GDPR: Protecting Patient Privacy in Europe

by Jessica Santos | Aug 22, 2018

Healthcare market researchers on both the pharmaceutical manufacturer and research agency sides of the equation face many challenges today in protecting patient privacy. These challenges revolve around the copious amounts of data being collected; difficulty in keeping patient data absolutely anonymous at all times; the possibility of discovering patient information of which patients themselves are unaware, such as from genomic sequencing; and the industry as a whole working on innovations that will change diagnosis, treatment and monitoring of patients’ conditions. All of these factors create a potential minefield for adherence to patient privacy regulations.

New Obligations

The healthcare industry has numerous rules and regulations in place to protect patient privacy and healthcare information. For example, in Europe, this information is governed by GDPR. Having taken effect in May 2018, the GDPR imposes new obligations on organizations that process the personal data of EU residents, including research agencies, pharmaceutical manufacturers and data analytic companies.

While research in general enjoys the wider acceptance of GDPR, research involving healthcare data still needs explicit consent. Healthcare data is in the “special categories of personal data”, which reveal “racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.” (Article 9)

Healthcare research, such as interventional clinical trials or Non-Interventional Study (NIS), Health Economics and Outcomes Research (HEOR) and Real World Research (RWR), which has European Commission (EC) approval before execution and publication can be classified as scientific research. However, the informed consent process is already well-established and treated as an essential step within, so they are unlikely to remove the consent process or relax its strict guideline, GCP. Most research sponsored or conducted by a public health authority, such as National Health Services (NHS), can be categorized as public health research.

Questions remain for healthcare market research, business insight research or research sponsored by corporate businesses, such as pharmaceutical companies, whose objectives can be brand measurement, examination of unmet needs, patient preference, product improvements, general satisfaction, marketing optimization, and support business decision making. These are opposed to advancement, discovery or development of knowledge in the medical field, which is mostly conducted by academic institutions. Industry associations, such as EphMRA and BHBIA, are publishing guidelines on the position of such research in relation to GDPR. In general, most research will eventually aid better healthcare provision to the general population, and it’s recommended to gain and affirm consent and respond to data subjects’ rights.

A Holistic View of Patients

Kantar Health's HERO FrameworkTM, short for Healthcare Ecosystem and Real-world Outcomes, provides the most holistic view of patients and their behaviors and motivations. The HERO FrameworkTM combines tour ability to listen to the healthcare consumer, apply our unmatched healthcare consumer-based evidence, and leverage our vast heritage and expertise to create an action-ready blueprint for achieving commercial success.

Please take some time to review our latest white paper: Navigating the Regulatory and Compliance Landscape of Patient Centric Research. Or, feel free to reach out to me directly at Jessica.Santos@kantarhealth.com to discuss how Kantar Health can help you with your next patient study.


Leave a comment

More than one Google Analytics scripts are registered. Please verify your pages and templates.