Planning for disclosure protection from the project's start

Removing personal identifiers from data can take significant effort. Even from the project proposal stage, it is important to decide whether significant data de-identification will be required if sharing data, and how to protect against identifier disclosure even when gathering and using data internally. Here are some tips and methods for more efficiently integrating identifier protection throughout the research process.

Proposal Data Management Plans

Prepare a Data Management Plan (DMP) for sharing and/or de-identifying data, storage, and documentation. Many funders have data sharing policies that require DMPs for grant proposals or after awards. Proposal Data Management Plans should state whether de-identified data will be shared or provide justification for not sharing such data. Sharing data w/ identifiers is not required, but should be justified:

Sample justification text: “Subject identifiers cannot be adequately removed from all interview transcripts. Selected de-identified sections will be shared.”

Guided web forms for creating DMP's for all funders can be found at https://dmptool.org. JHU Data Services can provide feedback and direct guidance on preparign plans.

Even if DMP's aren't required for a proposal or awarded project, all projects should consider developing a data management plan, especially if data will be accessed by external collaborators or shared publicly through a data repository.  A DMP should cover: 

• What data are produced during the research workflow, with awareness of special formats and metadata documentation standards relevant to sharing.
• How and where data are stored and backed up (e.g., copies to a secure drive and an offsite backup to a cloud server.)
• What data will be shared, where, and under what conditions (including plans for de-identification and depositing to restricted or public data repositories).
• Procedures for organizing and tracking files and documenting procedural changes during research.

Budgeting for disclosure protection: Some funders allow requests for funds to cover costs of preparing de-identified datasets. Disclosure protection for smaller restricted datasets may only require in-house resources; however, large datasets developed for public access may require hiring statisticians trained in the techniques, and/or external services for disclosure risk assessment and mitigation.

IRB and Disclosure Protection Plans

Plans for protecting identifiers, especially for publicly accessible data, should be specified in IRB Forms and Subject Consent forms.

IRB Research Plans detail collection, protection, sharing, and disposal of data with identifiers and should address:

• What identifiers will be collected
• How will you protect the rights and privacy of human subjects both during and after the study
• Who can use data and under what conditions
• How long will data be retained. Are identifiers kept or how will they be disposed of?
• What data will be shared: peer to peer, or via a public or restricted repository

Subject consent forms should state intentions to share data, whether for public or restricted access. If research subjects do not know data will be shared, IRB may not approve releasing the data. HIPAA's "expert-level" de-identified data may not require direct consent, because links to subjects have been removed, but only if fully de-identified and approved by IRB and/or the JHM Data Trust Council for release. Here is some sample consent form language: