In Clinical database management system, researchers can handle enormous patient records. Those records may consist of sensitive information. How to preserve the individual privacy of patients in clinical data management and biobank?
Your question makes an assumption that individual privacy can be protected. I would like to believe that it could but doubt that it is achievable.
Privacy is a contextual concept. So I do not mind that a researcher who does not know me and who I will never meet has personal information about me. Indeed I am happy for my doctor to have this information, as although I will meet her she is providing me with a service that I need and which for which data needs to be provided. However, if my colleague was using the data for research purposes and could identify me, and so obtain deeply personal data, I would be unhappy.
Data could be anonymised but as O'Hara and others have argued true anonymity is not possible to achieve..
The best we can do is minimise the risks of privacy invasion. As the more people who have access to data the greater the chance of a privacy breach data access should be minimised - note that this is an argument against some of the Big Data initiatives. Secondly, whilst anonymity is not full achievable maximum steps should be taken to anonymise data.
Two other steps may also help. Data subjects should have to give consent and the organisation needs to be transparent in the way to data is used, any changes in use requiring further consent. Secondly organisations should be required to publicise data breaches and also to contact the individuals affected. Both these measures will help to improve corporate governance over individuals data.
This topic is of high-interest at OHRP right now and at every conference I've been to where a representative from OHRP is present, this issue is addressed by referring back to http://www.hhs.gov/ohrp/policy/reposit.html and specifically the guidance at http://www.hhs.gov/ohrp/policy/cdebiol.html. OHRP views personally identifiable private information stored as data synonymous with tissue samples, even if it's coded but could possibly be linked to specific individuals by the investigator(s) either directly or indirectly through a key (available to the investigator). There are exceptions spelled out in the guidance so take a close look to see if your project meets one of the exclusions.