WPF urges National Institutes of Health to expand privacy guidance for researchers

WPF urged the National Institutes of Health to include more specific and practical privacy guidance for researchers in its draft Policy for Data Management and Sharing. WPF requested that the guidance include “specific references to current NIST security guidance and to HIPAA security standards.”

The reason WPF is asking for changes to the NIH document is because in the US, much health research data in the hands of researchers is not subject to the privacy or security rules in HIPAA. Indeed, most research data about individuals is not subject to any existing privacy law in the United States. This contrasts with the situation in the European Union and much of the rest of the world, where researchers are generally subject to the same data protection rules as others who process personal data.

The NIH is one of the few institutions that has the clout to address privacy and security obligations on researchers in the US. The draft NIH Policy for Data Management and Sharing is an important opportunity in this regard, and WPF is urging NIH to do more than it proposes in its guidance to properly advise the research community and to protect data subjects.

Related Documents: