Download Comments (PDF) April 2024
The World Privacy Forum filed detailed comments regarding draft guidance on privacy and medical research to the U.S. Department of Health and Human Services and the U.S. Food and Drug Administration. The proposed guidance, Facilitating Understanding in Informed Consent, is related to consent for human subject research (medical research) and is particularly important. The final version of the guidance will provide formal guidance to the majority of clinical researchers and human subject researchers in the United States regarding how to handle participant / patient consent for medical research.
Currently, models of consent are in the process of going digital, which has created a number of challenging problems to solve. In the comments, WPF had several recommendations to improve consent and privacy. One key recommendation is that patients who are being asked to consent to medical research should be clearly informed when their health information is protected by HIPAA, and when it is not protected. Many research participants are unaware that HIPAA privacy protections do not necessarily apply to research or clinical trial data in the U.S., depending on the use case. Clarification of legal protections available for patients in each research project is necessary and important.
Additional areas of discussion in the comments included a discussion of the necessity of taking stock of the broader consent ecosystem, and providing normative privacy rules for the researchers themselves to abide by. Most professions have some form of normative privacy law or guidance today; in countries that have GDPR or GDPR-similar legislation, research is covered under the law. The U.S. has a significant regulatory gap in this area, because the U.S. sectoral regulation on health privacy, HIPAA, applies to health care providers, health insurers, and clearinghouses. For this reason, not all human subject medical research actually falls under the purview of HIPAA, because it may take place at an entity other than a provider, insurer, or clearinghouse as defined by the law.
Additional recommendations in the draft focused on digitalization issues, scale issues, impacts on consent from Artificial Intelligence, and the need to take into account vulnerable and other impacted populations.
Related Documents:
-
Comments of WPF regarding draft HHS and FDA guidance on Facilitating Understanding in Informed Consent (PDF, 10 pages) 2024
-
HHS Guidance on Facilitating Understanding in Informed Consent, 2024
- WPF’s prior comments, filings, and reports on human subject research, the Common Rule, privacy, and consent:
- 2023: WPF comments regarding Confidentiality of Substance Use Disorder Patient Records, 42 CFR Part 2, 45 CR Part 164.
- 2022: WPF advises Secretary’s Advisory Committee on Human Research Protection regarding its proposed AI Framework
- 2020: Report: COVID-19 and HIPAA: HHS’s troubled approach to waiving privacy and security rules for the pandemic
- 2019: WPF urges National Institutes of Health to expand privacy guidance for researchers
- 2019: Comments of WPF to National Institutes of Health regarding request for public comments on a draft NIH policy for data management and sharing and supplemental draft guidance
- 2018: Pam Dixon calls for a Nuremberg Code of digital ethics, addresses 40th international conference of data protection and privacy commissioners
- 2018: Ethical data review board models: Multistakeholder meeting
- WPF to testify before NCVHS on emerging concerns in health privacy — Beyond Digitalization: Artificial Intelligence, APIs, and health privacy
- 2016: Report: Privacy, the Precision Medicine Initiative, and the All of Us Research Program: Will any Legal Protections Apply?
- 2016: WPF files comments on Federal proposal for Human Subject Research (Common Rule
- 2014: WPF urges Big Data approach that addresses vulnerable populations
- 2013: WPF comments on draft Genomic Data Sharing Policy (NIH)
- 2012: WPF asks Presidential Commission to protect genetic privacy
- 2011: WPF urges HHS to do more to protection the privacy of people who are medical research subjects
- 2010: Comments of WPF regarding proposed modifications to the HIPAA Privacy, Security, and Enforcement Rules under HITECH
- 2008: WPF urges more attention to the protection of research study participants
- 2008: World Privacy Forum Comments regarding OHRP Human Subjects Protection, Training, and Education.
- 2007: WPF files public comments and recommendations on pharmacogenomics privacy: all patient-specific PGx research should require certificates of confidentiality
- 2006: Comments to the National Institutes of Health regarding its request for information for genome wide association studies repository policy
- 2006: WPF comments on draft report “Policy issues associated with undertaking a large US population cohort project on genes, environment, and disease”
- 2005: Testimony of Pam Dixon, before the National Committee on Vital and Health Statistics (NCVHS) Subcommittee on Privacy and Confidentiality