Patients Key Topic 2: Data Privacy
With all patient support projects it is important to consider arrangements for data privacy. In addition to the need to comply with basic provisions of the relevant data privacy regulations, there is also the fact that the data is particularly sensitive because you also know aspects of the patient’s medical condition (for example you might know they have diabetes simply because they are registered on a diabetes product’s patient support programme).
There should be appropriate safeguards on the way the data is stored and accessed so that only essential people can access the patient’s personal details. When planning any form of data collection it is always appropriate to discuss the plans with the relevant data privacy officer within AstraZeneca.
Personal data about patients must not be used for any purpose that they have not consented to.
Consider this example
In the UK a member of the public complained about an email from a market research agency, inviting her to take part in on online survey for Merck Serono about a new walking aid for patients with multiple sclerosis (MS). The complainant stated that the market research agency obtained her details from confidential information that she had given to Merck Serono two years previously when she had joined a patient support website for patients prescribed Merck Serono’s MS medicine Rebif (interferon beta-1a).
Which of the following do you agree with?
- The acceptability of this depends on what consent was given to use the patient’s personal data
- This is unacceptable – Merck Serono should not have shared the patients contact details with anyone else
- This is not an acceptable way for market research companies to obtain contact details
Ruling
When considering the case the Panel noted that the Panel noted that the survey was sent to patients who had registered on a patient support website for Merck Serono’s prescription medicine, Rebif. In order to register on the website, the complainant had had to submit her email address and tick a box to declare that she had read and understood the privacy policy and website terms of use and give consent for her personal data to be processed in accordance with the privacy policy.
Point 1 of the privacy policy informed readers that Merck Serono might collect and process their personal data and might also ask the reader to complete surveys that Merck Serono used for research purposes although the reader did not have to respond to them.
Therefore the privacy policy applicable at the time made the position sufficiently clear and the Panel ruled that the company had not breached UK regulations.
