personal identifiers as close to the point of original data collection as possible.
  • Enforce a policy of "No access to personally identifiable information" as the default— then base exceptional access on need-to-know.
  • Generally limit the cordon-of-access to personally identifiable data. Allow access for formally justified research uses and to appropriate researchers. Maintain and monitor access "audit trails."
  • Remove data-subjects' personal identifiability as thoroughly as is compatible with research needs. If key-coding, aggregating, or otherwise removing personally identifying information, do so with adequate rigor.
  • Maintain proper physical safeguards and cybersecurity measures. Periodically challenge them, to test their adequacy.
  • Develop policies on seeking or allowing secondary use of personally identifiable data, and on the associated conditions and safeguards.
  • Before either (a) transferring data to other researchers or organizations, or (b) using data for new purposes, make conscientious decisions as to whether to proceed and what the privacy protections should be. Then if proceeding, implement appropriate protections.
  • Sensitize, train, and certify all personnel who handle personally identifiable data or supervise those who do. Make data stewardship responsibilities clear. Maintain internal and external accountability.