Healthcare Information Security

Cybersecurity News

National Clinical Research Network: Privacy considerations

By Patrick Ouellette

- Though researchers are closing in on developing a National Patient-Centered Clinical Research Network, patient privacy standards remain a potential sticking point.

The Washington Post recently reported on the work being done toward a nation-wide health information exchange (HIE) that would connect 26 million to 30 million patients’ records across 11 sub-networks by 2015. In addition to other federal entities contributing to the effort, the Patient-Centered Outcomes Research Institute (PCORI) invested $68 million last year in initial funding to develop a National Patient-Centered Clinical Research Network. Some of the main barriers for PCORI developing this major network were data standards and systems inter-operability and developing the capacity to conduct randomized studies in typical clinical care settings. But patient data privacy and security remains a significant concern, at least from a perception standpoint in light of the recent Healthcare.Gov security complaints.

The PCORI network will cost nearly $100 million and each participating organization can opt in or opt out from research projects. “The raw data is not what is being shared. That remains with the institution that the patient trusts,” said Devon McGraw, director of the health privacy project for the Center for Democracy and Technology and head of the data privacy task force for PCORI, to the Post.

Most stakeholders agree that the development of this type of network is exciting and extremely valuable in the long run, but patient data protection and control on a nation-wide network is complicated when state privacy regulations can vary greatly. Though the plan is to be transparent with patients and keep them as involved with the process as much as possible with patient panels, the Post raised the question of how to approach projects that require detailed patient historical data. As the data needs get more granular, how individual organizations obtain patient consent (or non-consent) will be interesting.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks