Abstract
Introduction
The need to protect the confidentiality of research data has long been recognized. One means to help protect research data from use in civil or criminal matters in the United States is a Certificate of Confidentiality (CoC). Until recently, investigators applied for a CoC when conducting research that was sensitive, stigmatizing or where the disclosure of private information could possibly result in civil or criminal liability. However, effective October 1, 2017, CoCs are automatically issued for much research supported by the National Institutes of Health (NIH). While automatic issuance reduces administrative burden, it also poses some surprising unanticipated challenges for research in general and pragmatic clinical trials (PCTs) in particular, which are key elements of learning health systems.
Methods
We reviewed the new policy on CoCs to identify and analyze issues related to it that are potentially problematic for PCTs.
Results
We identified three relevant issues: (1) whether the EHR may be populated with research data that may be sensitive or stigmatizing without explicit consent from subjects; (2) incomplete protections for sensitive data in the EHR; and (3) requirements for notifying subjects about the CoC provisions.
Conclusion
Formal guidance from the NIH is needed to address the application of CoCs to the setting of PCTs. In the meantime, it is essential for researchers designing and conducting PCTs, as well as health care systems in which this research is conducted, to be aware of the nuances inherent in CoCs so they can best adhere to their legal obligations regarding them. In the absence of guidance, special attention should be paid to pragmatic research that populates the electronic health record with research data as well as research conducted without explicit consent. Given the large amount of pragmatic research precipitated by the Coronavirus Disease 2019 pandemic, which has been accompanied by major efforts to share data, the need for such guidance is especially urgent.