Investigator and Institutional CoC Responsibilities

Investigators and institutions have several responsibilities associated with the CoC. Read more about these responsibilities below.

Inform Participants

Investigators that are deemed issued, or non-NIH-funded investigators that are, after request, issued a CoC from NIH and will obtain informed consent must inform the participants about the CoC protections and any exceptions to the CoC protections.

Tip
See sample consent language regarding CoCs.
Note
Use of this sample language is not required. Investigators may use any language that satisfies the requirements for informing participants about CoC protections and any applicable limitations to those protections (see section 2 below for more information).

Do Not Release Participant’s Identifiable Sensitive Information Except Under Limited Circumstances

Identifiable, sensitive information covered by a CoC must not be disclosed or provided:

  • In any Federal, State, or local civil, criminal, administrative, legislative, or other proceeding OR
  • To any other person not connected with the research.

Limited circumstances when the investigator and institution may release participant’s identifiable sensitive information:

  • If required by other Federal, State, or local laws, such as for public health reporting of communicable diseases or child or elder abuse reporting*
  • If the participant consents;
  • If necessary for the medical treatment of the participant and made with the consent of the participant; or
  • for the purposes of scientific research that is compliant with human subjects’ regulations
Tip
Disclosure of identifiable, sensitive information (i.e., information, physical documents, or biospecimens) protected by a Certificate of Confidentiality must be done when such disclosure is required by other applicable Federal, State, or local laws.

Uphold CoC Protections

Institutions issued a CoC agree to protect participants’ identifiable, sensitive information from compelled disclosure and support and defend the authority of the Certificate against legal challenges.

In keeping with this agreement, institutions issued a CoC need to consider these protections when selecting third parties or entities (such as contractors and online platform vendors) and utilize those that can and will protect covered information against compelled disclosure. Remember that the institution holding the CoC is ultimately responsible for safeguarding all the information covered by the Certificate against compelled disclosure. For NIH funded studies, failure to comply with CoC protections is a violation of the terms and conditions of their award.

For additional information on the requirements to uphold CoC protections:

Inform Investigators or Institutions Receiving a Copy of Protected Information About CoC Protections

Certificate of Confidentiality recipients are required to inform investigators or institutions who receive a copy of identifiable, sensitive information or obtain biospecimens that are protected by a Certificate that they are also subject to the requirements of the CoC. These institutions and investigators are required to protect the identifiable, sensitive information or biospecimens from disclosure since the responsibilities apply to them equally.

Note
Investigators and institutions that are considering placing research data protected by a CoC in the participants medical records should discuss this with their institutional counsel.

NIH funded investigators have additional CoC responsibilities.

FAQs

This page last updated on: September 23, 2024
For technical issues E-mail OER Webmaster