Sharing potentially sensitive data will be simpler if you get written consent in advance from research subjects*. Add information about data sharing to your IRB application and your informed consent document:
*What if you don't have informed consent? If your research is regulated by HIPAA, the Privacy Rule specifies five other circumstances under which researchers can use or disclose protected health information, but keep in mind that it's still best practice to get informed consent even if you'll be sharing de-identified data.
De-identifying or anonymizing data
In order to share sensitive data publicly, you must remove or obscure* all identifiers that would allow the data to be linked to an individual or small group of individuals. You have two options:
Remove or obscure all identifiers, but preserve a key code in a separate location that could be used to re-link the data and the identifiers.
Remove or obscure all identifiers and destroy any key codes that could be used to re-link data and identifiers.
*In some datasets, identifiers can be obscured/masked instead of being removed. For information about how to obscure a variable to prevent identification, see the following references (arranged in order of increasing detail):