about, believed that medical information about them had ever been improperly disclosed, and about one-third of these said they had been harmed by the disclosure (Singer, Shapiro, and Jacobs, 1997). But the accuracy of these reports is unknown. Moreover, disclosure of medical information to an insurance company may be permitted by law but regarded by survey respondents as improper. For many people, questions about breaches of confidentiality may be highly abstract so that their ideas about the uses that might be made of their medical information are limited. As a result, little is really known about what people have in mind when they answer such questions, and even less about the actual state of affairs. Again, in Chapter 5 we offer some recommendations to address this concern.

Potentially more serious threats to confidentiality than simple carelessness are legal demands for identified data, which may come in the form of a subpoena or as a result of a Freedom of Information Act (FOIA) request. Requests may also come from a law enforcement or national security agency to a statistical or other government agency; the legal status of such requests is not fully resolved, as discussed below. Individual records from surveys that collect data about such illegal behaviors as drug use are potentially subject to subpoena by law enforcement agencies. To protect against this possibility, researchers and programs studying mental health, alcohol and drug use, and other sensitive topics, whether federally funded or not, may apply for certificates of confidentiality from the U.S. Department of Health and Human Services. The National Institute of Justice (in the U.S. Department of Justice) also makes confidentiality certificates available for criminal justice research supported by agencies of the U.S. Department of Justice. Such certificates, which remain in effect for the duration of a study, protect researchers in most circumstances from being compelled to disclose names or other identifying characteristics of survey respondents in federal, state, or local proceedings (42 Code of Federal Regulations Section 2a.7, “Effect of Confidentiality Certificate”). The confidentiality protection afforded by certificates is prospective; researchers may not obtain protection for study results after data collection has been completed.

Protection for identifiable statistical data collected by federal agencies or their agents under a promise of confidentiality is also provided by the Confidential Information Protection and Statistical Efficiency Act (CIPSEA), which was enacted as Title V of the E-Government Act of 2002 (P.L. 107-347). The legislation is intended to “safeguard the confidential-