Assurances of Confidentiality
An Assurance of Confidentiality is a formal confidentiality protection authorized under Section 308(d) of the Public Health Service Act. It is used for projects conducted by CDC staff or contractors that involve the collection or maintenance of sensitive identifiable or potentially identifiable information. This protection allows CDC programs to assure individuals and institutions involved in research or non-research projects that those conducting the project will protect the confidentiality of the data collected. The legislation states that no identifiable information may be used for any purpose other than the purpose for which it was supplied unless such institution or individual has consented to that disclosure.
Under section 308(d) of the Public Health Service Act surveys conducted by the National Center for Health Statistics (NCHS) as part of their authorizing legislation are automatically protected by an Assurance of Confidentiality. In addition, Assurances of Confidentiality may be issued to projects conducted by all other CDC components, after formal application to and approval by the CDC Confidentiality Review Group has been obtained.
Information about institutions and/or individuals of research or non-research projects that involve the collection or maintenance of sensitive identifiable or potentially identifiable information and for which an Assurance of Confidentiality has been approved is protected. At CDC, the 308(d) assurance has most often been used to protect sensitive identifiable data for non-research projects, but has also been used for research studies collecting sensitive identifiable data.
Extent and Limitations of Coverage
Protected information includes identifiable or potentially identifiable information on institutions or individuals who are the subjects of research or non-research studies with an approved Assurance of Confidentiality.
Disclosures can be made without individual authorization only for purposes stated at the time of data collection or specifically consented to thereafter by each of the parties who were provided the promise of confidentiality.
Assurances of Confidentiality do not take the place of good data security or clear policies and procedures for data protection, which are essential to the protection of participants’ privacy. Investigators should take appropriate steps to safeguard data and findings. Unauthorized individuals must not access the data or learn the identity of participants.
Assurances of Confidentiality Contact