Most people are familiar with, or have at least heard of, the Health Insurance Portability and Accountability Act (HIPAA). HIPAA was passed in 1996 to establish rules regarding Protected Health Information (PHI) for patients in the US. The three main rules are The Privacy Rule, The Security Rule, and the Breath Notification Rule, which all revolve around how PHI is handled, disclosed, and breach risks are mitigated.[1] So, how do sponsors actually ensure they are complying with HIPAA during clinical trials?
The importance of HIPAA for medical device or drug sponsors conducting clinical trials in the US is that it acts hand in hand with the HHS and FDA’s Protection of Human Subjects Regulation to ensure the protection of personal data throughout the trial.[2]
Of the 3 main rules described above, the Privacy Rule is the one that is the most directly related to clinical trials. The Privacy Rule corresponds with clinical trials by its governance of medical “research”, which clinical trials fall within the definition of.[3] In summary, the Privacy Rule is the foundation of protecting PHI of individuals, while also ensuring that researchers and sponsors can access the data they need to actually conduct the trial and make a clinical decision.
There are specific situations, governed under the Privacy Rule, that allow for PHI to be used or disclosed without the authorization of the individual. These situations include:
- When the sponsor has received authorization for disclosure from an IRB or Privacy Board
- When the information is to be used solely to prepare a research protocol
- When the information is needed solely to research protected health information of descendants (in the event of death)
As with many other aspects of Clinical Trials, the laws and regulations can become complex and confusing. It’s critical that sponsors fully understand everything they have to comply with before even beginning to plan for a clinical trial.
If clinical trials have your head spinning, let the experts at EMMA International help! Our team of clinical trial experts have broad experience across many different therapeutic areas, technologies, and products. Give us a call at 248-987-4497 or email info@emmainternational.com to learn more!
[1] HHS (n.d.) Health Information Privacy retrieved from: https://www.hhs.gov/hipaa/index.html on 08/22/2023
[2] FDA (March 2018) Comparison of FDA and HHS Human Subject Protection Regulations retrieved from: https://www.fda.gov/science-research/good-clinical-practice-educational-materials/comparison-fda-and-hhs-human-subject-protection-regulations on 08/22/2023
[3] HHS (n.d.) Summary of the HIPAA Privacy Rule retrieved from: https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html on 08/22/2023