Protecting Privacy During Research

Physician Group Calls for Stronger Safeguards
Protecting Privacy During Research
The American College of Physicians, which represents 132,000 internal medicine specialists, has proposed revisions to federal privacy rules to strengthen protections for individuals who participate in medical research projects.

The organization says rules governing research "should maximize appropriate uses of information to achieve scientific advances without compromising ethical obligations to protect individual welfare and privacy."

The college has issued a detailed policy paper outlining its proposal to revise existing regulations. The paper, an update to a document produced two years ago, was released as federal authorities solicit comments on a plan to update the Common Rule governing medical research, which has been in effect for 20 years. Regulators are seeking feedback on a plan to establish mandatory data security and information protection standards for all studies involving identifiable or potentially identifiable data (See: Research Data Protections Considered). The deadline for comments on that notice of proposed rulemaking was extended to Oct. 26.

Consent Issues

In its proposal, the college notes:
  • Participation in prospective clinical research requires fully informed and transparent [patient] consent that discloses all potential uses of PHI [protected health information] and IIHI [individually identifiable health information], and an explanation of any limitations on withdrawing consent for use of data, including biological materials.
  • ACP recognizes that further study is needed to resolve informed consent issues related to future research use of PHI and IIHI associated with existing data, including biologic materials.
  • Informed consent documents should clearly disclose whether law enforcement agencies would have access to biobank data without a warrant.
  • ACP recommends that regulations governing IRB (Institutional Review Board) review be expanded to include consideration of the preferences of research subjects whose tissue has been stored.

Defining Research

A federal advisory group recently recommended that regulators apply a narrow definition of "research" when updating the Common Rule to protect the privacy of patients involved in medical research projects (see: Medical Research and 'Trust Issues').

The Health IT Policy Committee said that when a provider organization uses data from electronic health records to evaluate the safety, quality and effectiveness of prevention and treatment activities, that amounts to using it for "operations" and not "research." As a result, the provider should not need to obtain "informed consent" from patients for these evaluations or approval by an institutional review board, as is required for broader research projects.

The American College of Physicians reaches a similar conclusion. It notes in a statement: "The paper says that by including providers, governmental bodies, consumers, payers, quality organizations, researchers, and technologists, the resulting framework would clearly specify appropriate activities - such as treatment, payment, and some health care operations - where sharing of personal health information can proceed without the need for additional consent. Once the boundaries of appropriate data-sharing practices and situations are agreed on, it will be far easier to define consent requirements for appropriate activities."


About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.