The convenience of fast computers and the Internet have encouraged large co
llaborative research efforts by allowing transfers of data from multiple si
tes to a single data repository; however, standards for managing data secur
ity are needed to protect the confidentiality of participants. Through Dart
mouth Medical School, in 1996-1998, the authors conducted a medicolegal ana
lysis of federal laws, state statutes, and institutional policies in eight
states and three different types of health care settings, which are part of
a breast cancer surveillance consortium contributing data electronically t
o a centralized data repository. They learned that a variety of state and f
ederal laws are available to protect confidentiality of professional and la
y research participants. The strongest protection available is the Federal
Certificate of Confidentiality, which supersedes state statutory protection
, has been tested in court, and extends protection from forced disclosure (
in litigation) to health care providers as well as patients. This paper des
cribes the careful planning necessary to ensure adequate legal protection a
nd data security, which must include a comprehensive understanding of state
and federal protections applicable to medical research. Researchers must a
lso develop rules or guidelines to ensure appropriate collection, use, and
sharing of data. Finally, systems for the storage of both paper and electro
nic records must be as secure as possible.