Skip to content

COVID-19 Resources

Access the latest information on COVID-19 for clinical researchers
  • Home
  • About
    • NIH Collaboratory
      • Coordinating Center
      • NIH Collaboratory Trials
      • Core Working Groups
      • Steering Committee
      • Distributed Research Network
      • Our Impact
    • Living Textbook
      • Table of Contents
      • How to Use This Site
  • Resources
    • Data and Resource Sharing
    • Training Resources
    • Tools for Researchers
    • Publications
    • Knowledge Repository
  • Webinar
  • Podcast
  • News
    • News Feed
    • Calendar
    • Subscribe
return to home
Subscribe to Newsletter go to twitter feed go to linkedin go to blue sky feed
Search
NIH Collaboratory
Living Textbook of
Pragmatic Clinical Trials

COVID-19 Resources

Access the latest information on COVID-19 for clinical researchers
home button

Rethinking Clinical Trials

A Living Textbook of Pragmatic Clinical Trials

  • Design
    • What is a Pragmatic Clinical Trial?
    • Decentralized Pragmatic Clinical Trials
    • Developing a Compelling Grant Application
    • Experimental Designs and Randomization Schemes
    • Endpoints and Outcomes
    • Analysis Plan
    • Using Electronic Health Record Data
    • Building Partnerships and Teams to Ensure a Successful Trial
    • Intervention Delivery and Complexity
    • Patient Engagement
  • Data, Tools & Conduct
    • Assessing Feasibility
    • Acquiring Real-World Data
    • Assessing Fitness-for-Use of Real-World Data
    • Study Startup
    • Participant Recruitment
    • Monitoring Intervention Fidelity and Adaptations
    • Patient-Reported Outcomes
    • Clinical Decision Support
    • Mobile Health
    • Electronic Health Records–Based Phenotyping
    • Navigating the Unknown
  • Dissemination & Implementation
    • Data Sharing and Embedded Research
    • Dissemination Approaches for Different Audiences
    • Implementation
    • End-of-Trial Decision-Making
  • Ethics & Regulatory
    • Privacy Considerations
    • Identifying Those Engaged in Research
    • Collateral Findings
    • Consent, Disclosure, and Non-Disclosure
    • Data and Safety Monitoring
    • Ethical Considerations of Data Sharing in Pragmatic Clinical Trials
    • Ethics for AI and ML
    • IRB Responsibilities and Procedures

Current Federal Regulatory Framework: Common Rule, FDA, and HIPAA

CHAPTER SECTIONS

Privacy Considerations


Section 2

Current Federal Regulatory Framework: Common Rule, FDA, and HIPAA

Expand Contributors

Stephanie Morain, PhD
Judith Carrithers, JD
Joseph Ali, JD
Vasiliki Nataly Rahimzadeh, PhD

Contributing Editor

Karen Staman, MS
Damon M. Seils, MA

General mechanisms for protecting patients’ privacy are described below, yet these are often challenged in the context of pragmatic research.

  • The Common Rule (45 CFR part 46) is applicable to research involving human subjects conducted, supported, or otherwise subject to regulation by any federal department or agency in the United States that has signed onto the Common Rule. It requires adequate provisions to protect the privacy of subjects and to maintain the confidentiality of data. Using identifiable patient data for research generally requires institutional review board (IRB) approval. This regulatory framework is described in more detail in the Consent, Disclosure, and Non-Disclosure chapter of the Living Textbook.
  • The US Food and Drug Administration (21 CFR parts 50 and 56) regulates research that involves drugs, medical devices, food, dietary supplements, and some electronic products. FDA regulations require the IRB to determine (where appropriate) that there are adequate provisions to protect the privacy of subjects and to maintain confidentiality of data.
  • The Health Insurance Portability and Accountability Act (HIPAA) allows covered entities and their business associates to release protected health information (PHI) only in certain controlled situations, including for treatment, payment, or operations; with authorization from the individual; or as a limited dataset. A full description of HIPAA as it relates to embedded pragmatic trials can be found in the Gaining Permission to Use Real-World Data section of the Acquiring Real-World Data chapter of the Living Textbook.

Understanding these mechanisms for protecting privacy is important for all research. In the sections that follow, we describe some of the unique considerations for embedded pragmatic clinical trials.

Previous Section Next Section

SECTIONS

CHAPTER SECTIONS

sections

  1. Introduction
  2. Current Federal Regulatory Framework: Common Rule, FDA, and HIPAA
  3. Additional Protections: Certificates of Confidentiality
  4. Individual Privacy
  5. Clinician and Institutional Privacy Considerations


Version History

July 3, 2025: Made nonsubstantive changes to the text and updated links as part of the regular content review (changes made by D. Seils).

Published September 27, 2022

current section :

Current Federal Regulatory Framework: Common Rule, FDA, and HIPAA

  1. Introduction
  2. Current Federal Regulatory Framework: Common Rule, FDA, and HIPAA
  3. Additional Protections: Certificates of Confidentiality
  4. Individual Privacy
  5. Clinician and Institutional Privacy Considerations

Citation:

Morain S, Carrithers J, Ali J, et al. Privacy Considerations: Current Federal Regulatory Framework: Common Rule, FDA, and HIPAA. In: Rethinking Clinical Trials: A Living Textbook of Pragmatic Clinical Trials. Bethesda, MD: NIH Pragmatic Trials Collaboratory. Available at: https://rethinkingclinicaltrials.org/chapters/ethics-and-regulatory/special-privacy-considerations/current-federal-regulatory-framework-common-rule-fda-and-hipaa/. Updated July 3, 2025. DOI: 10.28929/171.

Footer Menu

  • How to Use This Site
  • About NIH Collaboratory
  • Enrollment Reporting
  • Grand Rounds
  • Funding Statement
Link to Twitter Link to LinkedIn Link to Blue Sky Link to NIH Collaboratory email

Reference in this Web site to any specific commercial products, process, service, manufacturer, or company does not constitute its endorsement or recommendation by the U.S. Government or National Institutes of Health (NIH). NIH is not responsible for the contents of any “off-site” Web page referenced from this server.

Log in
Privacy Statement
WordPress is a content management system and should not be used to upload any PHI as it is not an environment for which we exercise oversight, meaning you the author are responsible for the content you post. Please use this system accordingly. Site Map