Confidentiality Matters: Qualitative Best Practices

Data privacy is becoming increasingly important, and also increasingly confusing. The global head of compliance and quality for Cerner Enviza discusses best practices for maintaining confidentiality and also abiding by privacy laws when practicing qualitative research. The article includes advice on how to best handle any incidental disclosure by respondents.

By Dr. Jessica Santos, Global Head of Compliance and Quality, DPO, Cerner Enviza, Surrey, United Kingdom, jessica.santos@cernerenviza.com

A typical qualitative interview or focus group starts off with something like this:

“Any information you provide in this interview will be treated as fully confidential; we will record this interview; your answers will only be used for internal analysis purposes; we will not pass them to any third party without your permission. Shall we start?”

But what does “fully confidential” really mean? What constitutes “internal analysis purposes,” and let’s not forget “third parties?”

Well, “third parties” is quite a laundry list. It can encompass the research sponsor, researcher, recruiter, moderator, platform provider, facilities, transcriber, translator, and analyst. So, if this data is transferred among all these parties, is it truly being kept confidential? To what extent should we disclose all parties?

In addition, privacy laws vary from country to country, or state to state in the U.S. The laws are currently more stringent in the E.U. (because of GDPR), but the rules and guidelines may be tightening in the coming years in the U.S. as well. Also, if a project’s ultimate client is based in Europe, then GDPR rules still apply, even if work is being conducted in the U.S. It is important for qualitative researchers to look up and understand the rules governing each research project. What follows are best practices at navigating confidentiality.

Confidentiality is the state of keeping or being kept secret or private and refers to the obligations of individuals and institutions to appropriately use information that has been disclosed to them. Therefore, the strictest interpretation of confidentiality means there will be no observers (neither research agencies nor sponsors), no data processors (e.g., transcribers, simultaneous translator), and that all recordings and transcriptions will be kept in a highly secured location or destroyed completely.

In reality, however, the interviews will be observed by researchers and/or sponsors, and others such as transcribers, translators, coders, and report writers. In addition, the interviews might be further viewed by the client’s internal teams. In some cases, because the interviews are so good, the sponsor could decide to use certain clips for a conference, an educational program, or marketing purposes.

So, are any of these scenarios a breach of confidentiality? Well, we need to start with the question of what participants consider the term “reasonable expectations” to mean. My answer is that you should “say what you are going to do, and then do what you said.”

If you’re going to record the interview or group, say it. If the sponsor will receive a copy of the recording, say it. If there are 10 observers from seven different organizations who will ultimately listen to or observe the interview, say it. After the interview, all promises should be kept. If we said the recording is for internal analysis purposes only, specify what “internal” means. Is it only within your entity, or does it extend to your clients or further out in your supply chain, but not “external” beyond the third parties mentioned?

It gets even more complicated, and the boundary blurs when a qualitative freelancer has a great working relationship with a client and is treated as part of the internal team (e.g., may have a company email, but not a full-time employment contract). But, from a compliance perspective, “internal” strictly means used by the entity stated.

This doesn’t mean further processing or different uses of audio or video are strictly forbidden, but it does mean that if anything is out of the original scope, we need to go back to the participants and ask their consent, because the recordings are now being used for a different purpose. Therefore, if we need to use participants’ faces/video clips in a report for the client team, especially if it could be shared with others, we need to get additional specific consent or, to make life easier, ask for it upfront before you conduct the interview.

Most interviews and focus groups do not start with: “We don’t know what we are going to do with the recording, or how we will use the content, and there may be an army of people who will watch this interview, and I have no idea what they will do with your answers.” But, if the recording will become available to a larger group (or even available on social media), then the participants have a right to know in advance and should be given the right to decline.

It is truly a balancing act, because we might not know 100 percent of the specific usage at the point of recruitment. Therefore, it is very important to keep track of what is said during recruitment, and how the project needs/requirements may have changed, in order to update the participants before the interview. For example, if there was no initial mention of observers during recruitment, and the request for observation came later, qualitative interviewers should inform the participants and gain their consent before the interview starts. Also, we should avoid starting an interview or focus group with observers (either online or in person) until the participants have been told about the presence of observers.

Confidentiality is everybody’s job, not just the qualitative interviewers. Third parties who receive the invitation for observation or see a recording on their company server are often unaware of the confidentiality commitment. Therefore, it is a good practice to utilize a simple confidentiality observation form or an agreement to safeguard confidentiality of recordings to remind the third party (including the sponsor) what is agreed to and what they should and shouldn’t expect.

Double Blind vs. Single Blind

A double-blind study means that the sponsor does not know the identity of the participants, nor do the participants know the identity of the sponsor. Single blind studies have two scenarios:

  1. Participants do not know the identity of the sponsor, but the sponsor knows the identity of the participants, or
  2. The sponsor does not know the identity of the participants, but the participants know who the sponsor of the study is.

Maintaining absolute sponsor confidentiality can be challenging in some industries such as health care, technology, media, or any time the sponsor has strong brand presence when most products are well known and distinctive. Qualitative researchers are the buffer between sponsor and participants’ confidentiality.

Implications of Single-Blind Studies

Participants have the legal right to know who is observing the interview or focus group, as well as who will have access to the recordings. The country the research is being conducted in, combined with what country the sponsor is in, can create different requirements.

In the U.S., this might require a description of the kinds of people who will observe either live, or later (e.g., members of the marketing research team or members of the marketing and insights teams employed by the sponsor).

In the U.K. and E.U., we must say “members of the marketing research team from [sponsor company name].”

If the sponsor believes this will bias the response, it is OK to say the sponsoring company’s name at the end of the discussion, especially if there is a valid reason such as avoiding biased answers or avoiding the perception of bribery.

Many countries in South America, Asia, and Africa are also enacting or updating their privacy laws. Implications will vary, and it is always best to check before beginning the fieldwork.

Of course, we do not routinely give the names of participants to research sponsors. More broadly, we should not want to give any personal data about respondents to the sponsors—not only is this a violation of privacy but, in pharmaceutical research, and in the U.S., this might trigger reporting under the Sunshine Act. This Act was introduced to combat the potential for bribery of health care professionals (HCPs) and has implications for paying health care professionals in research. Personal data here goes beyond the respondent’s name—even information like “a medical director in [specific practice name]” could trigger reporting. Therefore, there should be strong motivation on both sides to avoid the leakage of identity.

How Do You Know if It Is Single or Double Blind?

If the sponsor provides a sample list to the qualitative researchers to recruit from, or if the sponsor will observe the interviews or focus groups, does this count as a double-blind or single-blind study?

Generally, if a sponsor does not receive personal or identifiable data from participants beyond what the sponsor has provided, then their confidentiality can still be maintained, providing the sample list is large enough. In other words, no one could reasonably guess who the respondent is.

Here are some actions qualitative researchers could take to keep both the respondent and the sponsor as confidential as possible:

  1. Always enact a confidentiality observation form or an agreement to safeguard confidentiality of recordings before observation and transferring. It is always best to have participants sign a form so that they understand what will happen with respect to observers and recordings. Observers could also sign a confidentiality form with an outline of details and instructions.
  2. Discuss in advance with the sponsor how to answer if the participant asks what company is sponsoring the research.
  • Some sponsors might regard confidentiality as paramount to the study, and if so, we must have agreement with the participants that the sponsor’s name will not be revealed in advance of the interview (preferably at the recruitment stage), or participants can be excluded at the beginning of the interview.
  • If the sponsor is only concerned about potential bias of the survey answers, we can inform the participants that the sponsor’s name will be revealed at the end of the interview.
  1. You might proactively decide to reveal the sponsor’s name at the end of the interview, as is often required now in Europe. Therefore, before the interview starts, you can inform them that “we will reveal the sponsor’s name at the end.”
  2. You might decide to reveal a category of the sponsor type, e.g., “some market insights managers from a large tech/pharmaceutical company will be observing this interview” where allowed in that jurisdiction (e.g., U.S.).
  3. Inform the participants to not reveal their personal details during the interview, such as name, practice/company name, or any personal details.
  4. When on video conference, change the real names to pseudonyms (or single initials, or titles such as “doctor”) and use a virtual background.
  5. Avoid transfer of original video or audio recording. Where possible, mask the voice and image before transferring.

Incidental Disclosure

Regardless of how careful we are, it is inevitable that some personal data disclosure might still happen. An incidental use or disclosure is a secondary use or disclosure that cannot reasonably be prevented, is limited in nature, and occurs as a result of another use or disclosure that is permitted by the rule.1 For example:

  • Participant picks up the phone during the interview and announces name and practice out of habit
  • During the interview, someone else walks into the room, or a child climbs onto the participant’s lap
  • Participant’s real name or personal information displays on Zoom
  • Certificates or photos are hanging in the background during a video call
  • Overhearing a confidential conversation with a participant, a sponsor, a third party, or another sponsor’s competitors
  • Seeing a participant/sponsor’s information on a sign-in sheet, whiteboard, or other background

These types of things will happen sometimes, and fortunately, privacy laws such as HIPAA do not require that all risk of incidental disclosure be eliminated. Rather, the privacy laws permit certain incidental uses and disclosures of personal information or protected health information (PHI). These occur as a by-product of another permissible or required use or disclosure when the organization has in place reasonable safeguards and minimum necessary policies and procedures to protect an individual’s privacy, with respect to the primary use or disclosure.2 An incidental use or disclosure is an action or statement that cannot reasonably be prevented, is limited in nature, and that occurs as a result of another action or statement that is permitted by the law. However, an incidental use or disclosure is not permitted if it is a by-product of an underlying event that violates any privacy legislations. An example of something not permitted might occur when, during a physician video interview, it is possible to see a patient’s name and diagnosis on a computer monitor in the background.

What exactly shall we do for incidental disclosure?

  • First, try to prevent That is the most important part of handling incidental disclosure.
  • Brief the participants to not disclose their names or any other personal data before the interview or focus group.
  • Set the interview room (either physical or virtual) with plain background. Some companies require their associates to use the standard company logo as a Zoom background for company brand building (which doesn’t work for a double-blind study).
  • Brief all parties, especially the participants, to use a pseudonym name during the interview and switch off their phone and devices if possible.
  • Instruct the sponsor and all observers to be quiet if they are merely observing. If they need to ask questions, they can pass the questions to moderators, or use a prearranged script to introduce themselves before they jump in.
  • Avoid letting the observer have a strong chance of knowing the participants (e.g., their customers). This is most likely to happen in industries with very small universes, for example, health care specialists, C-suite, finance, etc.

Next, ignore it wherever possible.

  • If incidental disclosure does happen, don’t make a big scene of it.
  • Inform the observers to ignore it, don’t use it as data, and never discuss the disclosure as a fun fact later.
  • For moderators or others who control the interview, consider stopping the recording, and restart again once any intruder has disappeared. (This could apply to a child walking into the room, or if the participant had to pick up an emergency call.)

Finally, remove it.

  • Cut the incidental disclosure out of the recording before transferring it to any other third party.
  • We can also mask the recording (both voice and image) before transferring, which is a good practice to protect confidentiality while keeping the original verbatim. Many apps or software are available in the market, e.g., it is possible to change a male voice to female or vice versa, or mask/camouflage the image where a participant’s face or distinctive features such as a tattoo are visible.

Final Thoughts

All these suggestions can vary by industry, by sponsor requirements, by environment, and by participant type.

It is highly recommended that you set up an internal policy, with procedures on confidentiality and incidental disclosure, then document it and save it. This will function as a safeguarding measure and a guide for action. Good practices around confidentiality should be considered a core part of research, rather than an afterthought.


  1. www.hhs.gov
  2. www.hhs.gov/hipaa/for-professionals/privacy/guidance/incidental-uses-and-disclosures/index.html

Do You Like This Topic?

Qualology Learning Hub

You may be interested in a certificate program presented by Lisa Horwich, Stuart Pardau, and Jessica Santos, which can be found in the QRCA Qualology Learning Hub.