Privacy refers to a person's interest in controlling the access of others to himself or herself. Confidentiality, an extension of privacy, refers to the way in which personal information is handled by a second party who controls access to that information by others. Anonymity refers to the separation of personal identifiers from any information about an individual. The procedures for protecting confidentiality and anonymity and the limitations to confidentiality and anonymity must be discussed in the informed consent document.
IRBs must decide to what extent privacy, confidentiality, and anonymity apply to each project to protect participants adequately. These concepts can be thought of as existing independently in the abstract. However, within IRB approval each serves to counterbalance subjects' ultimate protection from risk, relative to the degree of risk involved in a project. An essential concern of the IRB is how any proposed invasion of privacy could harm an individual. IRBs must assess the potential repercussion to an individual that results from private information becoming known to others, such as past criminal activity becoming known to an employer. The investigator can regulate the degree of risk that occurs in a project by varying one of these three variables:
- Do not collect any sensitive personal data:
Complete respect for privacy, low risk.
- Increase the safeguards in maintaining sensitive data:
Respect for confidentiality, mild risk.
- Do not collect information which could link data to subject:
Provide complete anonymity, mild risk.
Varying the level of each of these factors in accordance with the level of risk will allow investigators to collect the needed data. It is important to remember that limitations to confidentiality and anonymity must be addressed in the informed consent document. For example, data may be subject to subpoena by court authorities, in which case researchers cannot guarantee confidentiality. However, IRB staff members are available to advise ways to limit the risks to confidentiality, such as means for delinking subject identifiers from data, construction of informed consent forms, and application to the Secretary of Health and Human Services for a certificate of confidentiality when appropriate.