Protecting Confidentiality in Human Research

The validity of clinical research relies on accurate and truthful data collected without fear of disclosure of sensitive information. To that end, Congress authorized the Secretary of Health and Human Services to issue certificates giving investigators protection as intended by the statute to refuse to disclose the identity of research subjects, even when required by an order of the court. The Certificate of Confidentiality is intended to guarantee that vulnerable research populations can participate in research without fear of disclosure. Some court cases, however, have raised concerns about whether the Certificate provides the promised protections and whether the application procedure is overly cumbersome (1, 2). In addition, the Patriot Act further clouds the security provided to research information presumably secured by the Certificate. At the same time, the National Institutes of Health (NIH) and local institutional review boards have been encouraging, and sometimes requiring, researchers to obtain a Certificate in order to carry out research. These issues have been the focus of several recent symposia at national conferences (3; unpublished 2012 paper of L. Dame; unpublished 2012 paper of T. Zarcone; unpublished 2011 paper of L. Beskow).

Approximately 1,000 new Certificates (a mean of 1,016 Certificates [SD=103] from 2009 to 2011) are granted annually by NIH. Most Certificates are granted by the National Institutes on Drug Abuse (24%), of Mental Health (22%), of Alcohol Abuse and Alcoholism (10%), and of Child Health and Human Development (12%). Given the increasingly important role played by Certificates, we briefly review five court cases analyzing the legal status of the Certificate, discuss remaining areas of uncertainty, and offer specific recommendations that would further secure and extend the Certificate’s protections.

Background

In 1970, Public Health Service Act section 301(d), 42 U.S. Code 241(d), authorized the Secretary of Health and Human Services to issue a Certificate of Confidentiality to protect the identities of individuals participating in drug abuse research. At the time, drug-addicted individuals generally refused to participate in research out of concerns about civil and criminal liability. Public Health Service Act section 301 (PHS Act 301) thus authorized “persons engaged in research on the use and effects of drugs to protect the privacy of individuals who are the subject of such research by withholding from all persons not connected with the conduct of such research the names or other identifying characteristics of such individuals” (italics ours). A critical addition noted, “Persons so authorized to protect the privacy of such individuals may not be compelled in any federal, state or local civil, criminal, administrative, legislative or other proceedings to identify such individuals.” In 1974, the act was modified to include “mental health, including research on the use and effect of alcohol and other psychoactive drugs” (4) and further expanded in 1988 to cover all health research (5). This inclusion appears prescient given more recent concerns regarding genetic testing.

Legal Cases

Over the 40-year history of the Certificate, several legal challenges have reached the courts. The major cases, their outcomes, and legal precedence are briefly described below.

People v. Newman (6).

In 1972, a witness to a homicide thought she recognized the perpetrator as a fellow research subject at a methadone maintenance facility. A subpoena was obtained to compel the clinic to produce their patients’ pictures (used by the clinic to ensure their patients’ identity) to assist in the perpetrator’s identification. As the project held a Certificate, the program’s director refused to comply with the subpoena. Although the trial court held the director in contempt for refusing to comply, this ruling was reversed on appeal in the New York State Court of Appeals. The U.S. Supreme Court declined to hear the case. People had argued that a 1972 statute amending section 42 of the Federal Code would allow the court to compel the investigator to release the photographs. However, the court ruled that since the 1972 amendment did not specifically repeal PHS Act 301, the protections provided by PHS Act 301 remained as long as a Certificate had been obtained. Thus, the appellate ruling supported the original intent of Congress affording protection of a research subject’s identity through the Certificate.

New York v. Still (7).

The defendant was charged with possession of a controlled substance (methadone). The defendant told the police that he was a patient and research subject at a methadone clinic and thereby legally in possession of methadone. The clinic refused to confirm this claim, citing the protection of the Certificate. The appellate court ruled that by volunteering his attendance at the clinic, the defendant waived the rights provided by the Certificate. This case established that confidentiality provided by the Certificate was not protected if the identity of the research subject was voluntarily disclosed.

Murphy v. Philip Morris, Inc. (8).

The plaintiff took action against Philip Morris, asserting that he contracted lung cancer from secondhand tobacco smoke exposure. Philip Morris sought to compel the University of Southern California (USC) to disclose raw data from a Certificate-protected study supporting the relationship between secondhand smoke and lung cancer. While the court granted access to data from several study participants with identities redacted, it also issued a protective order stating that the defendant could not disclose the data and was “expressly prohibited” from identifying study participants. Furthermore, upon completion of their defense, all data were to be returned to USC. The court thereby attempted to ensure the protection of the identities of the research subjects, although not their data. This case emphasizes a critical distinction in the Certificate: while the identity of the research subject is protected, their research data are not. Thus, PHS Act 301 only protects “the names or other identifying characteristics of … individuals.”

State of North Carolina v. Bradley (9).

This more recent case has produced significant concerns regarding the Certificate’s protection (1). The defendant was charged with statutory rape, and his attorney requested a prosecution witness’s study records from Duke University Health System. The request was granted, albeit with the order that study documents remain confidential unless used at trial or sentencing. The presiding judge and appeals court subsequently ruled to protect, then allow, and ultimately protect access to the records. However, the judge and appeals court based their decisions on the belief that the defense was unlikely to find exculpatory evidence, not because of the protections provided by the Certificate. Thus, the protections offered by the Certificate were not addressed. Nevertheless, the initial ruling required the university to turn over the research subject’s identity to the court. However, the identity was never released to the opposing counsel and thus could be considered “nondisclosed.”

Connecticut Superior Court for Juvenile Matters (Case Name Redacted)

An investigator at Yale University informed the Connecticut Department of Children and Families of concerns regarding a mother’s ability to care for her children. The investigator also reported that the children were participating in a research study. Attempts by the department to obtain study information were upheld, as the voluntary disclosure by the investigator precluded the use of the Certificate to protect against further disclosure. Again, the courts found that voluntary disclosure of the research subject’s identity, either by the subject or the investigator, negated the protections offered by the Certificate.

As the cases above illustrate, areas of legal ambiguity surround the Certificate. While the identities of the participants have been protected (unless revealed by the investigator or the participant), the research data have not been protected. Questions regarding the Certificate’s protections primarily concern future court decisions that may or may not occur in response to challenges that could come to pass. Nevertheless, most attorneys and courts over the past 40 years have been responsive to the Certificate and have abided by its protections. On the other hand, discussions with our colleagues in the scientific community led to our concern that the Certificate offers fewer protections than is generally believed.

Areas of Uncertainty

Several areas of uncertainty about the Certificate’s protections remain. First, concerns that sponsoring institutions may not support the Certificate’s protections in the presence of a legal challenge may have some theoretical validity, although to our knowledge all institutions, to date, have supported the Certificate. In requesting a Certificate, the sponsoring institution agrees to “support and defend the authority of the Certificate against legal challenges.” However, an institution’s commitment to appealing court rulings that undermine the Certificate’s authority has been neither specified nor tested.

Second, the optimal method to ensure the confidentiality of research participation while providing clinical care continues to evolve. Some programs maintain separate research and clinical charts. However, this method may result in study participants receiving experimental treatment, unbeknownst to the treating clinician. An alternative approach requires the clinical chart to reflect research participation. For example, the Veterans Health Administration (VHA) requires all participation in clinical research that utilizes VHA resources or that may result in psychological or physical harm to be documented in the clinical chart (VHA Handbook 1907.01 and 1004.1). While providing clinicians with information necessary to treat the patient, this process allows widespread access to Certificate-protected information. Unfortunately, protection from being compelled to reveal participants’ identifiers only extends to “persons engaged in … research”; it may not extend to medical personnel aware of the patient’s participation but not actually conducting the research. Although the Office for Human Research Protections (http://www.hhs.gov/ohrp/policy/certconf.html) states that the protections offered by PHS Act 301 include “researchers and institutions,” whether these protections extend to all clinical employees of the institution has not been tested. In addition, if the Certificate is obtained through an academic institution but a research subject’s participation is noted in a VHA chart, do the Certificate’s protections extend to an affiliated institution? As the federal government’s eHealth Initiative allows greater access to medical charts, the number of nonresearch staff with access will exponentially rise. Thus, clinical or administrative hospital staff aware of a research subject’s participation may inadvertently provide their identity. Once a participant’s identity has been revealed, the Certificate protects neither the person’s identity nor his or her research data. The commitment of a sponsoring institution to resist subpoenas for nonresearch staff has not been tested.

A third area of uncertainty is related to the USA Patriot Act, which was signed into law in 2001 and extended in 2011. Title II of the act, entitled “Enhanced Surveillance Procedures,” provides greater powers of surveillance to several government agencies. Section 215 (the “library records” provision) allows government agencies to gather “tangible things,” including “books, records, papers, documents, and other items,” during investigations into international terrorism. Although the NIH Certificate of Confidentiality Kiosk notes that the Patriot Act does not affect the Certificate’s protections, this has not, to our knowledge, been tested. Section 215 also states that “No person shall disclose to any other person … that the Federal Bureau of Investigation has sought or obtained tangible things under this section.” Thus, investigators who reveal to research participants that their identity has been compromised or who otherwise impede the investigation (even by challenging the order) would be in violation of the act. The act, however, provides protection to anyone who complies with the order, presumably protecting the investigator and institution from liability resulting from disclosing information protected by the Certificate.

Recommendations

Researchers and institutional review boards

Given these concerns, research information entered on a clinical chart should be minimized. Disclosures of research-related diagnoses and treatment should be avoided unless they are important for clinical care (e.g., participation in a medication trial). Institutions should develop policies to protect against inadvertent disclosures of research information from a clinical chart.

The consent process

Research is needed to explore what study participants actually understand about the Certificate and how this understanding does or does not affect their decision to participate. Investigators should consider rephrasing the recommended language of the NIH Kiosk to better convey the limitations described here.

NIH

The NIH Kiosk should clearly note the Certificate’s limitations: 1) protection from being compelled to reveal participants’ identities may only extend to those engaged in the research, 2) research information entered on a clinical chart may compromise the Certificate’s protections, and 3) a participant’s identity may possibly be released if requested for national security. Although the Kiosk notes that “voluntary disclosure of information by study participants themselves or any disclosure that the study participant has consented to in writing, such as to insurers, employers, or other third parties” is permitted, it is not specifically stated that even disclosure of research participation to a family member could potentially void the Certificate’s protections. A spouse suing for divorce, for example, could request research-related data if he or she had prior knowledge of the research subject’s participation. Whether a court would accept this claim is untested.

Policymakers

Considering the limitations of the Certificate, lawmakers should expand its scope to include 1) the protection of research data in addition to the participant’s identity and 2) the protection of nonresearch staff from being compelled to identify a participant’s identity and data. These changes would require an act of Congress, but they would mitigate all of the above concerns except those posed by the Patriot Act.

Conclusions

The protections provided by the Certificate are substantially greater than those offered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Although the Certificate has generally held up to legal challenges, some court rulings have exposed vulnerability. While the outcome of future legal challenges cannot be predicted, and concerns remain regarding the best method to implement protections in the clinical research environment, the Certificate appears to have served its original purpose. Nevertheless, we believe the Certificate is generally assumed to offer far more protection than it does. Its inclusion in the consent process may mislead research subjects, as well as the investigators and parent institutions, into a false sense of security. However, with the appropriate caveats and modifications, the Certificate can become an even stronger tool for protecting the rights of research participants.