Researchers working on eligible human subjects research projects can use the Online Certificate of Confidentiality System to request a Certificate of Confidentiality (CoC) from NIH. A series of questions at the start of the system determines initial eligibility. To learn about Certificates of Confidentiality, see the NIH Certificates of Confidentiality website and FAQs, and read below.
Frequently Asked Questions (FAQs)
Below is an abbreviated FAQ on Certificates of Confidentiality. For a comprehensive policy FAQ, see https://grants.nih.gov/faqs#/certificates-of-confidentiality.htm.
What is a Certificate of Confidentiality?
A Certificate of Confidentiality (Certificate) protects the privacy of research participants enrolled in biomedical, behavioral, clinical or other types of health-related research that collect or use identifiable, sensitive information. With limited exceptions, researchers may not disclose names or any information, documents or biospecimens containing identifiable, sensitive information. The Certificate prohibits disclosure in response to legal demands, such as a subpoena.
How do I start a Certificate of Confidentiality request?
See Starting a Certificate of Confidentiality Request.
IMPORTANT: You must know your funding source to determine if and how you obtain a CoC.
Where do I access the Online Certificate of Confidentiality System?
Go to https://public.era.nih.gov/commonsplus/public/coc/request/init.era OR click the Get your CoC button from the How to Get a Certificate of Confidentiality? page.
How do I know my request was submitted?
When you first submit the request, you see a message in the browser that it was submitted for verification:
After the initial CoC request is submitted for verification, the institutional official (IO) receives an email titled "Verification and submission..." from NIH-CoC-Coordinator@mail.nih.gov with a link. The IO needs to click the link in the email, which opens a browser page to the submitted request. The IO needs to review the CoC request, correct any data fields as needed, and then affirm the institutional assurance statements. Once the IO affirms these statements and submits the request to NIH, the IO will receive a success message in the browser:
In a few minutes, the IO and the PI will receive a confirmation email:
Also see Next Steps...for what happens after a request is received by NIH.
What if I Experience Problems?
If you have technical problems with the CoC system, contact the eRA Service Desk or email helpdesk@od.nih.gov. Note: eRA recommends using Internet Explorer, Mozilla Firefox, or Google Chrome browsers (Windows) or Safari (Mac).
If you have process or policy-related questions about a CoC request, contact .
What Are My Responsibilities if I have a CoC?
To learn about your legal responsibilities and rights regarding data from a research project covered by a CoC, go to CoC FAQs and scroll to the following questions under A. General Information about Certificates:
- What are the recipient’s responsibilities under a Certificate?
- What is the researcher's responsibility to inform participants of a Certificate?
- Is it possible to share information protected by a Certificate with other researchers? Can such information be shared openly (e.g., on a public website without any requirements for download)?
Also, see NIH's policy for Issuing Certificates of Confidentiality, located here: https://grants.nih.gov/grants/guide/notice-files/NOT-OD-17-109.html
Other Sources of Information
Certificates of Confidentiality (CoC) - Human Subjects
Definition of Human Subjects Research
NIH's policy for Issuing Certificates of Confidentiality
See Also