Data Privacy and Security
Data quality, reliability, and safety are key components in the progress and advancement of global clinical research. Physicians and clinical analysts are entrusted with some of the most personal and intimate information in the lifetime of patients. Realization of the importance of data privacy and security especially for clinical research institutions and their systems has prompted the creation of many control bodies and legislations which have been handed the responsibility of setting up and enforcing suitable standards to ensure transparency in the handling and usage of this patient data. The existing regulatory bodies which include the FDA, HIPAA, ISO, national and multi-national commissions often highlight varying standards all aimed at achieving the best privacy and security policies for the control of availability and distribution of clinical data. Examples of the regulatory bodies and their policies are listed below.
HIPAA Privacy Rule
The HIPAA Privacy Rule is a security policy that was issued by the United States Department of Health and Human Services which nationally restricts covered entities such as health care providers, business associates and even subcontractors from usage and disclosure of personally identifiable information (names; birth, treatment or any other dates related to patients’ illness; phone numbers and other contact information; social security numbers; medical records; voice and finger prints; etc.) that pertains to a patient or client of healthcare. This rule was established to protect the privacy of patients and also give them the rights and access to their health information and medical records referred to as protected health information (PHI).
Becoming HIPAA compliant requires covered entities and their business associates to include the following three in their privacy procedures:
Administrative policies, practices, and procedures to control access and use of protected health information.
Physical security protecting documents and data containing PHI
Technical security to avoid links or breaches of PHI