Privacy issues when reviewing sensitive work

Ask for details about safeguards

IRBs at academic research centers often review international infectious diseases research that can raise red flags regarding privacy, confidentiality, and vulnerability. One example might be a study conducted in the Dominican Republic and involving HIV prevention and sex workers. IRB members might question how researchers will collect and store sensitive data, and whether a potential breach of confidentiality poses a serious risk to subjects.

"If data are transferred from other countries, you need to look at how that transfer is being done, whether the identifiers are being destroyed or de-identified," says Joyce Plaza, manager of Columbia University's Morningside IRB in New York, NY.

"Two issues we look at are confidentiality and privacy," she adds.

To address both of these concerns, Plaza suggests IRBs should ask these questions during the application and review process:

  • "Is the interview done in a private location?"
  • "Are subjects cautioned they don't have to answer if they don't want to answer?"
  • "Once researchers have collected the data, what steps are they taking to protect that data?"
  • "Are they defining who has access to data?"
  • "Are staff trained in confidentiality procedures?"
  • "Are data sent electronically? Is there encryption?"
  • "Is information being hand-delivered? Is it coded?"
  • "Are the data collected or stored with the names of subjects, or are they coded?"
  • "Are they transferring codes, linking names with study numbers in separate files than research data?"

Electronic submission recommended

An efficient way to collect answers to these concerns would be to have an electronic submission system for IRB submission that walks investigators through sensitive data questions, making suggestions for what needs to be done, Plaza says.

This serves as both education and a way to ensure all protocol review concerns are addressed.

"Privacy and confidentiality need to be explained in the submission process," Plaza says. "We call it the study description that collects details about the study protocol, and we prompt investigators to enter information about privacy and confidentiality and to be explicit with their answers when they're submitting an application."

The IRB also has continuous education programs for principal investigators and their research staff.

"During the review process, if there are items missing from a protocol that we need to consider, then we return the submissions to the investigator and obtain these specific details," Plaza says.

The Columbia University IRB electronic submission system requires investigators to describe and explain the privacy and confidentiality protections plan for the study, she adds.

"We ask about the privacy and confidentiality procedures they will implement in the study description," she says. "For example, we ask them to describe how subject privacy will be protected and the limits to that protection."

The electronic form could summarize privacy protection as safeguarding an individual's expectation that the information the individual provides will be offered in confidence. Also, IRBs can inform investigators that privacy protection should cover all screening activities, HIPAA provisions, forums like focus groups where private information may be shared, and recordings of research activities where applicable, Plaza says. "Limitations such as compelled disclosure and mandatory reporting also should be described," she adds.

In the Columbia IRB's electronic protocol submission process, there is also a section called "Confidentiality of the data." In this section, investigators are told to describe how confidentiality will be maintained locally and during transmission to another site.

"We have them include a clear description of how data will be stored, specifically indicating whether the data will contain direct or indirect identifiers," Plaza says. "We ask them to describe protections related to accessing the study data, whether in electronic or paper form."

The IRB's website also provides definitions and descriptions of identifiable, coded data, de-identified data, anonymous data, and confidential data so the IRB and investigators are using the same terminology.

"We're always reviewing our language on the website to eliminate areas of confusion," Plaza explains. "I'm always referring investigators to our website for the definition of the different types of data, and we have FAQs [frequently asked questions] on our website that define what 'coded' means, 'anonymous' means, and 'confidential' means because sometimes investigators use the words 'anonymous' and 'confidential' synonymously, and we need them to clarify what they mean."

Investigators also confuse the terms "privacy" and "confidentiality," she notes.

Privacy can refer to the location of the subject when investigators are obtaining sensitive information from them. This location might be a private place of the subject's choice. Confidentiality refers to how data are protected once collected, whether data are kept in an identifiable manner, anonymous, de-identified, or coded.

"This is becoming more complicated with all the research activity going on these days, and it is a concern," Plaza says.

The protocol submission process also asks investigators about their staff training and confidentiality procedures that are included in the consent form. Plaza says the process asks these questions:

  • "What will happen to identifiable data at the study's end, after publication?"
  • "Are data destroyed, including photographs and recordings and tissue samples?"

Secondary use issues

Another issue involves the secondary use of confidential data.

"We have a lot of faculty obtaining secondary data to do an analysis, and often the owners of that data require a data protection agreement, and it may require the signature of an IT person in that department who has reviewed the data protection plan and made sure it's secure," Plaza says.

International research particularly has privacy and confidentiality nuances.

For example, a study that is enrolling women in a country with customs that are different from the United States and Europe might follow local custom and have the women's male heads of household provide consent for the women's study participation, Plaza says.

"But what if the woman doesn't want the male to know about the study?" she says. "We ask the person with knowledge of the local context to guide us."

This is where it's important to have a local review committee or a consultant knowledgeable of the local customs and norms to also address the same privacy and confidentiality issues in the context of their region's traditions and beliefs.

"The consent form should specify what the procedures to protect confidentiality are going to be, and the board could grant a waiver of documentation of written consent so subjects don't have to sign a consent form in order to protect their privacy," Plaza says. "Investigators still have to go through the whole consent process, but they waive the need for the person to sign the form in the event the principle risk of harm may result from a breach of confidentiality."