You are here
Related Key Terms: Subject Participation
An individual's participation in a research project can be described as anonymous if it is impossible to know whether or not that individual participated in the study. For example, participation in an online survey would be considered anonymous if that survey could not be linked in any way to the individual.
When participation is confidential, the research team knows that a particular individual has participated in the research but the team members are obligated not to disclose that information to others outside the research team, except as clearly noted in the consent document.
Maintaining human subject data securely with the appropriate level of anonymity, confidentiality, or de-identification is a key factor in ensuring a low risk threshold for the participants, the researchers, and the university.
As such, principal investigators (PIs) and their study teams may be required to outline the data manangement and security procedures in the eResearch IRB application for IRB review. IRB-HSBS recommends that research teams consistently follow the core data security controls, whether or not the research involves the collection of personally-identifiable data.
All data collection and storage devices must be password protected with a strong password. A strong password requires a level of complexity. Please follow the link for crafting a strong password.
All data/research files must be encrypted.
Access to identifiable data should be limited to members of the study team.
Identifiers, data, and keys should be placed in separate, password protected/encrypted files and each file should be stored in a different secure location.
For secure data transmission, Transport Layer Security (TLS) (a.k.a. SSL) or equivalent, and a minimum key length of 128 bits must be used for any data that is transmitted electronically.
- If it is necessary to use portable devices for initial collection of identifiers, the data files should be encrypted and the identifiers moved to a secure system as soon as possible. The portable device(s) should be locked up in a secure location when it is not in use. The PI should consult with their departmental IT Security Liaison to discuss how to correctly configure desktop computers, laptops, and other external devices for safe use in the collection and storage of research data.
M+Google Mail and Calendar services may not be used to collect, store, or transmit confidential or sensitive human subjects research data. For a list of allowed and restricted services when storing/transmitting sensitive identifiable data, see http://safecomputing.umich.edu/dataguide/?q=node/65
No protected health information (PHI) should be transmitted via email, except within the U-M Health System and Medical School.
If utilizing any cloud-computing services, the PI must follow the U-M safecomputing guidelines (see Resources below).
Additional Security Controls if Data are of a Higher Sensitivity
- All data should be downloaded from local devices to a secure UM server as soon as possible after collection.
- Passwords should be built in at multiple levels on each local machine that is used for the collection and storage of research data (e.g. at BIOS and at login).
- If research includes sensitive identifiable data, outside consultants or vendors should be required to sign a confidentiality agreement.
- If the research design allows, the PI should delete or destroy identifiable information as soon as possible after collection.
The IRB often finds that the terms anonymous, confidential, and de-identified are used incorrectly. Knowing the correct use of these terms can help you determine the appropriate data management and security procedures for your project.
Data are anonymous if no one, not even the researcher, can connect the data to the individual who provided it. No identifying information is collected from the individual, including direct identifiers such as name, address or student identification number.
Researchers should be aware that collection of indirect identifiers (i.e., information regarding other unique individual characteristics) might make it possible to identify an individual from a pool of subjects. For example, a study participant who is a member of a minority ethnic group might be identifiable from even a large data pool.
Confidential data has a link between the data and the individual who provided it. The research team is obligated to protect the data from disclosure outside the research according to the terms of the research protocol and the informed consent document. Methods to reduce the risk of inadvertent disclosure include:
- Storing the subject’s name and/or other identifiers separately from the research data
- Replacing the subject's name and other indentifiers with a unique code and using this code to refer to the subject data. Note that coding the data does not make that data anonymous.
- Storing the code key separately from the subject's identifiers
Data are considered de-identified when any direct or indirect identifiers or codes linking the data to the individual subject's identify are destroyed.
References and Resources
For questions regarding IRB data management requirements, contact:
For questions regarding U-M safecomputing guidelines and practices, contact: