November 14, 2017
NIH Funding and Certificates of Confidentiality
Links updated 10/27/2022
The new NIH Certificate of Confidentiality policy automatically issues a CoC to all active NIH funded human subjects research.
Use the CoC decision tree for additional guidance to determine if your NIH research is affected by this policy as well as guidance on sharing CoC protected information.
Principal Investigator (PI) CoC Responsibilities
- Treat ALL information about individuals involved in NIH funded research as if a CoC applies
- Modify, if the study is modified
- If the collection of data continues after the award, apply to extend CoC protection
- Review & follow guidance for Sharing/Disclosing CoC Protected Information.
CoCs are an important privacy protection for identifiable subject data. They protect identifiable subject information against subpoena, public records requests, and other legal proceedings.
Important points about certificates:
- Permanent protection. The data collected while your NIH funding is active is permanently protected, even after your funding has ended and your study has been completed.
- Protection is tied to your funding. Any data collected after your NIH funding ends is not protected unless you apply to extend the CoC past your funding expiration date.
- Consent requirement. Subjects must be informed about the CoC.
- Researcher responsibilities. PIs are responsible for complying with the terms of the CoC.
The NIH CoC Kiosk also provides extensive information.
Researchers without NIH funding may submit an application to NIH for a CoC.
- CoC Decision Tree: Is my NIH research subject to a CoC?
- GUIDANCE: Certificate of Confidentiality
- Certificate of Confidentiality: Apply for, Extend, Modify
- Guidance for Sharing/Disclosing CoC Protected Information
- Language to use when sharing CoC protected information with eligible recipients
- Standard Informed Consent Template
- NIH CoC Kiosk
- NIH: Policy Certificate of Confidentiality