Order to Ensure Confidentiality of Data collected in a Research Investigation

September 25, 2019

Order to Ensure Confidentiality of Data collected in a Research Investigation

Confidentiality refers to the researcher's agreement to handle, store, and share research data to ensure that information obtained from and about research participants is not improperly divulged. Individuals may only be willing to share information for research purposes with an understanding that the information will remain protected from disclosure outside of the research setting or to unauthorized persons.
Whenever you process personal data, you must keep in mind that the processing must be necessary and proportionate about:
a) What?
b) Why? 
c) How? 
d) For how long?
‘Data quality’, as one of the conditions, imposes that the data are processed: 
  •  For specified, explicit and legitimate purposes and not further processed in a way incompatible with these purposes 
  • Only when adequate, relevant and not excessive about the purpose/s (e.g. by minimising collected information/database fields) 
  • Fairly and lawfully
  • Accurately and kept up to date
  • In line with data subjects’ rights, including the right to be forgotten 
  • In a secure manner
  • In a form, which permits the identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed.
  • For no longer than necessary for the purposes for which they were collected (‘retention period’) 
  •  Under the responsibility and liability of the Data Controller, who ensures and demonstrates for each processing operation complies with the Data Protection Policy.

Protecting Data Confidentiality
Routine Precautions to Protect Confidentiality

  1. In most research, assuring confidentiality is only a matter of following some routine practices:
  2. PPII are replaced with research identification codes (ID Codes) for PPII.
  3. Names and social security numbers may not be incorporated into or used for ID Codes.
  4. Face sheets containing PPII are removed from completed survey instruments;
  5. Access to master code lists or key codes is limited.
  6. Master lists are stored separately from the data and destroyed as soon as reasonably possible.
  7. Contact lists, recruitment records, or other documents that contain PPII are destroyed when no longer required for the research.
  8. Files containing electronic data are password-protected and encrypted (at least when data are transferred or transported).
  9. Research data/specimens are stored securely in locked cabinets or rooms.
  10. Electronic data are stored in password-protected computers or files.
  11. Files containing electronic data are closed when computers will be left unattended.
  12. Consent authorization forms are stored securely in locked cabinets or rooms, separately from the research data.
  13. Research staff are trained in IRB-approved methods for managing and storing research data/specimens.
Considerations for Protecting Confidentiality
During Data Collection
Inclusion of PPII: Will PPII be collected along with the data/specimens? What are the minimum PPII necessary to conduct the research?
Coding Data/Specimens: Will PPII be replaced with ID Codes when the data/specimen is collected/obtained (recommended)? If no, why not? If yes, will a master code list be used to link PPII with ID Codes? How will the confidentiality of the master code list be protected? Should numerical data be top- or bottom-coded?
Access to Clinic, Education, Program or Personnel Records for Research: How will researchers ensure only authorized persons access clinic or other private records that will be used for the research? How will researchers ensure confidentiality is maintained during the collection of private information from a clinic or other records?
Electronic Records: How will researchers ensure electronic data are protected during data collection? Will participants completing online surveys be advised to close the browser to limit access to their responses?
Use of Translators or Interpreters: When data collection requires the use of translators or interpreters who are not members of the research team, how will researchers ensure the confidentiality of the information collected?
In-person Interviews: What safeguards will be in place to maintain the confidentiality of data obtained through in-person interviews?
Focus Groups or Other Group Settings (schools, jail, clinics, treatment centres): What protections will be in place to minimize the possibility that information shared in a group setting is disclosed outside of the group or for purposes other than those described in study documents?
Internet Research: How will researchers restrict access to survey responses during data collection (e.g., restricted access, data encryption, virus and intruder protection)?
Maintaining Confidentiality
Protocols should be designed to minimize the need to collect and maintain identifiable information about research subjects. If possible, data should be collected anonymously or the identifiers should be removed and destroyed as soon as possible and access to research data should be based on a “need to know” and "minimum necessary" standard. When it is necessary to collect and maintain identifiable data, the IRB will ensure that the protocol includes the necessary safeguards to maintain the confidentiality of identifiable data and data security appropriate to the degree of risk from disclosure.

In regards to when it is appropriate to require provisions to maintain the confidentiality of data, the following issues should be considered: Will confidentiality of identifiable data be offered? Are there legal/ethical requirements Will the release of data cause risk of harm? If yes to the above, measures to maintain confidentiality should be incorporated into the protocol. 

Share this article :
Blogger Tips and TricksLatest Tips And TricksBlogger Tricks

FB Page

Copyright © 166/A-1/2017/19. ELITE Institute - All Rights Reserved