The Ins and Outs of Privacy in Clinical Trials for Patients With Cancer


A woman with metastatic breast cancer simplifies common terms used in guidelines for privacy of patients in clinical trials. “If we want to take down cancer, we have to find confidence in a system that wasn’t designed to protect us,” she writes.

Keeping your personal information safe is always required

It seems like every day there is news about groundbreaking developments in cancer treatments. But the thing about research is that it can show amazing possibilities in the laboratory and still not make a difference in real life. Even if those incredible ideas could work, it takes people willing to be clinical trial participants to transform the ideas of researchers into better treatments.

Though I haven’t been on a clinical trial due to cancer progression, I have been a participant in an exercise/diet intervention for people with metastatic breast cancer and part of the control group in a cardiac intervention trial for people prescribed Herceptin (trastuzumab). I’ve also been a research team member and have reviewed clinical trial consent forms.

Despite all of this, I still find the idea of participating in a clinical trial a hurdle. Part of it is that I want to know that my personal data will be safe and remain private.

Personal health privacy is a big deal. There is a history of misused data and unethical behavior in the U.S. that can’t be ignored. The hospitals we trust can give our de-identified health care data to researchers and sell it to other companies (or create their own data-mining companies), and they don’t always have to let us know.

Yet, if we want to take down cancer, we have to find confidence in a system that wasn’t designed to protect us. In clinical trials, there are steps that researchers and institutions are required take to assure that private information is kept as safe as possible. However, the words your doctor or clinical trial researcher uses can be unfamiliar. Here, a quick rundown of words to know when it comes to clinical trial privacy:

Institutional Review Board (IRB): The IRB is made up of people from different backgrounds – some have scientific training, but there are also people without scientific training as well as community members. It is meant to keep research participants as safe as possible. In terms of data, the IRB asks why specific data is needed, who collects and can look at that data, and how it will be protected. IRB itself is short for Institutional Review Board of Biomedical Researching Using Human Subjects.

Protected Health Information (PHI): Also called Personal Health Information, this is all the information--demographic, medical history, test results, mental health conditions, insurance information, and so on--that your doctors collect to identify you and provide care.

De-identified: This means that your personal health information isn’t easily linked to you, but it is not anonymous. Each person is given a patient-identifier for the study (not the number used with your medical records) and that alone is used when the research team is looking at all the collected information. With de-identified data, a select person, such as the main investigator, is able to link your specific information (for example, tissue or blood samples) to you. This is also called coded data and is used in clinical trials.

Anonymous: In research, this means that not even the investigator can link your information to you. You might see this word used to describe some patient surveys.

HIPAA (Health Insurance and Portability and Accountability Act): For clinical trials where patient data will be de-identified, this Act ensures that 18 personal identifiers are removed from the information collected. HIPAA and the Health Information Technology for Economic and Clinical Health Act limit the PHI that healthcare providers, health insurance companies, and the companies they work with can collect. Those rules also limit what can be done with the data in terms of sharing it with other organizations or using it in marketing.

Data Storage: In the clinical trial plan, researchers must describe the specifics of how they will keep de-identified data safe from being tracked back to the patient. This is done by using technology to disguise (encrypt) the information, limiting who can see it and keeping paper records in a locked location.

Consent Form: This form ensures that the patient explicitly agrees to participate and outlines how their identity and information will be kept safe. It must be written in a way that middle schoolers can understand. Often, it will include information about where and how the de-identified patient information might be shared.

For more news on cancer updates, research and education, don’t forget to subscribe to CURE®’s newsletters here.