Skip to main content

FDA Urges Data Security, Controls When Using EHR in Clinical Trials

by Chris Brook on Friday July 20, 2018

Contact Us
Free Demo

The Food and Drug Administration issued new guidance on electronic health record data security this week that encourages employing privacy and security controls when performing clinical trials.

The Food and Drug Administration issued new guidance this week that encourages organizations using electronic health record (EHR) data in FDA-regulated clinical investigations to have a robust data management plan in place that prioritizes the integrity of data.

According to the guidance, best practice dictates that when using EHRs at a clinical investigation site appropriate security measures be employed in order to protect the confidentiality of study data. This especially rings true for when organizations use data from clinical studies performed outside the U.S., via EHR systems not cleared by the Office of the National Coordinator (ONC) for Health Information Technology.

Blog Post

Data-centric Security for Healthcare Compliance

In these scenarios the FDA stresses access to electronic systems needs to be limited to authorized users, the authors of records need to be identifiable, and audit trails need to be available in order to track changes to data.

“If the clinical investigation site is using a system that does not contain the adequate controls previously described in the bulleted items, sponsors should consider the risks of employing such systems (e.g., the potential harm to research subjects, patient privacy rights, and data integrity of the clinical investigation and its regulatory implications)” the guidance reads.
The guidance also encourages organizations that maintain EHR for clinical purposes ensure the data is in structured, not unstructured.

Currently EHR technology certified under the ONC Health IT Certification Program has to meet selected privacy and security protection requirements for an individuals' health information.
In most instances, EHR, essentially electronic versions of the charts traditionally found in hospitals or doctor's offices, are subject to the HIPAA Privacy Rule. EHR data can include information on patients like their immunization status, any medication they take, radiology images, or their weight or age.

Like all guidance issued by the FDA, this document, “Use of Electronic Health Record Data in Clinical Investigations” (.PDF) is a recommendation and isn't considered binding. It does represent the federal agency's stance on the topic however.

Tags:  Industry Insights Healthcare

Recommended Resources

The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention

All the essential information you need about DLP in one eBook.

6 Cybersecurity Thought Leaders on Data Protection
6 Cybersecurity Thought Leaders on Data Protection

Expert views on the challenges of today & tomorrow.

Digital Guardian Technical Overview
Digital Guardian Technical Overview

The details on our platform architecture, how it works, and your deployment options.