405. Protecting Participant Privacy

Updated July 13, 2021

To approve research, federal regulations require the IRB to determine, when appropriate, that there are adequate provisions to protect the privacy of participants and to maintain the confidentiality of data (see 45 CFR 46.111(a)(7) and 21 CFR 56.111(a)(7)). Research-related concerns about privacy pertain primarily to the methods used to identify and contact prospective participants and obtain information about them. When researchers obtain information that participants have disclosed for public use or information for which participants have given consent for the researchers' use, there is little concern about privacy. Concerns about privacy arise when information is obtained for research purposes without the consent of the individual. Researchers must include a plan to protect participants' privacy and confidentiality. The IRB reviews the researcher's plan to protect participants' privacy and maintain confidentiality of data, utilizing regulatory, institutional and internal policies, procedures, and guidance.

Assessment of Privacy Concerns in Research

In that privacy refers to persons and their interest in controlling access to themselves and information about them, researchers and IRB members must consider that people want to control the following:

  • The time and place where personal information is obtained or given
  • The nature of the information obtained or given
  • What they will experience when providing personal information
  • Who will receive and use the information

Perceptions of Privacy

What is private depends on the individual and can vary according to gender, ethnicity, age, socio-economic class, education, ability level, social or verbal skill, health status, legal status, nationality, intelligence, personality, and the individual's relationship to the Researcher. For example, protecting the privacy interests of a young child might mean having a parent present at a session with a Researcher. Protecting the privacy interests of a teenager might mean having a parent absent.

Assessing Perceptions of Privacy

The following questions may be useful in assessing perceptions of privacy:

  • What cultural or societal mores may affect individual or group perceptions of privacy?
  • To what extent is the behavior of interest considered public?
  • Does the behavior of interest occur in a context in which an individual can reasonably expect that no observation or recording is taking place?
  • Does the research involve observation or intrusion in situations where the participants have a reasonable expectation of privacy?
  • Would reasonable people be offended by the proposed observation or intrusion? Can the research be redesigned to avoid the intrusion?
  • What legal considerations may alter perceptions of privacy (e.g., research on behaviors requiring mandatory disclosure)?
  • If participants are not aware their behavior was observed or recorded for research purposes, might they feel they have been harmed if they inadvertently learn of their involvement in the research?
  • For research involving deception or incomplete disclosure, what is the likelihood that participants may unintentionally disclose information they would not otherwise reveal?

Perceptions of Privacy and Internet Research

Internet research involving human participants may include the following data collection methods:

  • Collecting data or information through online interviews and surveys;
  • Collecting data or information through data scraping (i.e., obtaining data/information from current or archival posts, message boards, or other online media);
  • Collecting data or information to study how people use the Internet (e.g., through observation or usage analytics); and
  • Collecting data or information from public and private online data storage sites or repositories.

The questions for assessing perceptions of privacy also apply to research that involves access to information that is publicly available in an online context. In fact, perceptions of privacy may be particularly relevant for research involving social media, blogs, discussion forums, and newsgroups; venues in which information may be publicly available but that individuals do not expect will be used outside of the online context in which the information is available.

In addition to assessing users' perceptions of privacy, researchers are responsible for reviewing privacy rules or statements, and requirements for conducting research (if available) for all Internet sites that may be used for research. Privacy concerns must be disclosed to prospective research participants.

Researchers who are affiliated with targeted sites or populations must keep in mind that when conducting research, their roles change from user to researcher. This role change raises ethical questions related to use of existing posts and comments, and archival information, especially when access is restricted to registered site users.

Privacy Concerns for Observational Studies

Observational research, especially when covert, raises concerns about privacy. Covert observation involves concealment of the researcher and/or data recording devices while the behavior of individuals is observed and recorded. Observational research includes observation of individuals but also the collection of information from Internet discussion groups, list-serves, social media sites, blogs, online games, and chatrooms. Researchers and the IRB must consider personal perceptions of privacy when designing observational studies.

Privacy Considerations for Using Private Records for Research

Research sometimes involves information that was provided for a specific, non-research purpose. Privacy concerns arise when the person to whom the records pertain would not expect her/his identifiable private information to be made available for other purposes, such as a research study, or shared with family members.

For example, when patients give personal information to a doctor or hospital for diagnosis or treatment, they expect the information will be shared only as necessary for their health care or reimbursement by their insurance company or other third party payer. The same expectations likely apply to students regarding educators, and of employees regarding their employers.

However, while an organization has an obligation to keep certain information confidential, there may be other appropriate uses for the records. Some important research (e.g., epidemiological studies) could not be conducted unless investigators are able to gain access to many records (sometimes thousands) to identify eligible participants or match relevant records.

When researchers require access to records containing identifiable information, without the explicit permission of the person to whom the records pertain, the following considerations apply:

  • The proposed use or disclosure must not violate any limitations under which the record or information was collected (e.g., education records and FERPA, or medical records and HIPAA).
  • Use or disclosure in individually identifiable form must be necessary to accomplish the research.
  • The importance of the research must warrant the risk to the individual from additional exposure of the record or information.
  • The user or recipient of the information will establish and maintain adequate safeguards (including a program for removal or destruction of identifiers) to protect personal information from unauthorized disclosure.
  • The user or recipient will obtain written consent before any further use or additional disclosure of the record or information in individually identifiable form is permitted.
  • Researchers may only obtain and use social security numbers when the use is required to meet the specific aims of the research, process payments/incentives, or enter information in a participant's health record.

Privacy Concerns Related to Sample Selection and Identification of Study Participants

To reduce privacy problems in research that requires use of contact information from existing records, investigators may wish to work with the institution possessing the records to determine if the institution may be willing to:

  • provide patients, clients, or students with the researcher's contact information so interested persons may contact the researchers; or
  • contact patients, clients, students and ask permission to release their names to the researchers.

Use of Existing Records to Identify or Assess Eligibility for Prospective Participants

Research that involves the use of existing records to assess for eligibility or identify prospective participants requires the following considerations:

  • Does the research include information which has been provided for specific purposes by an individual and which the individual reasonably expects will not be made public?
  • Whose permission is required to access the records?
  • Will names be recorded for follow-up or personal contact?
  • When, how, and by whom should prospective participants be approached?
  • Does HIPAA apply?
  • Does FERPA apply?
  • Do other legal restrictions apply to the disclosure or use of the records?

Use of Other Methods to Select or Identify Prospective Participants

Additional considerations may apply, depending on the sample selection methods:

  • Self-identification: How will prospective participants assess their own eligibility? How will eligible persons notify researchers of their interest?
  • Group eligibility: If prospective participants must belong to a group that shares select characteristics, how will group affiliation be determined and kept private? If group affiliation itself may introduce risk (e.g., HIV+), how will participation in the research be kept private?
  • Whether appropriate permission is sought for access to records when reviewing existing records for participant selection or to abstract data;

NOTE: When participation in a research study may pose risks, no lists or identifiable information should be kept for individuals who do not enroll in the study.

  • Screening for eligibility: If inclusion and exclusion criteria are specific, when and how will prospective participants be screened for eligibility? How will researchers notify individuals of their eligibility status? Will researchers keep or discard information for persons not eligible for study participation?
  • "Opt out" provisions: How will individuals who wish to opt out of participation do so privately?

Privacy Considerations for Recruitment and Consent Processes

Privacy during Recruitment

Recruitment procedures must be carefully designed to protect the privacy of prospective participants, and to minimize opportunities for outsiders to determine who volunteered and who declined to participate.

  • Public areas: How will researchers protect the privacy of prospective participants who may not be alone?
  • Private areas: What are the privacy expectations of individuals who may be approached in areas in which they do not anticipate intrusions?
  • Mailings: How will individual contact information be obtained? What safeguards will be in place to protect privacy in the event mailings are viewed by someone other than the intended recipient?
  • Recruitment by persons who are not members of the research team (e.g., translators or interpreters; intermediaries or gatekeepers): What precautions will be in place to keep enrollment private from external persons involved in recruitment?
  • Telephone recruitment: How will telephone numbers be obtained? What safeguards will be in place to protect privacy if the phone is answered by someone other than the intended recipient or a voice message will be left?
  • Email recruitment: How will email addresses be obtained? What safeguards will be in place to protect privacy in the event email messages are viewed by someone other than the intended recipient?
  • Internet recruitment: How will individual contact information obtained? How will privacy be protected during online recruitment? Will participants' "handles" or site aliases be used exclusively; or will email addresses, names, or other identifiers be obtained? Will researchers be active members of the list-serve, website, or chat room? Will researcher-members identify themselves as researchers for the purposes of the research activity?
  • Recruitment in jails/prisons: How will researchers protect the privacy of incarcerated persons when inviting them to participate? If recruitment will be through intermediaries or gatekeepers, what precautions will be in place to protect the privacy of eligible persons during recruitment?
  • Recruitment in drug/alcohol treatment centers: How will individual contact information be obtained? If recruitment will be through intermediaries or gatekeepers, what precautions will be in place to protect the privacy of eligible persons during recruitment?
  • Recruitment of minors: Privacy interests may vary with the age of the child. For example, will privacy be enhanced or diminished if a parent is present? For recruitment in public places (e.g., classrooms), how will researchers obtain and protect information about parent permission? How will researchers ensure minors with parent permission are free to decline to participate (when appropriate)?

Privacy and Informed Consent

Where there is a risk that privacy may be compromised, the IRB will evaluate:

  • Setting: What circumstances will best protect the privacy interests of prospective participants during consent and enrollment procedures? How will questions of prospective participants be answered privately?
  • Presence of other individuals or observers (including translators or interpreters): What protections will be in place to ensure privacy during consent processes and enrollment when non-researchers may be present?
  • Internet-based research: What mechanisms will be used to protect privacy when consent procedures take place online? How will questions of potential participants be answered privately?
  • Copies of consent forms in clinical/program records: Researchers should specify if consent forms will be placed in clinical/program records and explain why such placement is or is not advisable.
  • Focus groups: What protections will be in place to ensure privacy during consent processes and enrollment in a group setting?
  • Informing study participants of privacy and confidentiality concerns: What and how will participants be told about privacy and confidentiality risks associated with study participation, and safeguards to minimize these risks?
  • Waiver of documentation of consent: For research in which a waiver of written consent has been approved because the principal risk is harm resulting from breach of confidentiality, how will researchers ensure participants' wishes would govern regarding whether documentation will exist linking her/him to the research?
  • Re-contacting participants: Does the research involve re-contacting participants? How will privacy be protected in this process?
  • Should documentation of consent be waived to protect participant privacy?

Privacy during Data Collection

  • To what degree should the identity of research participants be protected?
  • How will data collection procedures be designed to ensure participant privacy, especially during the collection of sensitive information?
  • Could identifiable information about participants or their behavior, if disclosed outside of the research, place participants at risk?
  • Might the information obtained about participant’s interest law enforcement or other government agencies? Should the researchers obtain a Certificate of Confidentiality to protect the privacy of research participants?
  • Are the investigator's disclosures to participants about privacy concerns adequate?