Institutional Review Boards

Proposed Changes to the Common Rule

The U.S. Office for Human Research Protections (OHRP) proposed a set of sweeping changes to the federal regulations that govern research involving human subjects (the "Common Rule"), in the form of an Advance Notice of Proposed Rule Making (ANPRM) and solicited comments from investigators, Institutional Review Boards (IRBs), and any other interested parties by October 26, 2011. The ANPRM posed 75 questions, among these were questions about the appropriateness of the HIPAA de-identification standards, a ban on re-identification, the role of consent, ways to facilitate autonomous data collection and sharing, and uses of biospecimens and genomic data. These are areas related to data privacy.

ANPRM ( PDF), View all submissions online.

Keywords: IRBs, HIPAA, re-idenitfication, de-identification, Common Rule


Data Privacy Responses

The three most important responses related to data privcy are:

  1. The proposed ban on re-identification would drive re-identification methods further into hidden, commercial activities and deprive the public, the research community and policy makers of knowledge about re-identification risks and potential harms to the public.

  2. The de-identification provisions of the HIPAA Privacy Rule do not take advantage of advances in data privacy or the nuances it provides in terms of dealing with different kinds of data and finely matching sensitivity to risk.

  3. There needs to be a channel for NCHS, NIST or a professional data privacy body to operationalize research results so that real-world data sharing decisions rely on the latest guidelines and best practices.

The Data Privacy Lab itself submitted a response and a version of that submission was joined by about 50 data privacy researchers and supporters primarily from computer science, medical informatics, public policy and law, from insitutions across the United States. Two national privacy groups, the Electronic Privacy Information Center (EPIC) and Patient Privacy Rights also supported the submission. These responses broadly address the fitness and appropriateness of HIPAA and the emerging field of data privacy. A third complementary and coordinated response from academics and researchers drew on recent advances in understanding data privacy from a theoretical computer science perspective. Copies of these submissions appears below.

  • Data Privacy Researchers and Supporters (PDF)

  • Academics and Researchers leveraging advances in theoretical computer Science (PDF)

  • Data Privacy Lab (PDF)


Related Responses

Privacy Groups

  • World Privacy Forum (PDF)
  • Electronic Frontier Foundation (PDF)

Researchers and Research Organizations

  • Harvard University (PDF)
  • American Anthropological Association AAA (PDF)
  • American Association of Public Opinion Research AAPOR (PDF)
  • American Association of University Professors AAUP (PDF)
  • American Historical Association AHA (PDF)
  • American Psychological Association APA (PDF)
  • Association for the Accreditation of Human Research Protection Programs AAHRPP) (PDF)
  • Association of Academic Survey Research Organizations AASRO (PDF)
  • Association of American Medical Colleges AAMC (PDF)
  • Consortium of Social Science Associations COSSA (PDF)
  • Inter-University Consortium for Political and Social Research ICPSR (PDF)
  • Public Responsibility in Medicine and Research PRIM&R (PDF)
  • Secretary's Advisory Committee on Human Research Protections SACHRP (PDF)
  • Secretary's Advisory Committee on Human Research Protections SACHRP Minority Report (PDF)
  • Social Science History Association SSHA (PDF)
  • UCLA Social Science Data Archive SSDA (PDF)
  • Zachary Schrag (PDF)

If you know of any other relevant responses, please let us know so we can add the response to this list.


Copyright © 2011. President and Fellows Harvard University.   |   IQSS   |    Data Privacy Lab   |    [info@dataprivacylab.org]