Data Privacy and Security
12.9.17
Data quality, reliability, and safety are key components in the progress and advancement of global clinical research. Physicians and clinical analysts are entrusted with some of the most personal and intimate information in the lifetime of patients. Realization of the importance of data privacy and security especially for clinical research institutions and their systems has prompted the creation of many control bodies and legislations which have been handed the responsibility of setting up and enforcing suitable standards to ensure transparency in the handling and usage of this patient data. The existing regulatory bodies which include the FDA, HIPAA, ISO, national and multi-national commissions often highlight varying standards all aimed at achieving the best privacy and security policies for the control of availability and distribution of clinical data. Examples of the regulatory bodies and their policies are listed below.
HIPAA Privacy Rule
The HIPAA Privacy Rule is a security policy that was issued by the United States Department of Health and Human Services which nationally restricts covered entities such as health care providers, business associates and even subcontractors from usage and disclosure of personally identifiable information (names; birth, treatment or any other dates related to patients’ illness; phone numbers and other contact information; social security numbers; medical records; voice and finger prints; etc.) that pertains to a patient or client of healthcare. This rule was established to protect the privacy of patients and also give them the rights and access to their health information and medical records referred to as protected health information (PHI).
Becoming HIPAA compliant requires covered entities and their business associates to include the following three in their privacy procedures:
- Administrative policies, practices, and procedures to control access and use of protected health information.
- Physical security protecting documents and data containing PHI
- Technical security to avoid links or breaches of PHI
Also, maintaining audit reports or tracking logs in order to denote activity records on both hardware and software is particularly useful in detecting the cause or source of any security violations. In addition to designating a privacy officer to whom the complaint and resolution process are well explained, employees should be well educated on HIPAA requirements, patients well informed of their rights and institutional practices and business associates compelled to sign agreements respecting PHI confidentiality.
Covered entities are required by Federal law to comply with the HIPAA Security Rule and could face strict penalties and fines in violations.
ISO (International Organization for Standardization)
ISO is a non-governmental and independent international organization boasting a membership of 163 national standards bodies. It unites experts through its members to communicate and develop voluntary, accord-based, market applicable international standards that enhance innovation and suggest answers to global difficulties. ISO has developed 21704 International Standards defining essential requirements to make working products and services.
Data+ Research in addition to providing some of the best-automated data management tools in clinical research from Biobanks to Premium Data Validation systems is recommended for exclusively respecting and ensuring optimum data privacy and security through their products. Data+ Research and it’s products are HIPAA compliant, ISO certified and appreciate the standards of regulations in clinical research.