Basel, November 1, 2016 – A third party expert has provided an independent assessment which confirms the complete compliance of Clinerion’s Patient Recruitment System (PRS) to regulations that oversee the reuse of personal information, in particular, the Health Insurance Portability and Accountability Act (HIPAA) and the EU Data Protection Directive (95/46/EC).
Clinerion’s Patient Recruitment System (PRS) is a tool which allows sponsors and managers of clinical trials to determine the distribution of eligible patients in hospitals using Clinerion’s products, and allows engaged trial sites to identify candidate patients for possible enrollment in trials. PRS allows users to query electronic medical records housed in the electronic health record (EHR) systems of connected hospitals and determine the number of patients fitting complex combinations of criteria. Eligible candidate patients identified discovered at a specific site can be approached for enrollment in a clinical trial with the help of PRS.
Following the principle of “Privacy by Design,” PRS was built to be consistent with privacy directives and governmental regulations accepted as standard within the industry. Privacy methods invoked include that PRS only runs inside the secure IT infrastructure of a hospital and that no patient data leaves the respective hospital’s premises. Clinerion de-identifies all patient data to mitigate the risk of identity disclosure: a patient’s identifier is pseudonymized before access by Clinerion’s queries, with access to pseudonymization encryption keys under the control of the hospital and subsequent re-identification remaining with sanctioned personnel at the hospital. Clinerion’s queries only return aggregate counts of matching patients and never any identifiable individual patient data. These aggregate counts are hidden if they fall below certain threshold levels.
The independent expert is an individual with expert knowledge of, and long-standing experience with anonymization methodologies. For the assessment, the expert developed a framework model for determining if systems handling patient data meet the requirements associated with best practices for identifiability in the countries in which Clinerion intends to market their software products.
The expert reviewed relevant components of international data protection directives and compared them against the data handling features of the Patient Recruitment System software, running different statistical analysis models for the risks of re-identification to see how the protections for patient data instituted within PRS conform to regulatory requirements for de-identification.
The expert concluded that Clinerion’s procedures for de-identification and pseudonymization meet the anonymization requirements set forth in international privacy directives, such as the Health Insurance Portability and Accountability Act (HIPAA) and the EU Data Protection Directive (95/46/EC) and judged them consistent with best practices to ensure that the risk of re-identification was sufficiently small, statistically.
“Clinerion is committed to the trustworthy re-use of health data for research,” says Ulf Claesson, CEO of Clinerion. “The safeguarding of patient privacy is a fundamental touchstone for everything we do, and we are thrilled to have a further independent, 3rd party endorsement of our full compliance to privacy standards as evidence of that passionate commitment.”