Guidelines for Protecting and Removing Human Subject Identifiers

Funding agencies, publishers, and research communities are increasingly encouraging researchers to share data, particularly through online repositories, while respecting IRB and federal restrictions against disclosing identifiers of human subjects. This guide presents initial steps for protecting and removing identifiers. Fully protecting data from inappropriate disclosure is not always possible without professional help, especially for health data. Taking initial steps at de-identifying data, however is recommended for:

• Protecting data during research projects
• Preparing data for vetted collaborators, restricted-access data repositories or public access (if reviewed and approved for release)
• Preserving datasets to support published findings and facilitate IRB approval for re-use.

This guide is organized by topic and phase of research.

• Overview of personal and health identifiers and disclosure risk
• Disclosure protection at the project planning stage: Grant proposals, IRB forms
• JHM Data Trust Council compliance
• Disclosure protection during data collection and analysis phase
• Secure storage choices
• Preparing de-identified datasets for sharing: 5 steps for disclosure risk protection
• Introduction to advanced de-identification techniques
• Further resources