Data Management Planning: Privacy and Ethical Issues

If you are a biomedical researcher, then you are well aware that funding agencies and publishers have guidelines for ensuring the privacy and ethical treatment of animal and human subjects. Any research institution that accepts federal funding is legally required to have policies in place to oversee its research programs. These policies include monitoring conflicts of interest, reporting misconduct, ensuring adherence to safety regulations, and maintaining committees that review animal and human research protocols.

The Institutional Animal Care and Use Committee (IACUC) oversees the appropriate care and humane treatment of animals being used for research, testing, and education. The purpose of the Institutional Review Board (IRB) is to protect the rights and welfare of individuals participating as subjects in the research process.

In the context of data management, the IRB has three roles:

  • Reviews data management plans to examine feasibility (cost, infrastructure, staffing).
  • Reviews data collection forms to limit the amount of personal identifiable information being collected.
  • Reviews research protocols to determine how data will be safeguarded.

The rules about safeguarding include consideration of who will have access to the data technically, physically, and administratively, as well as for what purpose. These are occasionally called the privacy or confidentiality rules. However, the University of Pittsburgh IRB makes an important distinction between the two terms:

  • “Privacy” refers to the individual’s right to control access to themselves, including personal information and biological specimens.
  • “Confidentiality” refers to how an individual’s private information will be protected from release by the researcher, which is an important element of the consent process.

At the federal level, health data are protected by the Health Insurance Portability and Accountability Act (HIPAA). Information about the University of Pittsburgh’s HIPAA policies and procedures with regard to research may be found on Pitt’s Institutional Review Board’s Health Insurance Portability and Accountability Act (HIPAA) Web site, including sample protocols and consent forms.

If you are submitting a grant to either the National Institutes of Health or the National Science Foundation, be sure to review their guidelines on human subjects and privacy issues before creating your data management plan. If you have additional questions, refer to the University of Pittsburgh’s IACUC and IRB Web sites.

For previous articles on Data Management published in the HSLS Update, see:

~ Carrie Iwema