Privacy & Cybersecurity Law Blog

Following the ruling in Dobbs, the National Institutes of Health’s (“NIH’s”) certificates of confidentiality offer an important layer of privacy protection to reproductive health research data. The Public Health Service Act created the certificates of confidentiality program, which prohibits the disclosure of identifiable, sensitive research data “in any Federal, State, or local civil, criminal, administrative, legislative, or other proceeding” without the research subject’s consent. These certificates add a layer of protection to abortion and fertility data collected as part of NIH research.

NIH certificates of confidentiality apply only to human subjects research data and protect that information only if the data can be combined with other information to uncover an individual’s identity. Only studies that (1) collect identifiable and sensitive information, (2) are cleared by an institutional review board, and (3) comply with the Common Rule (45 C.F.R. 46) can use certificates of confidentiality. 

Although the certificates generally protect the underlying information from compelled disclosures, the Public Health Service Act permits (but does not require) disclosure if such disclosure is required by federal, state, or local law, including but not limited to laws requiring the reporting of communicable diseases or child abuse. It is unclear, however, post-Dobbs, whether these certificates would protect reproductive health care information against disclosure under state laws that mandate disclosure of such information.