Trust, security and privacy  is a cornerstone  in clinical trials

pri·va·cy/ˈprīvəsē/

When it comes to clinical data there have always been two circles of trust — the trust relationship with the PI and the trust that patients place in clinical research site and sponsor.

With social networks like Facebook, a third circle of trust has been created: the circle of trust between you and your friends in the social network.

Patient-PI privacy in decentralized trials

When we share our medical situation with our PI and site coordinator, we assume we can trust her to keep it private in order to help us get well. Otherwise — we might never share information regarding those pains in in the right side over our abdomen, and discover after an ultrasound has been done, that our fatty liver is closely related to imbibing too many pints of beer and vodka chasers with the mates after work — when you have been telling the missus that you are working late at the office.

Research site — patient privacy

When we share medical information with the research site, we trust their information security as being strong enough to protect our medical information from a data breach. Certainly — as participants in clinical trials, it’s impossible for patients to audit the effectiveness of their security portfolio.

With our research site; revealing personal information depends on how we trust them and that trust depends on how good a job they do on information security, and how effectively they implemented the right management, technical and physical safeguards. 

If you’re not sure about the privacy, trust and security triangle, just consider Swiss banks.

Millions of people have online healthcare interactions — asking doctors questions online, sharing experiences in forums, interacting with doctors using social media tools like blogs and groups and of course — asking Dr. Google.

Privacy among friends

When we share medical information with our friends on Facebook/Google+ or Twitter we trust them to keep it private within our own personal parameters of vulnerability analysis.

Note that there is feeling secure (but not being secure — chatting about your career in crime on Facebook) and being secure while not feeling secure (not wanting to use your credit card online — face it, with over 300 million credit cards breached in the past 5 years, chances are, your credit card is out there and it doesn’t seem to make a difference now, does it?).

Trust between 2 people interacting (whether its face-to-face or on Facebook) is key to sharing sensitive information, since it mitigates or eliminates the damage of unexpected disclosure.

Let’s illustrate the notion of personal trust as a security countermeasure for unexpected disclosure with a story

Larry interacts with his lawyer Sarah regularly, once a week or more. It’s a professional relationship, and over time, Larry and Sarah gain each others trust, and in addition to contracts and commercial terms and conditions, the conversations encompass children, career and life. Larry knows Sarah is divorced and is empathetic to the challenges of being a full-time mother and corporate lawyer. Come end of year, Larry sends Sarah a box of chocolate wishing her a successful and prosperous New Year. Sarah’s 14 year old daughter, who is pushing her to start dating again, sees the gift package and draws conclusions that Mom has a new beau. Sarah now has to go into damage control mode with a teenage daughter. It may take Larry months (if ever…) to regain the trust of his colleague. This is literally the damage of unexpected disclosure of private information.

Unlike a hospital, on Facebook we only interact with our friends.

We have digital interactions with site coordinators at the research site in decentralized clinical trials, accessing a Web portal for medical history, scheduling visits and lab tests online etc. These are interactions unrelated to the personal relationship with our personal physician. The data in these interactions is regulated by governments and secured by site information security organization.

The research site’s business model requires them to protect your health information from disclosure.

In our digital interactions on Facebook or Twitter, there is no organizational element to the security, trust and privacy equation only the personal element. This is because your Gmail, tweets and Facebook conversations are the content that drives Google, Twitter and Facebook advertising revenues.

Social media business models require them to distribute as much of your content as possible.

So, is there a reasonable solution to ensure privacy of clinical trial interactions on social networks?

The answer, I believe, lies in getting back to the dictionary definition of privacy, and creating a private social network for healthcare that enables you, your doctor and family to “be free from being observed or disturbed by other people”.

Originally published on Medium