Researchers working on eligible human subjects research projects can use the Online Certificate of Confidentiality System to request a Certificate of Confidentiality (CoC) from NIH. A series of questions at the start of the system determines initial eligibility. To learn about Certificates of Confidentiality, see the NIH Certificates of Confidentiality website, CoCs for Research Not Funded by NIH, including the section, Limitations on Issuance of CoCs for Non-NIH Funded Research, and FAQs, and the information below.
Below is an abbreviated FAQ on Certificates of Confidentiality. For a comprehensive policy FAQ, see https://grants.nih.gov/faqs#/certificates-of-confidentiality.htm.
What is a Certificate of Confidentiality?
A Certificate of Confidentiality (Certificate) protects the privacy of research participants enrolled in biomedical, behavioral, clinical or other types of health-related research that collect or use identifiable, sensitive information. With limited exceptions, researchers may not disclose names or any information, documents or biospecimens containing identifiable, sensitive information. The Certificate prohibits disclosure in response to legal demands, such as a subpoena.
How do I start a Certificate of Confidentiality request?
See Starting a Certificate of Confidentiality Request.
IMPORTANT: You must know your funding source to determine if and how you obtain a CoC.
Where do I access the Online Certificate of Confidentiality System?
-
Go to https://public.era.nih.gov/commonsplus/public/coc/request/init.era
OR
-
Click the Access NIH Certificate of Confidentiality System link from the Requesting a Certificate of Confidentiality for non-NIH Funded Research page.
How do I know my request was submitted?
When you first submit the request, you see a message in the browser that it was submitted for verification:
After the initial CoC request is submitted for verification, the institutional official (IO) receives an email titled "Verification and submission..." from NIH-CoC-Coordinator@mail.nih.gov with a link. The IO needs to click the link in the email, which opens a browser page to the submitted request. The IO needs to review the CoC request, correct any data fields as needed, and then affirm the institutional assurance statements. Once the IO affirms these statements and submits the request to NIH, the IO will receive a success message in the browser:
In a few minutes, the IO, PI and the other person to receive CoC communications will receive a confirmation email:
Also see Next Stepsfor what happens after a request is received by NIH.
What if I Experience Problems?
If you have technical problems with the CoC system, contact the eRA Service Desk or email helpdesk@od.nih.gov.
If you have process or policy-related questions about a CoC request, contact NIH-CoC-Coordinator@mail.nih.gov.
TIP: eRA recommends using Internet Explorer, Mozilla Firefox, or Google Chrome browsers (Windows) or Safari (Mac).
What Are My Responsibilities if I have a CoC?
To learn about investigator and institutional responsibilities associated with a CoC, go to Investigator and Institutional CoC Responsibilities. Additional information can also be found in the CoC FAQs. Scroll to the following questions under A. General Information about Certificates:
- What are the recipient’s responsibilities under a Certificate?
- What is the researcher's responsibility to inform participants of a Certificate?
- Is it possible to share information protected by a Certificate with other researchers? Can such information be shared openly (e.g., on a public website without any requirements for download)?
Also, see NIH's policy for Issuing Certificates of Confidentiality.
