Clinical trials rely heavily on volunteers. These volunteers trust the medical professionals they are working with, putting their health—and their personal health records—in researchers’ hands. These trials are a necessary part of the process to uncover better ways to treat, prevent, and diagnose human disease.
As more research facilities move toward digital file storage or turn to Virtual R&D as an option, sensitive patient data may become compromised.
In order to maintain the trust of both volunteers and the public, secure file sharing is essential.
Is Sensitive Patient Data At Risk?
A recent study in Canada found that the security practices used to transfer and share sensitive files related to clinical trials are often inadequate. The two-part study, entitled "How Strong Are Passwords Used to Protect Personal Health Information in Clinical Trials?" was published February 16 in the Journal of Medical Internet Research.
During the course of the study 14 out of 15 sensitive files transmitted by email were successfully decoded using two off-the-shelf password recovery tools. Of the 14 breached documents, 13 contained sensitive health information and potentially identifying factors.
Twenty clinical study coordinators were also interviewed about their file sharing practices and security precautions. These interviews revealed major vulnerabilities, including researchers who sent sensitive information in unencrypted emails.
Many research facilities also kept records on shared drives with common passwords, which allowed access to all stakeholders, regardless of whether they needed access to all the documents. No audit trails were kept to ensure privacy was maintained.
Secure File Sharing Best Practices
With a few secure file sharing best practices in place, the vulnerabilities in the study above would become nonexistent, ensuring that patient privacy is protected and trust is maintained.
A Virtual Data Room
One of the best options for ensuring patient privacy is to use a virtual data room (VDR), which makes it easy to access data from any location via a web browser and eliminates the need to share files via email (email is a major security risk).
Most VDRs will also require multi-factor verification for login and use a high level of encryption to ensure that files remain protected.
Permission-based user roles mean access to files can be given only to those who need it, instead of simply allowing all users to access all files; this feature also allows an administrator to control what users can do with the data they access.
And audit logs keep track of who actually accesses individual files and what they do with those files.
Secure Password Education
Any staff member who is given access to any password-protected data should be educated on the importance of having a secure password and should be taught how to create a strong password. The best passwords are more than 8 characters, use numbers and/or symbols and are NEVER reused.
Limit Access to Sensitive Data
In the USA, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires health care providers to implement procedures that limit the use and disclosure of protected health information to as few personnel as possible. Such procedures help protect data and ensure privacy is maintained.
With the proper procedures and protocols, sensitive patient data need never be placed in a high-risk situation.
What procedures do you have in place to protect patient health information? Share your best practices in the comments.