The extensive genotype and phenotype information deposited in dbGaP raises important questions about possible risks to confidentiality of individual participants in broad data-sharing models. NIH policies were thus developed with deliberate attention to participant protections, both in the process of data submission from the original studies and in the processes of data access and use by outside investigators. A key aspect of the protections provided in dbGaP is removal of potentially identifying information prior to data submission, using criteria very similar to those described within the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule (10).
