Clinical trials pose unique privacy challenges where scientific integrity, ethics, and compliance intersect. In this episode, Jim Schneider of Immunome shares practical insights from over 15 years of biopharma privacy leadership. From untangling the complexities of GDPR and HIPAA to tackling cross-border data transfers and handling future use of trial data, Jim explains how privacy professionals embed privacy into clinical research without slowing down innovation. This episode offers foundational insights for privacy professionals and business leaders seeking to understand the basics of compliance in clinical trials and how it can drive business growth while navigating legal hurdles.

What You'll Learn:

Jim Schneider is the Senior Director, Counsel of Compliance and Data Privacy at Immunome, a clinical-stage oncology company. With deep experience across biopharma, including previous roles at Seattle Genetics and Boston Scientific, Jim specializes in translating regulatory mandates into operational reality, particularly in complex, data-heavy environments like clinical trials.

If you enjoyed this episode, make sure to subscribe, rate, and review it.

[00:04:30] Balancing Ethics and Privacy Laws in Clinical Trial Consent
In clinical trials, obtaining informed consent is not just a regulatory checkbox—it's about ensuring participants fully understand what they are signing up for. Jim explains the delicate balance privacy professionals must strike when navigating both GCP (Good Clinical Practices) and GDPR requirements. GCP sets out comprehensive standards for clinical trial conduct, with a strong emphasis on ethical considerations and ensuring participants are well-informed, while GDPR emphasizes data privacy and requires explicit consent for data processing. Privacy professionals must integrate both frameworks without compromising the integrity of the trial. Jim shares how clear, simple language in consent forms and transparency about how data will be used can help maintain trust while meeting legal obligations. Key Takeaway: Consent forms should not only meet regulatory standards but also empower participants to make informed decisions about their involvement in a trial.

[00:10:20] Pseudonymization: Protecting Identity, Ensuring Science
Pseudonymization is a vital tool in maintaining participant privacy while upholding the scientific integrity of clinical trials. By replacing identifiable information with unique codes, clinical trial sponsors can safeguard participant identities while continuing to use the data for research. Jim discusses how pseudonymization works in practice, ensuring compliance with regulations like GDPR without obstructing the analysis required for clinical trials. The challenge, however, lies in ensuring that pseudonymized data remains useful while preventing unauthorized access. Privacy professionals must establish robust data security practices to protect this data, ensuring it is only accessible to authorized personnel. Bottom Line: Regularly audit the effectiveness of pseudonymization techniques and ensure that data encryption methods are up to date to mitigate the risk of a data breach.

[00:16:00] Managing Data Deletion Requests in Trials
Under GDPR, participants have the right to request the deletion of their personal data, but this can be complicated in the context of clinical trials. Deleting data can compromise the integrity of a trial, as every data point is crucial for the validity of the research. Jim explains how privacy professionals must handle data deletion requests delicately. While participants can withdraw from the trial, their data may need to remain in the dataset for scientific and regulatory reasons. This requires transparent communication, where privacy professionals must clearly explain the implications of data removal to participants, including why their data might remain in the system. Actionable Insight: Always include clear data retention policies in your consent forms, and ensure that participants understand the limits of their right to deletion in a research context.

[00:27:00] Understanding HIPAA in Clinical Trials
HIPAA’s role in clinical trials can be confusing, particularly when it comes to the data responsibilities of sponsors versus clinical sites. While clinical sites must comply with HIPAA to protect patient health information, clinical trial sponsors are typically not covered by HIPAA. Jim demystifies this distinction, explaining that HIPAA governs health data at the site level but does not directly apply to the sponsor's handling of data. Instead, sponsors are guided by other privacy laws like GDPR, which provides a framework for managing personal data in a clinical research context. Privacy professionals must navigate these differing regulations, ensuring that the clinical sites comply with HIPAA while the sponsor follows the applicable data privacy laws. Key Insight: HIPAA primarily applies to clinical sites and other covered entities. As a sponsor or CRO, you may not be directly subject to HIPAA, but you should be prepared to respect HIPAA-compliant data handling practices while fulfilling your obligations under other applicable privacy laws, such as the GDPR.

[00:29:45] Managing Consent for Biobanking and Future Use of Data
As clinical trials generate vast amounts of valuable data, biobanking and future use of data become essential considerations for privacy professionals. Jim explains that obtaining consent for future use of data is complex and varies depending on the jurisdiction. Some regions require that this consent be obtained separately from the initial trial consent. Privacy professionals must be diligent in communicating to participants that their data may be used in future research, emphasizing transparency and clarity in consent forms. The future use of data can significantly enhance scientific discovery, but it must be handled carefully to ensure ongoing compliance with data protection laws. Bottom Line: Stay up-to-date on the evolving regulations around future data use and ensure that separate consents are obtained where required, allowing participants to make informed decisions about their data’s future use.

Connect with us at [email protected]
This podcast is brought to you by VeraSafe.