Certificates of Confidentiality are issued by the National Institutes of Health (NIH) and other HHS agencies to protect identifiable research information from forced disclosure. Under the 21st Century Cures Act, there have been significant changes to the of Certificates of Confidentiality (CoC) process.

Under the 21st Century Cures Act, any investigator or institution conducting research protected by a Certificate of Confidentiality SHALL NOT, without the specific consent of the individual to whom the information pertains, disclose identifying information to any court or other person not connected with the research.

Disclosure of protected information is permitted only when

  1. Required by Federal, State, or local laws;
  2. Made with the consent of the individual to whom the information, document, or biospecimen pertain, including disclosure necessary for an individual’s medical treatment; or
  3. Made for the purposes of other scientific research that is in compliance with applicable Federal regulations governing the protection of human subjects in research.

NIH awardees no longer have to apply for a CoC.

Per Section 2012 of the 21st Century Cures Act as implemented in the 2017 NIH Certificates of Confidentiality Policy, all ongoing or new research funded by NIH as of December 13, 2016 that is collecting or using identifiable, sensitive information is automatically issued a CoC. Compliance requirements are outlined in the NIH Grants Policy Statement, which is a term and condition of all NIH awards.

For all researchers not funded by NIH, or for more general information on Certificates of Confidentiality, please visit the NIH CoC Kiosk.

Effective October 22, 2018, all requests for a new CoC for research not funded by NIH, or other HHS agencies, will be handled by the NIH Office of Extramural Research.

NIH will also issue amendments and extensions for projects that are currently protected by a CoC issued by NIEHS or any other NIH institute or center.

All inquiries about Certificates of Confidentiality should be directed to [email protected].