How Do Data Privacy Laws Affect Clinical Trials?

How Do Data Privacy Laws Affect Clinical Trials?

August 29, 2018

How Do Data Privacy Laws Affect Clinical Trials?

Clinical research, and specifically clinical trials, are a vital part of maintaining and improving the effectiveness of modern medicine. Many medical advancements are the direct result of diverse clinical study participants who all play an important role in new treatment developments.

Clinical Study Data Privacy

As clinical research is collected, there are several benefits to sharing information among researchers. It is more economical, more efficient, and safer to recycle existing data than to conduct redundant clinical studies. However, with these benefits of sharing data comes the possibility of putting patient privacy at risk.

Two ways that clinical data can be shared is through either an open-access or controlled-access model. Open-access can be the riskier option, as it means that the data is made publicly available and can be accessed by anyone without restrictions. In contrast, controlled access means that data is only released under certain conditions—for example, if the party requesting data can prove authenticity and genuine intent to research.

Understanding Volunteer Rights

Before deciding to take part in a clinical trial, potential volunteers should make sure that they fully understand their rights. Along with the right to leave a study at any time, clinical trial participants are entitled to informed consent through the Patient Bill of Rights.

Among one of these rights is the Health Insurance Portability and Accountability Act, or HIPAA. Essentially, the goal is to ensure that clinical study participants can be unidentifiable as individuals—in other words, anonymous. Data anonymization refers to the process of de-identifying those participants by removing “direct identifiers,” including:

  • Names and photographs
  • Geographic information smaller than a state (address, zip code, etc.)
  • Any date smaller than a year (birth date, admission date, etc.)
  • Contact information (telephone numbers, email addresses)
  • Social security numbers
  • Medical record, health plan numbers, account numbers
  • Vehicle/device identifiers
  • Websites and IP addresses

This listed information is referred to as Protected Health Information, or PHI. Once all of the PHI is removed from the data, it may be used without HIPAA restriction.

Protecting Volunteer Privacy is a Top Priority

In certain studies, where exact numbers are necessary but may compromise a participant’s privacy, a random offset may be applied. For example, if the exact age of a participant is necessary, the birth date and date of record collecting would be calculated by adding exactly 91 days to each in order to generate a “dummy date.”

Information including place of treatment, sex, diagnosis, socioeconomic data, ethnicity, household and family composition is referred to as “indirect identifiers.” Indirect identifiers are much less likely than direct identifiers to pose a risk to a clinical study participant’s privacy.

The General Data Protection Regulation protects the health information of any individual, or “data subject” within the EU. The confines of the GDPR, which went into effect in May 2018, are much stricter than those of HIPAA, as they also protect data which researchers in the US may consider to be an “indirect identifier.”

Need More Info?
Check out our Frequently Asked Questions. You can also contact us to inquire about current clinical trial volunteer opportunities, or check and for current research volunteer opportunities.