Privacy Considerations
Section 2
Current Federal Regulatory Framework: Common Rule, FDA, and HIPAA
General mechanisms for protecting patient privacy are described below, yet these are often challenged in the context of pragmatic research. Applicable mechanisms for protecting privacy include:
- The Common Rule (45 CFR part 46) is applicable to research involving human subjects conducted, supported, or otherwise subject to regulation by any federal department or agency in the United States that has signed onto the Common Rule. It requires that there are adequate provisions to protect the privacy of subjects and to maintain the confidentiality of data. Using identifiable patient data for research generally requires institutional review board (IRB) approval, and this regulatory framework is described in more detail in the Consent, Disclosure, and Non-disclosure
- The Food and Drug Administration (21 CFR parts 50 and 56) regulates research that involves drugs, medical devices, food, dietary supplements, as well as some electronic products. FDA regulations require the IRB to determine (where appropriate) that there are adequate provisions to protect the privacy of subjects and to maintain confidentiality of data.
- The Health Insurance Portability and Accountability Act (HIPAA) allows covered entities and their business associates to release protected health information (PHI) only in certain controlled situations, including for treatment, payment, or operations; with authorization from the individual; or as a limited dataset. A full description of HIPPA as it relates to ePCTs can be found in the Gaining Permission to Use Real-World Data section of the Acquiring Real-World Data
Understanding these mechanisms for protecting privacy is important for all research, and in the sections that follow, we will describe some of the unique considerations for ePCTs.
SECTIONS
CHAPTER SECTIONS