How to address patient privacy and data-security concerns in clinical trials

In July 2021, we at Clariness have launched the Privacy Pledge for its ClinLife patient portal to make our commitment to data security and privacy fully transparent to our 1.3 million registered users. Founded in the early days of the internet, data security and privacy has always been a top priority. In the recent years we have started to communicate more clearly about our measures to our 15+ million visitors.

This blog first gives a background about the recent growth of public concerns (and patients concerns specifically) about online data security and privacy. Secondly, various specific concerns about privacy and data security that relate to patient data and clinical trial participation are mapped. Finally, we will show how we address these concerns and incorporate patient feedback at ClinLife.

First it is however crucial to define and distinguish between privacy and data security concerns. As Fabio Angeletti and Ioannis Chatzigiannakis argue, data security concerns can be summarized as the fear that ‘collected data may be used to extract or infer sensitive information about users’ private lives, habits, activities and relations’.[1] Privacy concerns on the other hand, can be defined as the individual’s user fear that they can be identified by voluntary disclosing personal information to websites or services or rather that this is being done by tracking tools or cookies.[2]

Background

In recent years, numerous data leaks and privacy scandals have dominated the news from North-America to Europe, Asia and Oceania.[3] In early July 2021, the British National Health Service (NHS) announced that the data of thousands of patients was accessed by unknown third-parties after extensive breaches in the NHS servers. In the same month, several medical companies and governmental institutions in the United States similarly announced that the personal data of up to 2.4 million patients had been exposed.[4]

These large scandals have lead to the deterioration of public trust in digital services which require users to provide personal information. This growing distrust is both directed towards private companies as well as – for many maybe surprisingly – governmental institutions. The depth and scale of this public anxiety about data security is shown in a large 2017 survey with 12.090 US citizens of whom 87% said they were hesitant to share even all the required medical information at regular doctor visits.

Concerns in USA about data sharing

Where most of the general public their privacy and data security concerns are relatively abstract or mainly related to the reporting of certain data leak scandals or the to the usage of social media, for patients and diagnosed people there is a direct fear for the consequences of data leaks. These fears can range from painful questions, disapproving comments in the working place, but also to the misuse of personal information by third parties or of health insurances becoming inaccessible.

These privacy and data security concerns directly impact clinical research as people are increasingly less willing to share personal health information, use health applications or sign-up for clinical trials and even research surveys. Clinical science depends on the collection and analysis of large amounts of anonymized data, to present an objective, representative, picture about the working of a new medication or therapy as possible. It is therefore crucial that clinical research organizations and other pharmaceutical companies involved in clinical research address data security and privacy concerns.

Before we show how Clariness’ ClinLife patient-centric trial database addresses these concerns and thereby improves the registration and retention in clinical trials hosted on our platform, it is important to examine these concerns in more detail.

“Collecting and storing of data is typically followed by sharing the data with researchers. This means that there must be a system in place to ensure that all organizational, legal and technical prerequisites are met’’.

– Jacobs, Popma (2019, Medical research, Big Data and the need for privacy by design). [5]

Privacy and data security concerns and clinical trial participation

The question how privacy and data security concerns of patients impact clinical trial recruitment and retention is an increasingly important topic in academic and private research. A large study by McKinsey found that patients especially have become more careful about sharing their data despite the fact that state regulators also have increased privacy and data-protection regulations.[6] More then just increasing privacy and data protection regulations, as the European Union’s adaption of the General Data Protection Regulation (GDPR) in April 2016, governmental bodies have also increasingly mentioned it in their public communication.

In scientific literature data and privacy concerns of patients and potential clinical trial participants is an increasingly important topic. This graph shows the increasing academic scholarship (as collected by Dimensions.AI) that focusses on these topics.[7]

 

According to a 2012 qualitative study by Pickard and Swan, for people with underlying health issues, who could potentially become clinical trial participants, ‘privacy concerns’ were the biggest barriers holding them from sharing their medical data in various ways. Directly related is a ‘lack of awareness of value of contribution (77%)’ that convinces people that sharing data is necessary for research.[8] Both of these points directly shape the challenges that sponsors and research sites face when enrolling patients for clinical trials. These challenges are not automatically overcome by either traditional or digital forms of patient outreach, although research suggests that the latter is more effective in addressing them.

 

“88% of the patients with chronic diseases say to be highly concerned about their data being accessible to third parties. For mental health service users this percentage is a staggering 99%”[9]

 

Privacy concern of European and American citizens in numbers

A majority of the public in North America and Europe is concerned about data security and prefers not to share any of their data with private companies, but surprisingly also governmental institutions.

  • 41% do not want to share any personal data with private companies, almost double the number compared to public bodies.[10]
  • 69% know about the GDPR. A similar number know their national data protection supervisory authority (71%).[11]
  • A majority of Americans report being concerned about the way their data is being used by companies (79%) or the government (64%).[12]

Where the general public is already concerned about sharing medical information, this concern is even bigger for diagnosed people.[13] For diagnosed people, after all, the concern about medical data that gets compromised or leaked, is both more concrete because they have sensitive medical data to ‘lose’ and have to make a direct consideration to make when applying for a clinical study.

The paradox of data security concerns by potential clinical trial participants

For potential participants in clinical trials, concerns about data security are more ‘real’ then for the general public. At the same time, research studies show that patients who consider (or might consider) to take part in research studies do additional research and inform themselves about data security and privacy regulations. This is also indicated by what we hear from our partnered research site managers, who for example have noted that patients at their first visit to the research center often have many questions about data security protocols and privacy of the answers provided in the screening interview.

These same survey shows that potential clinical trial participants are willing to share their information and take part in clinical trials under a number of conditions. According to Pickard and Swan there is even a ‘shift’ happening in the past years, with patients becoming more willing to share their data if they feel it is securely handled.[14] Based on their interviews with patients, they note that 71% of respondents were willing to share data with researchers if the principle of randomization was explained in a transparent way.

 

‘’Do the clinical trial goals have public benefits and does participating and sharing medical data directly contribute to these societal benefits, is a central question for many potential participants.’’

 

It is likely that potential participants base their decision on participation for a large part on the information provided on the platform where they first encounter the information about the clinical trial. While it is maybe unsurprising that the majority (93%) had less concerns with sharing their information when the study was conducted by university researchers, 82% indicated that under the right conditions they would also be ‘somewhat likely’ to share their data with scientists in ‘for-profit companies’.

The research platform Understanding Patient Data concluded that ‘people become more supportive of sharing patient data during the course of qualitative and deliberative studies’. This adds to their other survey results that shows that patients primarily question the purpose for which their data is collected and analyzed. Does the clinical trial where they participate in have public benefits and does sharing personal medical data directly contribute to the benefits of their respective patient communities?[15]

As Laura Damschrodera, Joy Prittsc et al (2007) have noted, this leads to a paradox where potential clinical trial participants are relatively (compared to the general public) more likely to act on their concerns about data security and privacy and decide against sharing data, but at the same time are more willing to share their data when the right conditions are met and transparently communicated.[16]

Based on this paradox, they pose a number of questions that should be answered and transparently communicated to potential participants. As some of these questions overlap, the most relevant for clinical trial organizers  can be summarized in three points:

  • Are medical records kept confidential and do researchers act responsibly to protect participants privacy?
  • Does the research being conducted demonstrate high priority on patient welfare that legitimizes the sharing of personal data and information?
  • Do researchers fully disclose the research being conducted and explain how medical records are used to conduct that research?

How Clariness  addresses privacy and data security concerns with the ClinLife patient portal

Addressing patients’ concerns about privacy and data security is a top priority for the pharmaceutical industry and medical research in general. As shown in the analysis of existing scientific literature above, there is a paradox that provides answers how these concerns can be addressed: on the one hand, potential clinical trial participants are relatively (compared to the general public) more concerned about data security and privacy of their medical data, but at the same time they are also more willing to share their data under the right circumstances.

Our Privacy Pledge highlights that it is our responsibility to keep the data from our users safe.

 

Here’s how Clariness’s Privacy Pledge upholds to Damschrodera and Prittsc’s questions that should be answered to address patient privacy and data security concerns:

Question 1: Are medical records kept confidential?

There are several ways to safeguard privacy and make sure user data is stored confidentially. While the technical back-end data protection measures are a fundamental component, these security standards can be improved by a few steps. At Clariness, we start with making sure that we only ask the absolute necessary information that is needed to determine if a patient matches the pre-screener and afterwards can be contacted by the study center.

Although certain data of potential trial participants needs to be stored, this is done only with the explicit consent of users. This follows the ‘Privacy Notice’, that is also indicated in the Articles 12, 13, and 14 of the European General Data Protection Regulation (GDPR). After users personally have selected which research center they want to contact and share their data with, it only becomes accessible to particular investigators of this center through our secure Investigator Service.

The user data presented in this portal is never accessible to anyone else as these identified researchers, including our employees. Furthermore, the data is anonymized after the user has completed or withdrawn from the study. This means that ‘The name, address, and full post code’ and related to the data are deleted ‘together with any other information which, in conjunction with other data held by or disclosed to the recipient, could identify the patient’.[17] Even statistical data is anonymized before being process for statistical viewing by Clariness employees. Employees furthermore have no access to the database.

This thus goes beyond the European Union’s GDPR that reads that ‘organizations must provide people with a privacy notice’ that explains when data is collected. This notice should be:

  1. In a concise, transparent, intelligible, and easily accessible form
  2. Written in clear and plain language
  3. Delivered in a timely manner
  4. Provided free of charge

 

Example: providing extensive information about the background of clinical research, the working of clinical trials and the purpose creates trust. 

Question 2. Does the research being conducted demonstrate high priority on patient welfare?

One of the findings discussed above, is that patients are more willing to participate in research that collects and analyses their data when they have a better understanding of the purpose, organizers and procedure of the study.

With our patient-centric clinical trial platform ClinLife and Active Recruitment’s patient outreach we explain and build trust for clinical trials in the following ways:

  1. ClinLife Registry [link] provides extensive information in lay language about clinical trials. From the background of the specific study to what progress was made into finding new treatments and medications and how the process of participation works. By highlighting these public benefits of clinical research, we see that patients become more willing to share their data and participate in clinical trials.
  2. Active Recruitment through data-driven online outreach campaigns directs patients to clinical trials hosted on ClinLife. ClinLife is a neutral patient-centric platform not directly connected to specific pharmaceutical companies or research centers. Making all clinical trial information accessible in national languages furthermore helps building trust. This is reflected in our over 1.3 million registered users and our 200.000+ followers on Facebook.
  3. Anonymous feedback and patient surveys: Users have various ways of providing feedback. From a dedicated service portal to anonymous surveys and feedback sessions and Clariness’s yearly Patient’s Voice event [link]. This way we can address concerns personally and learn quickly when new concerns arise.

Example: Explanation of pre-screener questions – why we ask these questions, making clear for what their answers will be used.

Question 3. Do researchers fully disclose the research being conducted and how are medical records used to conduct that research?

Users usually start on the indication specific landing page. Here, the research in one specific indication is explained as well as the Privacy Pledge is linked so that users can read the privacy measures. On these indication pages as well as in the pre-screener, we explain potential participants why data collection is a crucial component in clinical research as well as what measures are in place to anonymize participants during and after participation.

After participants have answered the indication or study specific pre-screener, they are shown a number of available studies and relevant research centers that they then personally select.

Visit the Privacy Pledge page now or contact us about the personalized packages to host your studies on ClinLife, the patient-centric clinical trial platform.

 

 

 


Sources about public data security and privacy concerns on clinical trials 

[1] Angeletti F, Chatzigiannakis I, Vitaletti A. Towards an Architecture to Guarantee Both Data Privacy and Utility in the First Phases of Digital Clinical Trials. Sensors (Basel). 2018 Nov 28;18(12):4175. doi: 10.3390/s18124175. PMID: 30487435; PMCID: PMC6308650.

[2] Angeletti F, Chatzigiannakis I, Vitaletti A. Towards an Architecture to Guarantee Both Data Privacy and Utility in the First Phases of Digital Clinical Trials. Sensors (Basel). 2018 Nov 28;18(12):4175. doi: 10.3390/s18124175. PMID: 30487435; PMCID: PMC6308650.

[3] Independent, NHS Data Breaches (2021) https://www.independent.co.uk/news/health/data-nhs-patient-breaches-privacy-b1877154.html

[4] PrNewsWire, ‘Dermatology Data Security Incident’, (2021) https://www.prnewswire.com/news-releases/forefront-dermatology-s-c-identifies-and-addresses-data-security-incident-894815231.html

[5] Popma, J., ‘Medical research, Big Data and the need for privacy by design)’, (2019) https://journals.sagepub.com/doi/10.1177/2053951718824352

[6] McKinsey, ‘The consumer-data opportunity and the privacy imperative’ (April 2020).  https://www.mckinsey.com/business-functions/risk/our-insights/the-consumer-data-opportunity-and-the-privacy-imperative

[7] Searched in Dimensions.Ai on: (“clinical trial” OR “clinical research” OR “clinical trials”) AND (“privacy” OR “data protection” OR “GDPR” OR “data security” OR “data sharing” OR “personal information” OR “patient data” OR “medical information” OR “data concerns”).

[8] Pickard, K.T.; Swan, M. Big Desire to Share Big Health Data: A Shift in Consumer Attitudes toward Personal Health Information. In Proceedings of the 2014 AAAI Spring Symposium Series, Palo Alto, CA, USA, 24–26 March 2014. [Google Scholar]

[9] Hipaa Journal, ‘Patients Holding Back Health Information Over Data Privacy Fears’, (2017) https://www.hipaajournal.com/patients-holding-back-health-information-over-fears-of-data-privacy-8634/

[10] FRA, ‘How concerned are Europeans about their personal data online?’, (2020) https://fra.europa.eu/en/news/2020/how-concerned-are-europeans-about-their-personal-data-online

[11] FRA, ‘How concerned are Europeans about their personal data online?’, (2020) https://fra.europa.eu/en/news/2020/how-concerned-are-europeans-about-their-personal-data-online (35,000 people across all EU Member States, incl UK)

[12] Pew Research. Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information (2019) https://www.pewresearch.org/internet/2019/11/15/americans-and-privacy-concerned-confused-and-feeling-lack-of-control-over-their-personal-information/

[13] Pickard, Kt., Swan, M., ‘Big Desire to Share Big Health Data: A Shift in Consumer Attitudes toward Personal Health Information’, (2014 Stanford University).

[14] Pickard, Kt., Swan, M., ‘Big Desire to Share Big Health Data: A Shift in Consumer Attitudes toward Personal Health Information’, (2014 Stanford University).

[15] https://understandingpatientdata.org.uk/sites/default/files/2018-08/Public%20attitudes%20key%20themes_0.pdf

[16] The paradox of patient data security concerns: The majority of patients are more concerned about data security or taking part in activities that might lead to their medical data being compromised then the general public. At the same time, patients would sooner take part in clinical research that depends on the collection and analysis of their data if enough procedures, regulations and transparency is in place.

[17] https://medical-dictionary.thefreedictionary.com/Anonymized+Data