Authors: Lauren Serpico & Jeff Pawelek –
With the rise of social media, interconnected digital technologies, and an increasingly data-driven society, individuals must know how to safeguard their personal information. Data breaches, cyberattacks, and unauthorized access have become increasingly common and can compromise the privacy and security of individuals. Hospitals and health care systems have become targets for cyberattacks in recent years, raising concerns over the sensitivity of personal health information and its potential to be misused for identity theft and fraud.
Importance of participant privacy & data security
In the context of clinical research, patient confidentiality and privacy protection measures must be upheld for ethical and legal requirements established by the U.S. Department of Health and Human Services and other regulatory bodies such as Institutional Review Boards. When people are recruited to participate in a research study, one of their top concerns is how researchers will protect their identity, how their personal data will be used, and whether their sensitive data will be shared (and with whom). In fact, concerns over personal privacy have been a well-known barrier for study recruitment 1. As a result, some researchers are using outreach and recruitment programs that are designed to build a new level of trust with study participants and enhance their understanding about privacy protection.
Commonly used techniques to protect participant data
While the digital age has introduced new ways for bad actors to breach and misuse personal information, fortunately tools to protect confidentiality have also benefited from continued innovation. In the figure below, we illustrate commonly used techniques in clinical research to protect participant data.
Addressing privacy concerns: Best practices in digital trials
As adoption of digital trials expands, addressing privacy concerns becomes not just a necessity, but a cornerstone of ethical research practice. Here are some ways that privacy concerns are addressed in digital clinical trials:
Informed consent: Building trust through transparency
Informed consent is a fundamental ethical and legal principle in research that involves obtaining permission from an individual before they participate in a research study. It signifies that individuals have been provided with understandable information about the purpose, procedures, potential risks and benefits, alternatives, and other relevant details of the study. Informed consent ensures that individuals have the autonomy to make well-informed decisions about their involvement in research, while upholding their rights, privacy, and well-being.
In the world of digital trials, the informed consent process creates an opportunity for researchers to establish a foundation of trust and transparency with participants. Using innovative ways to communicate complex privacy measures during the consent process can empower individuals to make informed decisions about how their data is used, shared and secured by the research team.
An additional layer of privacy: The Certificate of Confidentiality
A Certificate of Confidentiality (CoC) is a legal document to protect the privacy of individuals participating in research studies. It provides researchers with an additional layer of protection against compelled disclosure of participants’ identifiable information in legal proceedings, such as court orders or subpoenas. When researchers obtain a CoC, they are legally bound not to disclose any information that could identify participants in their study.
This helps to encourage individuals to participate in research studies involving topics such as reproductive health, knowing that their confidential information is safeguarded to the extent legally possible. In essence, a CoC reinforces the commitment to maintaining participant privacy, fostering trust between researchers and participants, and supporting the advancement of important research while minimizing the potential harm that could arise from breaches of confidentiality.
Our approach to ensuring privacy and data security
At the Scripps Research Digital Trials Center, participant privacy and data protection is our top priority. Specifically, our study platform, Careevolution’s MyDataHelps(™), meets the following technical security standards:
- Maintains a security program that is based on NIST 800-53 Rev. 5 (at the FISMA Moderate and Privacy baseline). The NIST 800-53 is a set of security and privacy controls that address diverse requirements as part of an organization-wide process to manage risk.
- Externally and formally validated on a regular basis by a Third Party Assessment Organization (3PAO) that is FedRAMP accredited. FedRamp is a standardized security assessment and authorization for cloud products and services used by U.S. federal agencies.
- Complies with FDA CFR 21 Part 11 and has been awarded an Authorization to Operate by the National Institutes of Health. Part 11 details the criteria under which electronic records and signatures are considered to be trustworthy and equivalent to paper records.
By maintaining this level of security, we make sure that those who take part in our studies can feel confident and secure in their decision to participate in research. We also actively work with participants through our Virtual Advisory Teams to directly address concerns, which helps shape our privacy protection practices as well as how we communicate these practices with participants. As we continue to explore new possibilities in digital trials, our goal remains clear: to push the boundaries of medical knowledge while respecting and safeguarding the trust our participant partners have given us. This sets the stage for a future where progress and privacy work together, creating exciting advancements.
 – Ulrich CM, Grady C, Demiris G, Richmond TS. The Competing Demands of Patient Privacy and Clinical Research. Ethics Hum Res. 2021;43(1):25-31