The UMES IRB must ensure that privacy and confidentiality are protected in accordance with all federal codes, HIPAA Privacy Rule, state and local laws, and UMES policies. It is the policy of UMES that provisions for protecting the confidentiality of identifiable research data must be reviewed by the UMES IRB as required by 45 CFR 46.111(a)(7).
The principal investigator of the human subjects research study is responsible for describing plans for protecting subject data privacy and confidentiality in the initial IRB application. Potential risks of a breach of the subject’s right to privacy and confidentiality must be disclosed to participants. The IRB is authorized to ask the principal investigator to revise plans for protecting subject data privacy and confidentiality if deemed inadequate. The IRB may determine additional methods as needed to minimize the risk. UMES authorizes its IRB to request that the principal investigator secure a Certificate of Confidentiality to protect research data from legal process.