One of the biggest challenges faced in clinical trials is data privacy and security. Safeguarding sensitive patient information is top priority for clinical data managers, and they must be transparent about how particular data is being handled throughout a trial, whether the trial is on-site, decentralized, or hybrid.
This is the second of a series of articles exploring how to navigate some of the key challenges faced by clinical data professionals and how Viedoc can help.
1. Insufficient informed consent processes
Informed consent is critical to clinical trials, and clinical data managers must provide clear, concise information about how participant data will be used, who will have access to it, and how long it will be retained.
Issues include:
-
Consent forms that are too lengthy or complex for participants to understand
-
Insufficient detail when seeking specific, granular consent for different data processing activities
-
Not providing participants with easy ways to withdraw their consent
Another consideration is that scientific consent differs from consent under data protection law, so informed consent documents that pass scientific assessments may not be sufficient for data protection purposes.
2. Lack of data privacy and security by design
Data protection by design is a legal requirement under UK and EU GDPR. Clinical data managers must therefore consider data protection at the outset of any trial and build in safeguards by default.
This could involve:
-
Anonymisation or pseudonymisation of personal data wherever possible
-
Careful consideration of data access protocols, and restriction of access just to those who need it
-
Implementation of multi-layered security controls to protect sensitive health data
This is a specialist area so the necessary expertise or resources may be difficult to find, leading to data breaches and non-compliance.
3. Inadequate data processing agreements
Clinical trials often involve multiple parties, including sponsors, research sites, and service providers. Processing data across these organizational and geographical boundaries demands additional data protection requirements.
Clinical data managers therefore need to put robust data processing agreements in place that clearly set out each party’s responsibilities and ensure appropriate safeguards.
Issues that may arise include:
-
Lack of clarity around data controller/processor roles and responsibilities
-
Insufficient contractual protections around data security and breach notification
-
Insufficient due diligence assessment of third-party data protection practices
So, what’s the answer?
By considering each of these three issues carefully, the process of obtaining data protection approvals for clinical trial activities can be streamlined. This will positively impact both the quality and timeliness of the research, and ultimately the efficacy of the interventions being tested.
Having Viedoc in your corner can help in a number of these areas, by offering access limitation through user roles, randomization, encryption, easy-to-read audit trails, and the option for patients to provide electronic signatures, or eSignatures for informed consent. Also, Viedoc and our eClinical suite is ISO 27001:2022 certified and protects all data that goes through the system.
