This is a site to accompany my short course on managing confidential information in research:
[Lecture Slides]
[One Page Handout for Staff]
[Summary of Preliminary Recommendations]
[Updated 11/03/2009]
Failures of confidentiality threaten research integrity, reputation, legality, and funding. Every researcher in the social, behavioral and health sciences must understand how to manage confidential information in research. Successful management of confidential information is particularly challenging because it requires satisfying a combination of complex legal, statistical and technological constants. And the management of this information has grown increasingly challenging because of recent changes in the law, new forms of data collection, and advances in statistical methods for linking data.
This tutorial provides a framework for identifying and managing confidential information in research. It is most appropriate for mid-late career graduate students, faculty, and professional research staff who actively engage in the design/planning of research. The course will provide an overview of the major legal requirements governing confidential research data; and the core technological measures used to safeguard data. And it will provide an introduction to the statistical methods and software tools used to analyze and limit disclosure risks.
Use these collections of resources and reference to help you in managing your confidential research information:
And follow these four steps...
- Identify potentially sensitive information in planning
- Reduce sensitivity of information in design
- Separate sensitive information in collection
- Protect sensitive information in collection
- Use systems that are controlled, securely configured, and audited
- Ensure people are authenticated, authorized, licensed
- Review sensitive information before dissemination
- Review disclosure risk
Apply non-statistical disclosure limitation- Apply statistical disclosure limitation
- Review past releases and publically available data
- Check for changes in the law
- Require a use agreement
| General Resources | |
| E.A. Bankert & R.J. Andur, 2006, Institutional Review Board: Management and Function, Jones and Bartlett Publishers | A reference on all facets of human subject research |
| Security and Privacy Awareness | Online training from NIH. |
| IRB: Ethics & Human Research ; Journal of Empirical Research on Human Research Ethics | Two journals on human subjects issues. |
| 201 CMR 17; FERPA; HIPAAA; 45 CFR 46 (Common Rule) | Major laws affecting confidential research |
| Harvard Specific | |
| HETHR | Online training on ethics of human subjects research. |
| Harvard (Non-Medical) Institutional Review board | Reviews all non-medical human subjects research at Harvard. |
| Harvard Enterprise Information Security | University-level policies on information security. |
| Software | |
| Physionet DEID | Open source package for automated HIPAA deidentification of text records using . |
| Tau and Mu Argus | Free software for statistical disclosure limitation of tabular data and microdata. |
| SDCmicro | Open source package for microdata deidentification in R. |
| Guides to Disclosure Limitation | |
| Handbook of Statistical Disclosure Control | Recently updated on-line textbook on statistical disclosure control methodss. |
| Report on Statistical Disclosure Limitation Methodology | Reviews of methods used by federal statistical agencies. A key reference for HIPAA statistical disclosure limiation. |
| HSP Bibliography | An extensive online bibliography prepared by ICPSR. |
| Copyright © 1995-2009 | Micah Altman |