Certificates of Confidentiality: NIGMS Procedures


Certificates of Confidentiality allow researchers to avoid the involuntary release of any portion of research records containing information that could be used to identify study participants. A Certificate of Confidentiality protects the investigator and anyone else who has access to research records from being compelled to disclose identifying information in any civil, criminal, administrative, legislative or other proceedings, whether federal, state or local. Identifying information is broadly defined as any item or combination of data about a research subject that could reasonably lead directly or indirectly, by reference to other information, to the identification of a research subject.

Certificates can be used to promote participation in studies by assuring anonymity to participants. Certificates will be issued only when the research is of a sensitive nature, where protection is judged necessary to achieve the research objectives. For instance, a Certificate of Confidentiality may be granted if disclosure could have adverse legal consequences or damage the financial standing, employability, insurability or reputation of the participant. The Certificate will help researchers avoid involuntary disclosure that could expose subjects and their families to adverse economic, psychological and social consequences.


Certificates of Confidentiality were originally authorized by a 1970 amendment to the Public Health Service Act to protect participants in research on substance abuse. The authority to award Certificates was vested with the secretary of the Department of Health and Human Services (DHHS). In 1988, the statute was broadened such that Certificates could be sought to protect individuals participating in biomedical, behavioral, clinical and other research, and the authority to issue Certificates was delegated to the Office of the Assistant Secretary for Health (OASH). With the reorganization of the OASH in 1996, its Certificate authority was decentralized to the NIH institutes, and the NIH director further delegated this authority to certain NIH officials (institute and center [IC] directors, deputy IC directors and executive officers). Each IC now has the option of issuing its own Certificates.

Types of Projects Covered

NIGMS issues Certificates for single, well-defined projects rather than for groups or classes of projects. An exception is for cooperative multi-site projects, in which a coordinating center or "lead" institution designated by the government program director can apply on behalf of all member institutions, and a single Certificate providing protection to all participating sites is issued. In this case, the application must list each participating unit, its address and the project director of the participating unit on the first page of the application. The lead institution must assure that all participating institutions conform to the application assurances and inform subjects appropriately about the Certificate, its protections and the circumstances in which voluntary disclosures would be made.

Extent and Limitations of Coverage

Certificates of Confidentiality can be used to cover biomedical, behavioral, clinical or other research. Refer to the Frequently Asked Questions in the NIH Certificate of Confidentiality Kiosk for more details.

Certificates of Confidentiality do not obviate the need for data security, however. Researchers should take appropriate steps to safeguard research results so that individuals having access to medical records (including those who may access the records with the subject’s consent) cannot access the research results or learn the identity of research participants.

Certificates protect against involuntary disclosure; however, information may be voluntarily released under certain circumstances. For example, research subjects may disclose or consent to the disclosure of information (including research information) in their medical records to an insurer, and researchers may not use the Certificate to refuse disclosure under this circumstance. In addition, researchers are expected to make arrangements with local and state authorities to satisfy communicable disease reporting requirements, and subjects should be informed of this possibility in the informed consent document. Moreover, Certificates do not authorize researchers to refuse to disclose information about subjects if authorized DHHS personnel request such information for an audit or program evaluation or if such information is required by the Federal Food, Drug, and Cosmetic Act.

With the exceptions noted above, it is important to keep in mind that the authority to resist compulsory disclosure provided by a Certificate supersedes any federal, state or local laws that require such disclosure.

Period of Coverage

Certificates are issued for a specific time period and protect all information that would identify research subjects who participate in the project during that period. Data collected while a Certificate is in effect remain protected after the Certificate expires and in perpetuity. The time period begins on the date of issuance of the Certificate or the commencement of the research, whichever is later. Generally, Certificates are effective on the date of issuance or upon commencement of the research project if that occurs after the date of issuance. The expiration date should correspond to the completion of the study. It is advised that applicants select a period of coverage that may overestimate, rather than underestimate, the time required to complete the project.

Extensions, Modifications and Amendments

Requests for extensions of Certificate coverage should be made 3 months prior to the expiration date. They should be accompanied by a justification, documentation of the most recent Institutional Review Board (IRB) approval, and the new expected completion date for the research project.

Modifications to existing certificates are encouraged where possible, rather than applying for new certificates, to simplify and expedited the process. Requests should be submitted when there is a significant change in the scientific scope of the study (e.g., different/additional intervention, change in study population), but are not necessary for operational aspects such as change in study personnel (other than change in PD/PI). Requests for modifications or amendments should be made 3 months prior to the needed date. These requests should be accompanied by a justification and documentation of the most recent IRB approval.

An amendment to an existing Certificate should be requested when a principal investigator relocates to a new institution.

Eligibility Criteria

Certificates are appropriate when the research information gathered is of a sensitive nature and protection is deemed necessary in order to achieve the research objectives while protecting the study participants’ confidentiality and privacy. Studies gathering information, the disclosure of which could reasonably be expected to lead to social stigmatization or job or medical/life insurance discrimination, would qualify for a Certificate. Projects eligible for Certificates must involve the collection of sensitive information that, if disclosed, could be damaging to an individual’s financial standing, reputation, insurability or employability. Federal funding is not a prerequisite. Examples of research projects relevant to the mission of NIGMS that would be eligible include, but are not limited to, the following:

  • Projects involving genetic testing for disease predisposition.
  • Studies involving the collection and storage of biological samples for use in subsequent research could be eligible if the scope and purposes of such research can be adequately specified.
  • Studies involving the collection or storage of clinical and epidemiologic data.
  • Pharmacogenetic studies that involve human subjects.

Projects that are not research-based or research-related are ineligible for a Certificate of Confidentiality, as are projects that have not received IRB review and final approval. Projects are not eligible if collecting information that is not deemed to involve significant harm or damage to the subject if disclosed.

Application for Certificate of Confidentiality for NIGMS-Funded Projects

NIGMS uses a Web-based application process accessed through the NIH Certificates of Confidentiality Kiosk. This system will capture information (see below) as structured data elements that will be assembled to produce the ultimate Certificate of Confidentiality. The system will ensure consistent and comprehensive information about Certificate applications. Help is available throughout for technical and policy issues. Data collected includes:

  1. Name and address of grantee institution
  2. Sites where the research will be conducted and a description of the facilities available for the conduct of the research
  3. Title of the research project
  4. Source of support for the project
  5. Documentation of IRB approval (attach letter or form signed by authorized IRB representative). Approval must be current, unconditional or conditioned only upon the issuance of a Certificate of Confidentiality and documented by a letter or form signed by an authorized IRB representative
  6. Information about the PI and key personnel (contact information and summary of scientific training)
  7. Beginning date and expected end date of the project
  8. Concise description of project aims and research methods
  9. A description of means used to protect subjects' identities
  10. Justification for request for Certificate of Confidentiality
  11. Informed consent/assent forms for research subjects who will be participating in the study, as approved by the IRB
  12. Administration of drugs in research not funded by NIH (as applicable)
  13. Controlled drug (or drugs) to be administered (as applicable)
  14. Plans for reporting communicable diseases  (as applicable)
  15. Assurances -  Applicants must attach the following assurances:
    1. This institution agrees to use the Certificate of Confidentiality to protect against the compelled disclosure of personally identifiable information and to support and defend the authority of the Certificate against legal challenges
    2. The institution and personnel involved in the conduct of the research will comply with the applicable Federal regulation for the protection of human subjects or, if no such Federal regulation is otherwise applicable, they will comply with 45 CFR Part 46
    3. This Certificate of Confidentiality will not be represented as an endorsement of the project by the DHHS or NIH or used to coerce individuals to participate in the research project
    4. All subjects will be informed that a Certificate has been issued, and they will be provided with a description of the protection covered by the Certificate
    5. e) Any subjects entering the project after expiration or cancellation of the Certificate will be informed that the protection afforded by the Certificate does not apply to them
    Certificate of Confidentiality Application Portal

Review Procedures

Applications are reviewed and recommended for approval by the involved NIGMS program director and the staff review committee. Applications so recommended are forwarded to the director, NIGMS, for final approval and signature. Certificate requests that are not approved will be returned to the applicant with an explanation for the decision.

Agency Contacts

To obtain further information about Certificates of Confidentiality, to submit an application or to request an extension or amendment for an existing Certificate awarded by NIGMS, contact:

Erica Brown, Ph.D.
Certificate Coordinator
National Institute of General Medical Sciences
45 Center Drive, Room 2AS.24F, MSC 6200
Bethesda, MD 20892-6200
Tel: 301-827-4499
E-mail: ebrown1@mail.nih.gov

To submit a Certificate request or to obtain an extension or amendment for an existing Certificate awarded by an NIH institute or center other than NIGMS, contact that IC's coordinator (available at the NIH Certificates of Confidentiality Kiosk) or contact:

Ann M. Hardy, Dr.P.H.
NIH Extramural Human Research Protection Officer
and Certificates of Confidentiality Coordinator
Office of Extramural Programs
Office of Extramural Research
National Institutes of Health
6705 Rockledge Drive, Room 3002
Bethesda MD 20892
Tel: 301-435-2690
E-mail: hardyan@od.nih.gov