UW Research

Information Privacy and Security

Federal Certificate of Confidentiality

Principal Investigator (PI) CoC Responsibilities

NIH Funded Research

A CoC automatically applies to all active NIH funded research projects.

Data collected while NIH funding is active is permanently protected under a CoC, even after your funding has ended and your study has been completed.


Research that is Not NIH Funded

Researchers without NIH funding may submit an application to NIH for a CoC.

Sharing/Disclosing CoC Protected Information


  • As part of a Federal, State, local civil, criminal, administrative, legislative or other proceeding
  • To any other person not connected with the research


  • Required by Federal, State, or local laws (e.g., as required by Federal Food, Drug, and Cosmetic Act, or state laws requiring reporting of communicable diseases to State and local health departments), excluding instances of disclosure in any Federal, State, or local civil, criminal, administrative, legislative, or other proceeding; or
  • Necessary for medical treatment of an individual to whom information, document, or biospecimen pertains and made with their consent; or
  • Made with consent of an individual to whom information, document, or biospecimen pertains; or
  • Made for purposes of other scientific research that is in compliance with applicable Federal regulations governing protection of human subjects in research.

Precautions for Sharing with Others Connected with the Research

Non-UW Collaborator on project; not a subrecipient of funding:
You may disclose but anyone not funded by NIH must be informed the information is protected by a CoC.

Subrecipient of the Funding – Non-UW Collaborator on project:
Requirements will be included in outgoing subaward to the subrecipient.

UW study team carrying out the project:
You may disclose but you must make sure study team members are aware of protections & limitations imposed by the CoC. Keep a copy of the correspondence in your research file.

Sharing Information Protected under a CoC to an eligible recipient?

Use this language for each transfer of information or within Data Use agreements to eligible recipients:
This information is identifiable, sensitive information protected by a Certificate of Confidentiality from the National Institutes of Health. You may not disclose or use this information in any federal, state, or local civil, criminal, administrative, legislative, or other action, suit, or proceeding, unless the individual has consented.

Information protected by this Certificate cannot be disclosed to anyone else who is not connected with the research, except if there is a federal, state, or local law that requires disclosure (such as to report child abuse or communicable diseases), if it is used for other scientific research, as allowed by federal regulations protecting research subjects, or if the individual has consented.

Controlled Unclassified Information (CUI)

Under federal regulations, CUI must be protected. The level of protection and reason for protection varies. If CUI was not first part of the project, but is developed or shared with the research team, restrictions will be imposed by the providing agency or the sponsor. For example the Department of Defense contracts Cybersecurity Maturity Model Certification requirement. Review more information on CUI classified and sensitive research.