Attachment B: Recommendations on Certificates of Confidentiality


Approved at SACHRP March 13, 2014

Table of contents:

  • Current COC system
  • Challenges of the current system
  • Advantages of the current system
  • Recommendations for improvement of the current system


Certificates of Confidentiality (COC) help researchers protect the privacy of human research participants enrolled in sensitive research.  They protect against compulsory legal demands, such as court orders and subpoenas, for identifying information or identifying characteristics of a research participant.  COCs were first implemented in the 1970s in order to protect research participants while conducting research on illegal drug use.  In 1974 the protection was expanded to include "mental health, including research on the use and effect of alcohol and other psychoactive drugs," and in 1988 the protection was expanded to the protection of health research generally.

The current statute enabling COCs is 42 U.S.C. §241(d), which says:

The Secretary may authorize persons engaged in biomedical, behavioral, clinical, or other research (including research on mental health, including research on the use and effect of alcohol and other psychoactive drugs) to protect the privacy of individuals who are the subject of such research by withholding from all persons not connected with the conduct of such research the names or other identifying characteristics of such individuals. Persons so authorized to protect the privacy of such individuals may not be compelled in any Federal, State or local civil, criminal, administrative, legislative, or other proceedings to identify such individuals.

NIH has established a central website, the Certificate of Confidentiality Kiosk.  It provides valuable information on how to obtain an COC.

Current Certificate of Confidentiality System

Several  agencies within Health and Human Services (HHS) issue COCs, including NIH, CDC, FDA, HRSA, IHS, and SAMHSA.  The NIH has a predominant role in this system.  Within NIH the entities that can issue COCs include: FIC, NCCAM, NCI, NCATS, NEI, NHGRI, NHLBI, NIA, NIAAA, NIAID, NIAMS, NICHD, NIDA, NIDCD, NIDCR, NIDDK, NIEHS, NIGMS, NIMH, NINDS, NINR, NLM, and the Magnuson Clinical Center.  Each of these entities has independent authority to issue a COC, and to make decisions as to requirements, standards and processes for issuance. 

When research is protected under a COC, the researchers can refuse to respond to legal requests for "involuntary disclosure" of the names and other identifying information about research subjects.  The protection of the COC applies permanently, and applies retroactively to data collected in a study prior to obtaining the COC.

However, there are four exceptions to the COC protections;

  • Voluntary disclosure of information by study participants themselves or any disclosure that the study participant has consented to in writing, such as to insurers, employers, or other third parties;
  • Voluntary disclosure by the researcher of information on such things as child abuse, reportable communicable diseases, possible threat to self or others, or other voluntary disclosures provided that such disclosures are spelled out in the informed consent form;
  • Voluntary compliance by the researcher with reporting requirements of state laws, such as knowledge of communicable disease, provided such intention to report is specified in the informed consent form (see Attachment D, which sets forth PHS policy on reporting of communicable diseases); or
  • Release of information by researchers to DHHS as required for program evaluation or audits of research records or to the FDA as required under the federal Food, Drug, and Cosmetic Act (21 U.S.C. 301 et seq.)

Researchers may request a COC for any research involving the collection of personally identifiable, sensitive information.  The definition of sensitive information includes but is not limited to “information relating to sexual attitudes, preferences, or practices; information relating to the use of alcohol, drugs, or other addictive products; information pertaining to illegal conduct; information that, if released, might be damaging to an individual's financial standing, employability, or reputation within the community or might lead to social stigmatization or discrimination; information pertaining to an individual's psychological well-being or mental health; and genetic information or tissue samples.”[1]

Identifying information includes “name, address, social security or other identifying number, fingerprints, voiceprints, photographs, genetic information or tissue samples, or any other item or combination of data about a research participant which could reasonably lead, directly or indirectly by reference to other information, to identification of that research subject.”[2]

Additional criteria for issuance of a COC are that the research has been approved by an IRB operating under an FWA or reviewing FDA regulated research.  The consent form for the research must include language describing the COC and the protections it affords.  It is not required that a study be supported with  NIH or other federal funding in order to be eligible for an NIH COC, but a study must involve subject matter that is within the mission area of the NIH.

The submission process can vary depending on the issuing organization, but the application must always be signed by the PI and the institutional official.  Students and other non-faculty researchers can submit for a COC, and then a faculty advisor or other appropriate person must also sign the application.  The application process can take a few weeks or up to three months.  Researchers are encouraged to submit their application three months in advance of beginning the research.

NIH currently issues approximately 1,000 COCs per year.

Challenges of the Current System

There are perceived disadvantages to the current system for the issuance of COCs, ranging from procedural to substantive. 

The procedural issues are the most commonly voiced.  First, it can take up to three months for a COC to be issued, and this must take place after an IRB has reviewed the research and issued a complete approval or a conditional approval that is conditional only upon obtaining a COC.  Therefore, all of the other IRB issues have to be resolved prior to the investigator’s beginning the application process for the COC. In addition to this timing issue, the IRB-approved consent form must “include a description of the protections and limitations of the Certificate of Confidentiality, including the circumstances in which the investigators plan to disclose voluntarily identifying information about research participants (e.g., child abuse, harm to self or others, etc.).” Sometimes the entity issuing the COC does not think that the language in the consent form appropriately addresses the description of the COC, or the entity believes that other language in the consent form, such as statement that “absolute confidentiality cannot be guaranteed,” will unacceptably weaken the validity of the COC in the case of a legal challenge.  In these cases, the effort to get both the IRB and the issuing entity to agree to the new consent form language can add additional time to the process. 

The administrative process for application for a COC differs across some of the entities that issue COCs, and this can cause confusion and delays.

Another administrative feature that also can cause delays is the need to obtain the signature of the Institutional Official.  The IO is usually not involved in the day-to-day oversight of research at this level.  It would be more efficient if this signature were not required. 

When research is not funded by the NIH, it can be difficult for a researcher to find the most appropriate institute within NIH to which an application for a COC should be directed.  The researcher is asked to approach the NIH institute whose mission most closely coincides with the research being conducted.  However, the appropriate choice of institute is not always readily apparent.

In addition, it is sometime difficult for the researcher to contact the appropriate person or department within NIH to discuss the application process. 

For multi-site research, both NIH and FDA are willing to issue COCs that cover all sites in the research.  However, it is often difficult to ensure that every site is appropriately registered.  A procedural issue that can arise in FDA-regulated multi-site research is that pharmaceutical sponsors sometimes do not feel comfortable being the holder of a COC, and instead ask that each individual site apply separately. 

There are also issues that are substantive rather than procedural.  One is that at times an NIH institute will refuse to issue a COC if the research does not involve a subject matter that is “within a mission area of the NIH.”  Examples have included stem cell research under previous federal policy, physician-assisted suicide, or criminal recidivism.

There is often a lack of understanding among investigators and IRBs of the legal basis and effect of a COC.  This in turn can lead to lack of clarity as to when to seek a COC and what protections it provides.

Another substantive issue is that the legal history of courts supporting COC against subpoenas is limited to a few cases.  Thus, there is some uncertainty of whether a given COC will be upheld, and on what terms, if challenged in court.

There is also a problem with both overuse and underuse of COCs, stemming from the fact that their use is voluntary.  As a result, they are applied inconsistently to research where the extra protection is warranted; some research that should be conducted under a COC for the protection of the subjects, such as research on illegal activities, is not conducted under a COC, while at the same time some research that does not need a COC for subject welfare is conducted under a COC.  This also involves the fact that the description of “sensitive information” provided on the COC Kiosk is quite broad, so that research involving tissue samples or genetics can qualify even if the subject matter is not particularly sensitive.  IRBs spend considerable time debating whether a given study involves “sensitive information” that warrants the protection of a COC, and often come to inconsistent conclusions.

Another potential issue is that the enabling statute prevents the release of “the names or other identifying characteristics of such individuals,” but does not prevent the release of the de-identified research data.  In theory, with today’s technology and methodologies, it is possible that subjects could be re-identified using data provided by an investigator under effective legal order, such as zip codes, age, etc.  The statute does not explicitly prohibit such efforts at re-identification.

Another issue is that some agencies have different processes for protecting confidentiality of sensitive information, particularly DOJ and AHRQ.  DOJ requires a Privacy Certificate under 42 U.S.C. § 3789g for all research it funds, even if the research is minimal risk and does not involve sensitive information.  AHRQ has a statute protecting all identifiable information (42 U.S.C. § 299c-3(c)).  As with any variability in administrative processes, this causes some confusion when researchers and IRBs face different processes.

Advantages of the Current System

There are several advantages to the current system, many of which have been referenced above in the discussion of disadvantages.  The current system is voluntary, which allows IRBs and researchers to determine on a case by case basis whether or not the use of a COC is warranted based on the sensitivity of the data collected in the research.  The current system also permits a variety of entities to issue COCs, which can help to make the COC available to a wider array of researchers, particularly for non-HHS-funded research.   In many cases the COCs are issued in a timely manner.  Finally, many institutions have found them to be useful in preventing the release of the identities of subjects involved in sensitive information research, most often without having to go to court for a legal reading as to the authority of the COC.  Therefore, the current system is functional.  The purpose of this recommendation is to inquire as to whether the system can be improved, but SACHRP does want to make sure that its support of the system in general is noted.

SACHRP Recommendations 

SACHRP makes the following recommendations, which are grouped first as changes to enhance administrative efficiencies, and second as substantive changes to the system.

Administrative Efficiencies:

  1. Improvement in turn-around time at the entities issuing COCs.  Sometimes it takes up to three months to obtain a COC.  Improvement of this situation would require an assessment of the administrative process at each entity that issues COCs, including an analysis of dedicated resources.  If certain entities were found to be consistently slower than others, they could be provided with additional resources or have the process shifted to another appropriate entity.  The current electronic system for application for COCs being piloted by NIH appears to be another mechanism that could improve the turn-around-time, as it forces the submitting institution to provide all of the necessary data with the initial application. However, SACHRP notes that based on a sampling of the new electronic consent process, one entity with NIH has already imposed additional questions beyond the others in that process.  NIH should carefully consider whether such differences, which often lead to administrative inefficiency, are necessary.
  2. Allow concurrent submission to the IRB.  The turn-around time could be improved by allowing concurrent submission with the IRB process, so that the two processes do not have to proceed sequentially.  In order for this to be effective, all of the issuing entities would have to agree on standard consent form language describing the COC, as currently some issuing entities will not allow consent form language that is acceptable to other entities.  The duties of IRBs and the entities issuing COCs are distinct, and a sequential system is not prohibited by the enabling statute.  FDA uses a process similar to this regarding the issuance of IDEs for clinical investigations of devices, wherein both an IRB approval and an FDA issuance of an IDE are necessary, but the sponsor can work on both processes concurrently. 
  3. As an alternative to the above recommendation 2., allow the research to begin upon IRB approval, prior to receipt of the COC.  Some IRBs have taken the position that it is acceptable for a research project to begin when the IRB approval is issued, as long as the investigator has applied for the COC but has not yet received the COC.  In this situation, language in the consent form will have to reference that the COC has been applied for and note the protection will be retroactive, so that subjects are properly informed of the protections and limitations of the COC.  The protections of the COC are retroactive, so subjects’ identities will be protected, and it is very unlikely that a legal request for the identities would be made within the first three months of the conduct of the study.  Clarification of the acceptability of this practice would allow institutions to implement this process to improve the timeline for implementation of research.
  4. Provide guidance on how IRBs can better inform researchers about the availability of COCs, as part of the application process.  The NIH Kiosk already has advice to investigators on how to efficiently file for a COC.  The issuing entities should determine whether additional advice should be provided to IRBs.  For instance, IRBs could be encouraged to include questions about COCs in their submission forms to help ensure that the need for a COC is identified earlier in the IRB process.
  5. Remove the requirement for the IO to sign, and allow the institution to designate a responsible official who can commit the institution.  This would allow greater administrative efficiency, and would not weaken the statutory authority, as the enabling statute does not require an IO to be involved in the process. Alternatively, provide clarity as to who can serve as the IO for the purpose of signature, particularly in small institutional settings such as doctor’s offices, or clarify the acceptability of delegation to other individuals within the institution. 

Substantive Changes:

  1. Implement specific regulations regarding COCs through a formal rule making process, to allow for clarification of processes, legal effects and standards, and to facilitate substantive public input.  At the current time, as far as SACRHP can determine, there is an enabling statute but not regulations at the Code of Federal Regulation (CFR) level.  Such regulations could be used to implement many of the substantive changes suggested below in the process of interpreting the enabling statute. 
  2. New regulations could provide more substantive guidance as to what data COC protects and does not protect.  At this point many investigators and IRBs are not aware of the finer points of what protections a COC provides, and there is a decided lack of clear legal precedents interpreting COC’s effects.  HHS should clarify what it believes the legal effect of a COC should be, so that courts would have an indication of agency intent as to the purpose and role of a COC.  This would help to indicate to investigators, institutions and IRBs when a COC is appropriate, and would also help courts in justifying support of a COC when presented with the issue.
  3. Provide a more refined definition of “sensitive information.” This would provide researchers and IRBs with a better sense of when a COC should be sought and when a COC would be granted; for instance, the current list of examples at the COC kiosk give the impression that any research with genetic samples or tissue samples is “sensitive,” which is not the case.
  4. Revise the enabling statute or use the implementation of new regulations to allow researchers the right to refuse to provide de-identified data in addition to identities, when there is a possibility of re-identification using technology or matching with other data.  Currently, many researchers are concerned that they could be required to provide the de-identified research data, which could be re-identified.
  5. Provide a description of the types of research for which NIH is unlikely to issue a COC, so that researchers and IRBs have advance notice for planning purposes.  Alternatively, NIH could revise its policy such that it will issue a COC if the research involves sensitive data regardless of whether the research involves or otherwise relates to a mission of the NIH.
  6. Create a single issuing office.  This will increase consistency and efficiency, and would make it easier to establish contact with the administrative office.  Also, this would eliminate differences among the current issuing entities as to acceptable consent form language describing the COC.  Such a single office would need to be appropriately resourced based on the workload so that it is efficient.  The staff involved should be knowledgeable about the conduct of research and the administrative framework for the conduct of research in HHS.
  7. NIH should consider whether the COC system could benefit from consideration of the recommendations of the HHS Office of the National Coordinator on electronic record systems.

Finally, it is worth noting that the July 2011 ANPRM entitled “Human Subjects Protections:  Enhancing Protections for Research Subjects and Reducing Burden, Delay and Ambiguity for Investigators” recommended uniform protections for research information.  The experiences of the agencies in providing COCs would provide valuable historical knowledge for implementation of new requirements proposed under an NPRM.


COCs have performed a valuable function of assuring research subjects of an additional level of protection of their identified data.  Yet the standards for granting COCs are unclear; its legal effectiveness is largely untested, with no regulations on which a future court might rely in interpreting a COC; and the process is decentralized and confusing.  Reform is needed, in order to maximize the resource that COCs can represent in protecting human subjects who are involved in sensitive research.


Content created by Office for Human Research Protections (OHRP)
Content last reviewed