Privacy and Health Research. Certificates of Confidentiality


For defense against subpoenas, court orders, and other externally compelled disclosures of health-research data, the Public Health Service Act provides that special legal-confidentiality protection may be issued:98

The Secretary [of Health and Human Services] may authorize persons engaged in biomedical, clinical, or other research (including research on mental health, including research on the use and effect of alcohol and other psychoactive drugs) to protect the privacy of individuals who are the subject of such research by withholding from all persons not connected with the conduct of the research the names or other identifying characteristics of such individuals.

Persons so authorized to protect the privacy of such individuals may not be compelled in any Federal, State, or local civil, criminal, administrative, legislative, or other proceedings to identify such individuals.

Currently protection of this kind is granted in the form of "Certificates of Confidentiality" which are issued, upon application, for particular projects. The research need not be Federally sponsored to qualify. Once a Certificate is granted, the researcher must apply it. This mechanism allows researchers to give firm prior assurance of confidentiality, with few possible exceptions (such as for tightly controlled Federal audits), to data-subjects. If they wish to, data-subjects themselves may authorize specified disclosures.

Incidentally, unless a Certificate of Confidentiality has been obtained before research begins, or some other legal protection obtains, research data may be vulnerable to legally compelled disclosure. This legal area deserves some public policy review generally, and it may be acquiring new dimensions now (for instance, with respect to secondary research in databases, in which data are transferred and "reside" far from their source).

(98) Public Health Service Act § 301(d); 42 United States Code 241(d).