Resources

Clinical Trials 101: What Patients Can Expect from HIPAA Guidelines 

If you’re a patient, you are the expert in your own experiences. This is particularly true for patients with rare, chronic illnesses, where treatments and therapies may be hard to come by, still in development, or riddled with a wide variety of challenging side effects. 

Still, for many patients, the thought of participating in a potentially life changing clinical trial can cause feelings of apprehension. Expertise in your own experiences with a given condition doesn’t necessarily translate to confidence in the who, what, when, where, why, or how of a clinical trial. 

We’re here to help clear some of that up. 

The History of HIPAA 

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that regulates the ways in which your protected health information (also referred to as PHI) is used, disclosed, and exchanged. PHI includes anything that is a part of a patient’s personal health information, like medical charts, test results, billing information, and more. 

Initially, there were two goals tied to HIPAA: Make healthcare delivery more efficient and increase the number of Americans who are covered by health insurance. 

In 2003, Congress permitted the U.S. Department of Health and Human Services to also establish rules that specifically protect the privacy of PHI. Today, this addition is known as the Privacy Rule. The goal of the Privacy Rule expands the impact of HIPAA: It works to find balance between limiting the disclosure of PHI while still providing medical researchers with access to information that is necessary for their work. 

How HIPAA Impacts Patients in Clinical Trials 

HIPAA is a national standard in the United States, so its regulations – including the Privacy Rule – do apply to any clinical trial that is held in the U.S. When it comes to your individual experience as a patient in a clinical trial, these protections can show up in a number of ways: 

Patients have the opportunity to choose whether or not their PHI is being used or disclosed. 

If you sign up for a clinical study, your PHI cannot be used for medical research unless you 1. Review documents that ensure you fully understand the study at hand, and 2. Provide written authorization for the use of your PHI. Before the researchers can move forward, an Institutional Review Board (IRB) is required by HIPAA to review the paperwork and sign off on it. 

Researchers must have an adequate data management plan – and data protection plan – in place. 

This plan outlines how your data will be “stored, transported, analyzed, and destroyed” after the research has been completed. These practices may include special access authorizations, recording hardware and monitoring software tools, and/or security measures that keep PHI safe from unauthorized users, especially when it is stored electronically. 

Patients can access their own health data. 

While this is common practice during treatment, check-ups, or other routine appointments with medical professionals, it also applies to clinical trials. Patients should be able to access their own PHI, notify researchers of any inaccurate or incomplete portions, and take their own records to other care providers in the future. 

Protecting Your Personal Information 

Above all, keep in mind that before researchers can use or disclose your PHI for the sake of their research, they must first meet all requirements outlined by HIPAA. In unique situations, the patient authorization portion of the HIPAA requirements is not required – but these situations still include other PHI restrictions, helping to ensure that no extraneous use of your information will be tolerated. 

Whether you’ve already participated in a clinical trial or are considering one for your future, you deserve to understand every aspect of the research process – including how your personal health information will be protected.