#
Data De-identification
HTAN Centers are responsible for data deidentification.
As outlined in the HTAN DMSA, data submitted to the Data Coordinating Center (DCC) must be fully de-identified.
By signing the HTAN DMSA, HTAN members’ institutional signing officials and PIs accept responsibility for the de-identification of data prior to transfer to the DCC and confirm that:
all data disclosed to the DCC (Synapse) are fully de-identified in accordance with HIPAA;
all data were collected in accordance with protocols approved by an IRB or its equivalent;
all data are consistent with applicable U.S. laws, regulations, and its institutional policies; and
an IRB/Privacy Board or equivalent body has assured that submission and subsequent sharing of data are consistent with the Informed Consent of the Data Subject(s) from whom the data were obtained. In addition, the data are protected by an NIH Certificate of Confidentiality.
New HTAN Centers should develop and submit a De-identification Plan using the HTAN Atlas De-Identification Plan Template.
Prior to transferring data to the HTAN DCC, members are responsible for fully de-identifying the data being transferred. Full de-identification of data includes confirmation that data file names do not contain any information that could be used to re-identify that data subject.