Privacy Considerations
Section 3
Additional Protections: Certificates of Confidentiality
Certificates of confidentiality are intended to protect research data from use in civil or criminal matters. They are intended to cover research that could be sensitive or stigmatizing or could result in civil or criminal liability (Sugarman and Carrithers 2021). As part of the 21st Century Cures Act, certificates of confidentiality are automatically issued for all biomedical, behavioral, clinical, and other research that "collects or uses identifiable sensitive information" and is funded wholly or in part by the NIH. Under this act, data are considered identifiable if "there is at least a very small risk" of reidentification, including as a result of combining that information with other available data sources. The automatic issuance of certificates of confidentiality creates unexpected complications for pragmatic trials (Sugarman and Carrithers 2021), which are briefly described here.
Pragmatic clinical trials embedded in healthcare systems raise the following data privacy and data protection issues relevant to certificates of confidentiality:
- Use of sensitive or otherwise stigmatizing data for research when the data are mined from the EHR without patient knowledge
- Opaque requirements for notifying patients about the provisions of the certificate of confidentiality
It remains unclear under the disclosure requirements for certificates of confidentiality whether researchers are permitted to include identifiable research data in the EHR and subsequently to allow disclosure of those data outside the research context without consent. The NIH provides some guidance on the provisions:
The policies for handling research data and medical records can differ with each institution. For this reason, NIH suggests that investigators who intend to include research data in subjects' medical records work with their own institutional counsel and IRB to ensure that all documents are handled appropriately and in line with the institution's own policies.
However, formal guidance on the policy as it pertains to pragmatic trials is still needed.
SECTIONS
Resources
New and Improved? 21st Century Cures Act Revisions to Certificates of Confidentiality
An article providing information about certificates of confidentiality under the 21st Century Cures Act.
Responding to Signals of Mental and Behavioral Health Risk in Pragmatic Clinical Trials: Ethical Obligations in a Healthcare Ecosystem
An article describing challenges, including privacy-related challenges, of monitoring and responding to signals of potential distress in pragmatic clinical trials.
Privacy and Confidentiality in Pragmatic Clinical Trials; Rethinking Clinical Trials Grand Rounds; August 19, 2016
REFERENCES
Sugarman J, Carrithers J. 2021. Certificates of confidentiality and unexpected complications for pragmatic clinical trials. Learn Health Sys. 5. doi:10.1002/lrh2.10238. PMID: 33889738.