Certificates of Confidentiality for Non-Federally Funded Research: Protection of Human Subject Privacy in FDA-Regulated Studies
This guidance describes FDA's implementation of provisions related to Certificates of Confidentiality (CoC) for protecting privacy of human research subjects from whom identifiable, sensitive information is collected. It focuses on discretionary CoCs for non-federally funded research involving FDA-regulated products, explaining how to request them and the associated statutory responsibilities.
Recommended Actions
- Evaluate if your research requires a CoC by assessing:
- If you collect identifiable, sensitive information
- If you are a sponsor/sponsor-investigator
- If research involves FDA-regulated products
- If you have adequate confidentiality protection measures
- If CoC is needed:
- Prepare request letter with required descriptive information
- Include all necessary assurances regarding confidentiality protection
- Submit electronically to appropriate FDA Center
- Implement processes to:
- Protect identifiable information in perpetuity
- Control information sharing with other entities
- Handle permitted disclosures appropriately
- Maintain documentation of CoC compliance
- Review and update privacy protection procedures to enhance confidentiality safeguards
- Train relevant staff on CoC requirements and responsibilities
Key Considerations
Cybersecurity
- Must have sufficient research measures to protect confidentiality of identifiable, sensitive information
- All copies of identifiable, sensitive information must be protected in perpetuity
Other considerations
- Only sponsors or sponsor-investigators should submit requests for discretionary CoCs
- Research must involve FDA-regulated products and be subject to FDA regulatory authority
- Must collect or use identifiable, sensitive information in the research
- Disclosure of protected information is only permitted in specific circumstances:
- Cybersecurity in Medical Devices: Design, Implementation, and Premarket Submissions
- Categories of Research Eligible for Expedited IRB Review
Related references and norms
- 21 CFR §50.3: Protection of Human Subjects
- 21 CFR §56.102: Institutional Review Boards
- 42 U.S.C. §241(d): Public Health Service Act provisions on Certificates of Confidentiality
Original guidance
- Certificates of Confidentiality for Non-Federally Funded Research: Protection of Human Subject Privacy in FDA-Regulated Studies
- HTML / PDF
- Issue date: 2020-11-13
- Last changed date: 2024-10-01
- Status: FINAL
- Official FDA topics: Radiation-Emitting Products, Tobacco, Medical Devices, Food & Beverages, Good Clinical Practice (GCP), Dietary Supplements, Drugs, Animal & Veterinary, Biologics, Research, Cosmetics
- ReguVirta summary file ID: 2b121db17b5cacef2633b6fc3c56f3a4
This post is licensed under CC BY 4.0 by the author.