Change Request Memo

OMB change request SEP 2023.1signed.pdf

Electronic Application for NIH Certificates of Confidentiality (CoC E-application System)

Change Request Memo

OMB: 0925-0689

Document [pdf]
Download: pdf | pdf
DEPARTMENT OF HEALTH & HUMAN SERVICES

Public Health Service
National Institutes of Health
Bethesda, Maryland 20892
www.nih.gov

TO:

Office of Management and Budget (OMB)
Through:
Reports Clearance Officer, DHHS __________
Project Clearance Chief, NIH Mikia Currie

FROM:

Dr. Pamela Kearney, Director, Division of Human Subjects Research
Office of Extramural Research (OER)

SUBJECT:

Non-substantial Change Request to Electronic Application for NIH
Certificates of Confidentiality (CoC E-application System) (OMB# 09250689); (Expiration Date: 04/30/2025)

We are writing to request approval of two non-substantial changes to the data collection
instrument for use as part of the Electronic Application for NIH Certificates of
Confidentiality (CoC E-application System) (OMB# 0925-0689). OMB approved a
nonsubstantive change to the currently approved collection on June 30, 2023. The first
proposed modification is minor edits to the Institutional Assurance statement #2, to
clarify the institutions’ responsibility when utilizing third parties or entities to collect
personally identifiable information in the research study. The second proposed
modification is the removal of a cited regulation in the Institutional Assurance statement
#3 which allows voluntary disclosure of information that is protected by a Certificate of
Confidentiality, and conflicts with the statute (42 U.S.C. §241(d)) which prohibits
voluntary disclosure of protected information, except under specific, limited
circumstances. These modifications do not change the scope of the inquiry, the method
of collection or the population of participants outlined in the original application, or the
estimated burden of the collection.
For the first proposed modification in the Institutional Assurance statement #2, approved
in June 2023, we became aware that the word “ensure” may be misinterpreted by
institutions and not accurately convey the institutions’ responsibility when utilizing third
parties or entities. We revised the Institutional Assurance statement #2 language to
“…In addition, this institution will not utilize third parties or entities (e.g., contractors,
online platform vendors) to collect or store information that cannot or will not protect
against the compelled disclosure of the personally identifiable information” to describe
the institutions responsibility more accurately.
For the second proposed modification in the Institutional Assurance statement #3, NIH
Office of Science Policy staff pointed out that 1979 regulation at 42 CFR § 2a permits
the voluntary disclosure of protected information by the institution and conflicts with the
21st Century Cures Act and subsequently amended Public Health Service Act (42
U.S.C. §241(d)) regarding when protected information may be disclosed. To ensure that
the Institutional Assurance statement #3 accurately reflects the statutes disclosure

DEPARTMENT OF HEALTH & HUMAN SERVICES

Public Health Service
National Institutes of Health
Bethesda, Maryland 20892
www.nih.gov

restrictions, we removed reference to 42 CFR § 2a from the Institutional Assurance
statement #3, which now reads, “The institution understands that research information
protected by a Certificate of Confidentiality is subject to the protections and the
disclosure requirements noted in 42 U.S.C 241. Any investigator or institution
conducting research protected by a Certificate of Confidentiality SHALL NOT disclose or
provide to any other person not connected with the research the name of such an
individual or any information, document, or biospecimen that contains identifiable,
sensitive information about such an individual and that was created or compiled for
purposes of the research without the specific consent of the individual to whom the
information pertains or as otherwise permitted in accordance with 42 U.S.C 241.”
Proposed wording changes are highlighted in YELLOW below. No other questions or
statements have been added or removed to the data collection instrument.
Original Question
Institutional Assurance Statement 2:

Proposed Change
Institutional Assurance Statement 2:

This institution agrees to use the
Certificate of Confidentiality to protect
against the compelled disclosure of
personally identifiable information. In
addition, this institution will ensure any
third-party product or entity utilized for
this project (e.g., contractors, online
platform vendors) to collect or store
information can and will protect against
the compelled disclosure of the
personally identifiable information. The
institution agrees to support and defend
the authority of the Certificate against
legal challenges.

This institution agrees to use the
Certificate of Confidentiality to protect
against the compelled disclosure of
personally identifiable information and to
support and defend the authority of the
Certificate against legal challenges. In
addition, this institution will not utilize third
parties or entities (e.g., contractors,
online platform vendors) to collect or
store information that cannot or will not
protect against the compelled disclosure
of the personally identifiable information.

DEPARTMENT OF HEALTH & HUMAN SERVICES

Public Health Service
National Institutes of Health
Bethesda, Maryland 20892
www.nih.gov

Institutional Assurance Statement 3:

Institutional Assurance Statement 3:

The institution understands that research
information protected by a Certificate of
Confidentiality is subject to the
protections and the disclosure
requirements noted in 42 U.S.C 241 and
42 CFR § 2a. Any investigator or
institution conducting research protected
by a Certificate of Confidentiality SHALL
NOT disclose or provide to any other
person not connected with the research
the name of such an individual or any
information, document, or biospecimen
that contains identifiable, sensitive
information about such an individual and
that was created or compiled for
purposes of the research without the
specific consent of the individual to who
the information pertains or as otherwise
permitted in accordance with 42 U.S.C
241 and 42 CFR § 2a.

The institution understands that research
information protected by a Certificate of
Confidentiality is subject to the
protections and the disclosure
requirements noted in 42 U.S.C 241. Any
investigator or institution conducting
research protected by a Certificate of
Confidentiality SHALL NOT disclose or
provide to any other person not
connected with the research the name of
such an individual or any information,
document, or biospecimen that contains
identifiable, sensitive information about
such an individual and that was created
or compiled for purposes of the research
without the specific consent of the
individual to whom the information
pertains or as otherwise permitted in
accordance with 42 U.S.C 241.

Pamela R. Kearney, M.D.

signed by
Pamela R. Digitally
Pamela R. Kearney -S
2023.09.29
Kearney -S Date:
14:23:46 -04'00'

Attachment 1:
Screenshot of Proposed Change to Electronic Application Institutional Assurance
Statement for NIH Certificates of Confidentiality (CoC E-application System)


File Typeapplication/pdf
AuthorChambers, Angela (NIH/OD) [E]
File Modified2023-09-29
File Created2023-09-28

© 2024 OMB.report | Privacy Policy