Conducting Clinical Research in an Age of Data Privacy (presented by Susan Shelby, Biomedical Systems)
In the last few years, we've heard ever louder rumblings over data privacy concerns worldwide (and rightly so). Today’s digital world poses a privacy threat to citizens everywhere. In the highly regulated world of clinical research, PHI breeches have been a threat long ago raised and addressed, with multiple attempts to mitigate threats to patient privacy in effect – we’re all familiar with HIPAA, Directive 95/46/EC, etc.
However, the revocation of Safe Harbor by the European Court of Justice in October 2015, and the subsequent adoption of the U.S.-E.U. Privacy Shield, resulted in a flurry of activity throughout the global clinical research community. In the wake of Safe Harbor, there came a worldwide rush to halt the collection and transfer of routine demographic data with particular data identifiers at clinical research organizations, core laboratories, data management groups. Well-meaning global biopharmaceutical companies formed internal task forces to evaluate vendor compliance, often headed by legal team members or regulatory groups. Clinical vendors received stacks of requests to quickly find another means of compliance, in the vacuum that the fall of Safe Harbor caused, and prior to the Privacy Shield’s adoption. The Privacy Shield is the current umbrella sheltering the transfer of data from EU states to the U.S. However, the EU has also passed the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). Effective in May of 2018, this regulation intends to strengthen and unify data protection for individuals within the European Union (EU), including the export of their personal data outside the EU. When the GDPR takes effect it will replace the data protection directive (officially Directive 95/46/EC), from 1995. It contains very strong provisions for the safety and consent of subject’s data, together with costly sanctions to enforce these provisions.
Other questions can and should be raised about the restriction of certain data identifiers (DOB, gender, ethnicity) in clinical research. Might restricting the collection of some of these now restricted data compromise the clinical trial’s endpoints? If demographic data are entirely useless, why were they then ever collected in the first place? The panicked pace at which these policies have been adopted threaten the thoughtful consideration of the impact to the clinical trial experiment itself. While clinical investigators must not restrict activities necessary to assure patient safety, enforcing too strict patient of privacy constraints may be at odds with scientific data integrity. The rush to halt the collection and transfer of routine demographic data will also in some cases limit the collection or transmission of clinically significant data, interrupting its use by those trained to interpret it.
What are companies doing in the current environment of the Privacy Shield? How might the upcoming GDPR provisions affect clinical research? What are some approaches researchers and regulators may need to consider to gather data for drug approvals?
Slides are available to members upon request. Please send a note to email@example.com