Privacy & Confidentiality

This course will discuss privacy and confidentiality in research. We will begin by differentiating privacy from confidentiality. We will discuss how risks to privacy can occur at many stages of research, and methods that can be used to guard against threats to both privacy and confidentiality. We will examine the HIPAA and FERPA reporting requirements concerning the collection of private information. Finally we will review the limitations of confidentiality. The module will conclude with a brief quiz.


  • Define and differentiate privacy and confidentiality
  • Recognize the risks associated with recruitment, data collection, dissemination and privacy
  • Understand methods to protect privacy and confidentiality
  • Understand HIPAA and FERPA reporting requirements regarding collection of private information
  • Identify limitations to confidentiality

Privacy and Confidentiality

This Course will discuss privacy and confidentiality in research. We will begin by differentiating privacy from confidentiality. We will discuss how risks to privacy can occur at many stages of research, and methods that can be used to guard against threats to both privacy and confidentiality. We will examine the HIPAA and FERPA reporting requirements concerning the collection of private information. Finally we will review the limitations of confidentiality.

Define and differentiate privacy and confidentiality

Privacy and confidentiality are related concepts but they are not the same concept. Privacy pertains to the individual subject and the control that individual has regarding sharing personal information. The Institutional Review Board Guidebook, Chapter 3, section D, defines privacy “in terms of having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally, or intellectually) with others.” Confidentiality, on the other hand, has to do with how the researcher protects data obtained from the subjects. The same section states that “confidentiality pertains to the treatment of information that an individual has disclosed in a relationship of trust and with the expectation that it will not be divulged to others in ways that are inconsistent with the understanding of the original disclosure without permission.” (ref 15)

Privacy, confidentiality and Belmont

The concepts of privacy and confidentiality arise from the Belmont Report’s basic ethical principle of “respect for persons.” Respect for persons requires that all individuals be treated as autonomous agents. This means that the opinions and choices of subjects must be respected and they must have control over when and how their personal information is to be shared. This also means that the researcher must do everything possible to uphold the subjects’ privacy and maintain confidentiality. (ref 41)

Risks associated with recruitment, data collection & dissemination of findings

Researchers must be able to recognize threats to privacy and confidentiality that may occur during subject recruitment, data collection, and during dissemination of the results of their research. Researchers must also be aware of the variety of ways in which privacy and confidentiality should be protected.

Concerns for privacy often arise in the context of how subjects are recruited for research, especially if the research concerns a sensitive topic. If research information cannot be obtained from public data, then researchers may approach institutions (hospitals, schools, government agencies) for access to data that they have collected in the course of normal business. Institutions must be careful not to betray the trust that has been placed in them when researchers ask for information. The risk for a privacy breach can be eliminated if the information can be obtained without personal identifiers. (ref 15)

During data collection, researchers should be wary of methods of data collection such as focus groups and observation. Focus groups, unlike individual interviews, bring a number of subjects together to discuss the research subject. This may not be a significant concern if the research is looking at parenting techniques, yet it can be a significant concern if the research is examining child abuse. Concerns for privacy also arise in observational studies, especially those utilizing covert observation and participant observation. During covert observation, researchers may record subjects through the use of concealed audio and video recording devices. In participant observation, the researcher becomes a participant in the activity that is being researched to obtain information that would not be available to the public. Both of these situations obviously raise serious privacy issues. Of course, if the behavior being observed is public behavior (and there can be no expectation of privacy in public), then these concerns are ameliorated. However, it should be kept in mind that the observations should not be recorded in such a way that individuals within the study can be identified and the recorded observations must not place subjects at risk of criminal of civil liability or cause damage to the subject. (ref 15)


Conducting human subjects research requires protection of privacy and confidentiality of all participants similar to when working with children or other vulnerable populations. This video, intended for youth workers, does an excellent job describing the privacy and confidentiality protections afforded all research participants, regardless of age or vulnerability status. In addition, the information on mandated reporting describes the limited circumstances under which privacy and confidentiality requirements are waived. (Video ref 45)

Confidentiality concerns often center on how the information obtained from subjects is guarded from being improperly revealed. Researchers should take precautions to guard all study data, but extra caution must be taken with data that contains individual identifiers on it. There are some standard practices which, under most circumstances, will guard against confidentiality breeches. These include: using codes instead of individual identifiers, removing the face sheet (which may contain names, addresses, and other identifiers), disposing of hard copies of data properly, and strictly controlling access to data. When the research concerns highly sensitive topics, other precautions may be put into place. This may include having the requirement for signed consent forms waived. Or the data may be collected in an anonymous fashion, such as through an online survey. In some circumstances, such as when research into illegal activities is being conducted, Certificates of Confidentiality, discussed below, may be obtained to protect the data from compelled disclosure. (ref 15)

During dissemination, whether it is in an electronic or print publication, or an oral presentation, researchers must be careful not to reveal individual data but only aggregate data. Care also needs to be taken if even seemingly non-individual data could be used to identify a particular person. For example, if an agency is named that only has a few employees and only one of them is a young female, to discuss a “young, female subject” and name the agency can compromise her privacy, even though, under many circumstances to use the term “young, female subject” would not be an individual identifier.

Certificates of Confidentiality

Download PDF (REF 75)

In certain circumstances, researchers may apply to the National Institutes of Health (NIH) for a Certificate of Confidentiality to protect against compelled disclosure of information about subjects who are involved in sensitive research topics. The Certificate of Confidentiality serves as protection against compelled disclosure from all levels of government—local, state and federal. It is intended to encourage participation in research by subjects who might otherwise fear that their identity would be revealed and they would suffer negative consequences as a result of their involvement in the research. This can be especially important to institutions and individuals who engage in research on sensitive topics such as genetic information, sexual information, substance abuse, and illegal behaviors. The protections afforded by the Certificate of Confidentiality begin when the certificate is issued or at the time the research commences and the data is protected in perpetuity. (ref 26)

There have been some legal actions taken to compel disclosure of information protected by Certificates of Confidentiality, but these actions were unsuccessful at the state level and the Supreme Court of the United States refused to hear the case. (ref 42)

Health Insurance Portability and Accountability Act (HIPAA)

(Video ref 96)

The “Privacy Rule” established a set of national standards for the protection of health information. The Privacy Rule protects individually identifiable information. This protects demographic information that relates to an individual’s past/present/future physical or mental health of condition; care that may have been provided to that individual and payment for that care. There are, however, no restrictions on the use or disclosure of de-identified health information. De-identified health information does not identify individuals directly, nor can an individual’s identity be ascertained by the information. Information may be de-identified in one of two ways. (ref 43)

The Privacy Rule does not preclude the need for a Certificate of Confidentiality. Certain information may be disclosed even under the privacy rule HIPAA and a Certificate prevents that. For example, judicial and administrative proceedings may compel disclosure, and law enforcement officials may compel disclosure. (ref 43) It should also be noted that the Patriot Act does not affect the protections afforded by the Certificate. (ref 42) (Go To Health Insurance Portability and Accountability Act Course)

Family Educational Rights and Privacy Act (FERPA)

Go To Family Educational Rights and Privacy Act (FERPA)

FERPA, or the Family Education Rights and Privacy Act, protects the privacy of student records, regardless of the age of that student. When a student reaches age 18 or transfers from a secondary school to a post-secondary institution, the rights afforded to parents in elementary and secondary schools transfer to the student him or herself. ‘Eligible student’ refers to students who are over age 18 or attending a post-secondary institution. (ref 44)

Under FERPA, parents or eligible students are afforded the following rights:

  • Review student educational records for that school
  • Request corrections to records they believe are inaccurate
  • Request a formal hearing, in the event that records are not corrected or amended as requested
  • Provide written permission for the release of any information from an education record

Schools are allowed to disclose records without parent or eligible student consent to the following parties or under the following circumstances (34 CFR § 99.31):

  • School officials with legitimate educational interest;
  • Other schools to which a student is transferring;
  • Specified officials for audit or evaluation purposes;
  • Appropriate parties in connection with financial aid to a student;
  • Organizations conducting certain studies for or on behalf of the school;
  • Accrediting organizations;
  • To comply with a judicial order or lawfully issued subpoena;
  • Appropriate officials in cases of health and safety emergencies; and
  • State and local authorities, within a juvenile justice system, pursuant to specific State law.

Under FERPA, schools have the right to disclose directory information without parent or eligible student consent. Directory information is determined by the schools, and the school must tell parents and eligible students exactly what is included in that school’s directory information, allowing them time to review and make a decision about whether they will allow their directory information to be disclosed. Directory information may include information such as student name, address, phone number, date or year of birth, telephone number, dates of attendance, and honors or awards. Disclosing directory information for a student where it has been prohibited is a violation of FERPA. Schools are also required to provide annual notification about student rights under FERPA, and to annually allow parents and eligible students to withdraw their permission to have directory information shared. (ref 93) Research that involves the use of school records must adhere to FERPA regulations, and must take care to ensure that all appropriate and explicit consents to use, review, or report information from student records beyond directory information has been obtained. (Go To Research with Children Course)

Limitations to confidentiality

For most studies confidentiality is a normal practice. There are instances in which confidentiality cannot be maintained. Confidentiality does not extend to all information that might come to light during the course of research and the limits of confidentiality should be clearly outlined in the consent form. (ref 42)

Researchers may also be required to disclose records due to a subpoena, by law and in some cases to the study sponsor or monitoring body. Mandatory reporting may be required for researchers who are also clinicians and professions who are required by law to report imminent harm to self or others. Information that may need to be disclosed includes child abuse, reportable communicable diseases, and threats of harm to self or others.

Subjects may also choose to disclose information to others during participation in the research. For example, if a focus group is used in data collection confidentiality cannot be guaranteed. The informed consent should clearly state this limitation. This language may include: “While the researcher and study personnel will maintain confidentiality, we cannot guarantee this on behalf of the other participants in the focus group. We will request that all participants do not share your comments in the focus group with others.”


This Course discussed privacy and confidentiality in research. First we differentiated privacy from confidentiality. We discussed how risks to privacy can occur at many stages of research, and methods that can be used to guard against threats to both privacy and confidentiality. We examined the HIPAA and FERPA reporting requirements concerning the collection of private information. Finally we reviewed the limitations of confidentiality.