We use cookies to deliver our online services. Details of the cookies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you agree to our use of cookies. To close this message click close.

New data privacy and security requirements proposed for human subjects research

25 July 2011

The U.S. Department of Health and Human Services (HHS) published new proposed requirements for human subjects research under the Common Rule that, if adopted, would include significant new data privacy and security obligations on research entities.  HHS is considering the creation of mandatory data security and information protection standards for all studies involving identifiable or potentially identifiable data.  This could include adopting the HIPAA Privacy Rule standards for when data is deemed de-identified, as well as categorizing biospecimen research as identifiable information.  HHS also proposes to re-evaluate the HIPAA de-identification standard to ensure it reflect emerging technology and evolving informational risks.  HHS requests comment on these proposals.

HHS also proposes data security requirements for research information.  This could include a requirement that research involving the collection and use of identifiable data adhere to the HIPAA Security Rule standards as well as breach notification standards modeled on the HIPAA requirements.  For research using limited data sets or de-identified information, re-identification of individuals would be strictly prohibited. HHS would provide for additional enforcement as well as periodic random audits of research institutions.  HHS poses a number of specific questions regarding implementation of data privacy and security requirements for research entities.  This HHS issuance is in the form of an Advance Notice of Proposed Rulemaking (ANPRM), Human Subjects Research Protections: Enhancing Protections for Research Subjects and Reducing Burden, Delay, and Ambiguity for Investigators.  Comments will be accepted for 60 days following publication of the ANPRM in the federal register.  The ANPRM and related information can be accessed at http://www.hhs.gov/ohrp/humansubjects/anprm2011page.html.

Cybersecurity in the Health Sector

The health sector is under siege with cybersecurity threats. Some of the largest announced cyber attacks in U.S. history have targeted organizations in the health industry. Regulators have...

02 May 2016
Loading data