Oftentimes, in the conduct of clinical research, investigators need to access and share sensitive patient data. As stated in WCM’s institutional policy library, WCM workforce members are prohibited from self-certifying that data have been de-identified. All de-identified data must be certified by an institutional representative of the Data Privacy Committee (DPC) and the approval tracked by the Honest Broker service before it can be shared with anyone. For further guidance on the definition of “de-identification”, please refer to the HHS website and the IAPP infographic above.
ITS and the Library manage WCM’s Honest Broker service on behalf of the DPC. WCM researchers and staff members seeking to de-identify data sets should contact ITS at arch-support@med.cornell.edu. For more details on this policy, consult the Privacy Policy Library.