The secondary use of health data initially collected for purposes of patient care or clinical research can be extremely valuable to a wide variety of entities, including the following:
- Artificial intelligence developers that wish to harness such data to train algorithms and develop new products.
- Pharmaceutical and medical device companies gathering real word evidence regarding their products.
- Academic researchers looking for new insights through use of existing data sets.
- Vendors to the clinical research enterprise seeking to refine further their service offerings, including through aiding with clinical trial recruitment and development of synthetic clinical trial controls.
These uses of health data raise several questions under data privacy laws, particularly because many such laws have to date not addressed in a coherent manner these types of use cases. During this session, the speakers will provide an overview of the legal and regulatory landscape for secondary uses of health data under HIPAA, the Confidentiality of Substance Use Disorder Patient Records regulations (42 CFR Part 2), state health privacy laws, the Common Rule, and GDPR. Following this overview, the speakers will analyze some common scenarios for secondary use under each of these regulatory regimes.
David Peloquin, Associate, Ropes & Gray