Medical research is important for providing information to help the community make decisions that have an impact on the health of individuals and the community. However, it should be carried out in such a way as to minimise the intrusion on people’s privacy. Optimally, this is done by obtaining the informed consent of participants prior to using their personal information. Where this is not practicable, de-identified information should be used. Where neither of these options are available, it may be that identified information needs to be used, even though consent of the individual or individuals has not been obtained, in order for the medical research to proceed.

If your research involves medical research, please read the below guidelines on how to protect privacy in the conduct of medical research.

• Guidelines under section 95 of The Privacy Act 1988 (2014)
• Flowchart s95 guidelines

• About GDPR for Researchers (PDF, 1.04MB)
• Privacy checklist under GDPR (PDF, 262KB)
• Privacy checklist (non-GDPR) (PDF, 202KB) 

China's Personal Information Protection Law (PIPL) is intended to protect personal information and to regulate how it is processed, including cross-border handling of personal information. This law may affect Australian providers, particularly when collecting and processing Chinese student data. Providers should review the PIPL requirements, and may need to seek legal advice.

Learn more

Many researchers are purchasing mobile apps or building their own app to interact with study participants. Even if the participant is asked to download a free app or provided monies for the download, the researcher is still responsible for disclosing potential risks. It is possible that the app the participant downloaded will capture other data stored or linked to the phone on which it is installed (e.g., contact list, GPS information, access to other applications such as Facebook). The researcher has the responsibility to understand known or potential risks and convey them to the study participant. Commercially available apps publish “terms of service” that detail how app data will be used by the vendor and/or shared with third parties. It is the researcher’s responsibility to understand these terms, relay that information to participants, and monitor said terms for updates. Additionally, it is important that the researcher collect from the app only the minimum data necessary to answer the research questions.

Many investigators wish to collect the IP addresses of survey participants to provide a method of determining whether the user has previously completed the survey. This is important to consider when conducting surveys, especially if the consent process indicates that a participant’s responses will be anonymous. When using Qualtrics, check the option to anonymise the data collection process and do not collect the IP address. If IP addresses are necessary to the research, include in the consent process that you will be recording this information.

Email notifications are generally not secure, except in very limited circumstances, and should not be used to share or transmit research data. Text messages are stored by the telecommunications provider and therefore are not secure. Data should be encrypted when “in-transit.”

The use of Zoom is not recommended. If the sessions are being recorded, the researcher needs to make sure the recordings are stored in a secure location. Our recommendation is to use Teams instead. In addition, researchers must ensure that anti-virus software is up-to-date, operating system are patched with newest versions, and access is limited. Sessions should be stored in a cloud service or a University managed server e.g. OneDrive, SharePoint or file servers.

• Will Personal information be collected along with the data/specimens? What are the minimum Personal information necessary to conduct the research?
• Coding Data/Specimens: Will Personal information be replaced with ID Codes when the data/specimen are collected/obtained (recommended)? If no, why not? If yes, will a master code list be used to link Personal information with ID Codes? How will the confidentiality of the master code list be protected?
• Access to Clinic, Education, Program or Personnel Records for Research: How will researchers ensure only authorized persons access clinic or other private records that will be used for the research? How will researchers ensure confidentiality is maintained during the collection of private information from clinic or other records?
• Electronic Records: How will researchers ensure electronic data are protected during data collection? Will participants completing online surveys be advised to close the browser to limit access to their responses?
• Use of Translators or Interpreters: When data collection requires use of translators or interpreters who are not members of the research team, how will researchers ensure the confidentiality of the information collected?
• In-person Interviews: What safeguards will be in place to maintain the confidentiality of data obtained through in-person interviews?
• Focus Groups or Other Group Settings (schools, etc) What protections will be in place to minimise the possibility that information shared in a group setting is disclosed outside of the group or for purposes other than those described in study documents?
• Internet Research: How will researchers restrict access to survey responses during data collection (e.g., restricted access, data encryption)?
• Data Collection via Mobile Applications (apps): What data will be collected? (Research data? Other data captured from the device the app is installed on?) Will the data being captured be identifiable? How will the data be obtained (e.g., data sent automatically from the app or device via the internet, or manual export of data)? Where will the data be stored and how? (Encryption utilised? University devices, firewalls, etc. utilised?) In case of a commercial app, what is the app’s privacy policy and will the app have access to the research data? Do participants need to be trained on how to use their mobile devices (e.g., how to adjust security features on the device, how to use encryption, how to use virtual private networks)? Does the app require usernames and passwords? (If yes, are they generated by the user or by the researcher? What if a participant forgets their username and/or password?)

NOTE: Considerations for data storage apply both before and after analysis.

• Retaining Personal information: Will Personal information be stored with the data/specimens? Why?
• Access to Personal information: If Personal information will be stored with data/specimens, who will have access? If stored data/specimens are coded, who will have access to the master code list? When will the master code list be destroyed?

NOTE: Access to Personal information should be limited to researchers who require such access to fulfill research objectives. The master code list should be destroyed as soon as is feasible (e.g., immediately after data are cleaned).

• Identification of Participants through Linked Elements: Will stored, coded data/specimens contain elements that may be used (alone or in combination) to link an individual with her/his data/specimens? This is particularly relevant to research with small cell sizes.
• Storage of Electronic Records: How will researchers manage electronic data to protect confidentiality?
• Audio, Video, and Photographic Records: What additional precautions will be used to protect the confidentiality of audio, video, or photographic records in that individual participants may be identified through voice analysis (audio and video) or physical characteristics (video or photographic images)?
• Security of Storage Facility: Are the security features of the storage site (or storage mechanisms for electronic data) sufficient to ensure data confidentiality?
• Inclusion in Clinical or Program Records: Will research data be recorded in permanent clinical or program records? If yes, what information will be recorded and why will it be recorded in these records?
• Placement of Data in Repositories: What are the requirements of the repository related to file formats; data management and sharing plans; documentation of form and content; variable names, labels, and groups; coding; and missing data.

• Presenting Data: How will data be presented to ensure discrete variables cannot be used (alone or in combination) to identify an individual? This is especially important for research with small cell sizes.
• Geocoding and Mapping: For research involving geocoding and mapping, what precautions will be implemented to protect the identities of individuals in the sample populations? Is it possible the mapped information may stigmatise or provoke anxiety among the individuals living in specific locales identified on the map?
• Secondary or Incidental Findings: Will participants (or affected, biological family members) be told about secondary or incidental findings? If no, why not? If yes, how and to whom will the disclosure be made?

There are ethical or legal limits to confidentiality, for example when a researcher obtains information subject to mandatory reporting, such as evidence of child abuse. If it is probable that information subject to mandatory reporting may be collected during the study, a researcher should state these exceptions to confidentiality in the Participant information and consent form. Researchers must tell participants about limitations on the protection of data confidentiality such as:

• inspection of medical or research records by the HREC, sponsor or whoever else applicable;
• mandatory reporting laws for communicable diseases; and
• mandatory reporting laws for child or elder abuse or illegal activities.

Limits to Confidentiality for specific Projects

Some projects may not expect to keep participants' identities or their responses confidential; sometimes interviewees want their names associated with their responses. This practice is acceptable if research participants are made aware of whether or not their names will be associated with their responses and told of any inherent risks associated with such disclosure.

Researchers must tell participants:

• how the information collected from/about them will be used (i.e., study purpose);
• if personal information will be collected, and whether personal information will be disclosed in reports or publications resulting from the research;
• who will have access to their personal information and the other information collected about them; and
• the collection of audio, video, or photographic records. For the latter, researchers must obtain signed video/photo releases.

Participants may benefit from being told:

• why the collection/retention of Personal information is necessary for the research;
• if Personal information will be stored with the data or linked to the data via a master code list;
• how long the researchers will retain their Personal information;
• when data will be de-identified, or if not de-identified, when it will be destroyed; and
• what procedures will be put in place to preclude unauthorised access to the research data.