Data Protection and Privacy in Research
Research involving human subjects generates sensitive data: medical records, genetic information, behavioral responses, economic or social information. Regulatory frameworks—HIPAA (Health Insurance Portability and Accountability Act) in the U.S., GDPR (General Data Protection Regulation) in the European Union, and parallel regulations in other countries—establish legal obligations for data protection and privacy. Researchers must implement technical and procedural safeguards to prevent unauthorized access, maintain confidentiality, and comply with participant rights (access, rectification, deletion, data portability). Understanding data protection requirements is not optional compliance; it is foundational to ethical research.
Read the full method
Sign in with a free account to read this section.
Sources
- European Union. (2018). Regulation (EU) 2016/679 of the European Parliament and of the Council: General Data Protection Regulation (GDPR). Official Journal of the European Union, L 119, 1-88. link ↗
- U.S. Department of Health and Human Services. (1996). Health Insurance Portability and Accountability Act (HIPAA). Public Law 104-191. link ↗
- U.S. Department of Health and Human Services. (2018). Protection of Human Subjects. Code of Federal Regulations Title 45, Part 46, Sections on Confidentiality and Privacy. DOI: N/A ↗
- National Academies of Sciences, Engineering, and Medicine. (2015). Proposed Revisions to the Common Rule for the Protection of Human Subjects. Letter Report. link ↗