Privacy Concerns Surrounding Real-World Data

The Food and Drug Administration has officially taken the position that real-world data (RWD) and real-world evidence (RWE) are playing a larger role in health care decisions.

Over the last 25 years, it has become commonplace for almost every household to own at least one personal computer. A majority of individuals, 80.63% of the world’s population to be exact, also currently own a smartphone (source). Add on to these statistics, that wearable devices and biosensors are also becoming widely accepted and used. The widespread adoption of the “latest technology” changes the social landscape as a whole, which has an interesting effect on the clinical research field.

These technological advancements, along with their accessibility, have enabled researchers to gather and store large amounts of health-related data. For drug developers, RWD and RWE are being used to support both clinical trial designs and observational studies. This allows clinical researchers to take advantage of the technology being widely adopted by potential study participants and amend their processes to incorporate new treatment approaches. While these improvements and changes lead to a potentially exciting future for clinical studies, the potential risks must also be discussed.

For example, how exactly is this information being used by regulators and sponsor companies? What processes will sponsors and clinical trials staff incorporate to ensure a patient’s privacy? What will it mean to the future of drug development and other types of clinical studies?

Governmental regulation agencies across the globe are working to keep up with changes in technologies and their widespread adoption by their respective societies. In the United States (USA), the National Institute of Health (NIH) has published the following:


The European Union (EU), has also been working to stay ahead of the technology curve— replacing the Data Protection Directive 95/46/EC with the General Data Protection Regulation (GDPR) to address the concerns regarding patient privacy. Nick Meade, with the Genetic Alliance UK has said:


While it has become increasingly obvious that data-collection, RWDs, and RWEs will increase thanks to the technologies that are more available to us than ever before, it has also become increasingly clear that with these possibilities for advancement and progression will come a responsibility to protect patient privacy more than ever before. These conversations are necessary and healthy to have. Clinical research professional need to be active participants in these conversations to ensure patient privacy is respected, along with patient safety. These changes can be hurdles to overcome and therefore cumbersome, but again it’s a pain-point that must be addressed and solved in order to grow the potential that will lead to real-world advancements within the field.

It is also important to note that compliance with HIPAA does not necessarily mean compliance with GDPR. Simply stated, GDPR has a much broader scope than HIPAA and does not deal exclusively with health information. Consent is a major factor for both regulations; however, for GDPR, the terminology used for consent, as well as its placement, requires more from a sponsor to be compliant than HIPAA.

GDPR requires sponsors to be clear about how and why data is being used. It also requires sponsors to fully consider data transparency, security, and accountability. Additionally, all those working on the trial will need to be appropriately trained to ensure they maintain compliance standards.

Failure to comply with GDPR or HIPAA can result in costly penalties, so trial sponsors should do their due diligence to investigate and understand the duties owed to patients. While clinical research enjoys certain freedoms to collect, process, and mine data, the best practice is to seek legal counsel familiar with laws in the USA or EU, appoint a DPO, and as is always best practice, treat patient safety, security, and privacy as paramount.

These regulations are complicated as the laws are ever-changing due to the nature technology always improving. Often, clinical research teams and government regulatory bodies are playing catch up. You do not have to navigate these unchartered waters alone. Delve Health has created platforms that ensure data privacy and are HIPPA and 21CFR11 GDPR compliance. We also provide RWE solutions to collect data (RWD) directly from patients remotely. RWE studies can then utilize our programs in order to gain direct access to patient participants.

Contact us for more information on how our platforms can help ensure compliance.

Schedule a meeting



Related articles

Scroll to Top