Privacy is protected in biobank-based research in the US primarily by the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and the Federal Policy for Protection of Human Subjects (Common Rule). Neither rule, however, was created to function in the unique context of biobank research, and therefore neither applies to all biobank-based research. Not only is it challenging to determine when the HIPAA Privacy Rule or the Common Rule apply, but these laws apply different standards to protect privacy. In addition, many other federal and state laws may be applicable to a particular biobank, researcher, or project. US law also does not directly address international sharing of data or specimens outside of the EU-US Safe Harbor Agreement, which only applies to receipt of data by certain US entities from EU countries, and is in the process of revision. Although new rules would help clarify privacy protections in biobanking, any implemented changes should be studied to determine the sufficiency of the protections as well as its ability to facilitate or hinder international collaborations.
© 2016 American Society of Law, Medicine & Ethics.