Protecting Human Subject Identifiers

Introduction to concepts and basic techniques for disclosure analysis and protection of personal and health identifiers in research data for public or restricted access, following applicable JHU data governance policies. See Overview section for details.

Data Management Consultant

Profile Photo
Dave Fearon
JHU Data Services

Ask a Data Services Specialist a Question

Fall Chat  Hours: 
Monday - Thursday from 10am - 5pm. 
Friday - from 11am - 3pm
If you have any questions for Data Services outside of this time, please contact us via email.
NOTE:  Fall 2022 closures:
 - Labor Day, September 5
 - Fall Break:  October 20-21
 - Thanksgiving Holiday:  21-25

Data Services Profile

We are here to help you find, use, manage, visualize and share your data. Contact us to schedule a consultation. View and register for upcoming workshops. Visit our website to learn more about our services.

Guidelines for Protecting and Removing Personal and Health Identifiers

Guidelines for Protecting and Removing Human Subject Identifiers

Funding agencies, publishers, and research communities are increasingly encouraging researchers to share data, particularly through online repositories, while respecting IRB and federal restrictions against disclosing identifiers of human subjects. This guide presents initial steps for protecting and removing identifiers. Fully protecting data from inappropriate disclosure is not always possible without professional help, especially for health data. Taking initial steps at de-identifying data, however is recommended for:

  • Protecting data during research projects
  • Preparing data for vetted collaborators, restricted-access data repositories or public access (if reviewed and approved for release)
  • Preserving datasets to support published findings and facilitate IRB approval for re-use.
These guidelines are provided for informational purposes. JHU investigators preparing datasets for public or restricted external access should follow applicable JHU data governance policies, with guidance from IRB and the Johns Hopkins Privacy Office. For clinical and health data, the SOM IRB and the JHM Data Trust Council have additional requirements regarding approval of disclosure protection prior to sharing de-identified or restricted datasets. Please refer to the JHM Data Trust Council section of this guide and the Data Trust FAQ for details.

This guide is organized by topic and phase of research.

Training in human subject data protection at JHU:

  • In-person: "De-identifying Human Subjects Data for Sharing."  A 90-minute workshop covering topics in this guide. View the [current schedule here].   Trainings may also be scheduled for research groups and departments.
  • Online modules: Available to JH affiliates through Blackboard: De-identifying Human Subjects Data for Sharing 
Copyright 2019 by Johns Hopkins University Data Services. These materials may not be republished, re-purposed, or reposted without permission from JHU Data Services. Contact:


These materials are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License, attributable to Data Services, Johns Hopkins University.