Laws and regulations
When a clinical study is conducted, a number of legal requirements must be complied with in order for the research to be legal. The legislation aims primarily to protect the persons participating in a clinical study, and to quality assure the clinical study. Ethical aspects are also topical, among them the requirement for ethical vetting.
Ethical principles and regulations
The ethical rules that apply to research are based on international conventions, which lay down the principles for research ethics. These conventions have formed the basis for the legislation that has been worked out, both internationally and nationally. Swedish research is covered both by international conventions and by international and national legislation. The rules are there to ensure individuals are not harmed or subjected to unnecessary risk when persons or personal data are used in research.
The Declaration of Helsinki is a central guideline for research ethics adopted by the World Medical Association (WMA) in 1964. The Declaration contains ethical principles for doctors and other participants in medical research. The Declaration of Helsinki is not legally binding, but has had major impact on national legislation.
Research on living or deceased persons, on biological material from humans, or research that involves handling sensitive personal data or data on breaches of the law must be reviewed and approved by Ethical Review Authority. Ethical review is regulated in the Act (2003:460) concerning the Ethical Review of Research Involving Humans and is concerned primarily with striking a balance between societal benefit and the study participants’ health, safety and right to personal integrity. The requirement for an ethical review applies even if the study participant has given express consent to the use and handling of the data.
Personal data handling
The General Data Protection Regulation regulates if and how researchers may handle personal data in their research. An important part of integrity protection in conjunction with research is that the persons on whom the research is carried out are entitled to get information that and how their personal is used, for example who is responsible for the handling of personal data, for what purpose the data is handled, and for how long the data will be saved.
In the General Data Protection Regulation (GDPR), there are additional provisions for specific categories of personal data (in national legislation still called sensitive data). Specific categories of personal data are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or membership of the trade union, processing of genetic data, biometric data to uniquely identify a natural person, health data or data on a sexually active person or sexual orientation.
The main rule is that processing of sensitive personal data is prohibited. However, there are provisions on exceptions to the prohibition, including for the treatment of sensitive personal data in research. A condition for research containing sensitive personal data is a valid approval from a regional ethics committee. The same applies to the processing of personal data about criminal offenses.
Public access to information and secrecy
Transparency in public administration is maintained through the principle of public access to information. This means that everybody has the right to partake of data from public agencies and other public actors (“public documents”). Public access to information is the main rule, and if data used in the activities of a public agency need to be protected, this must be regulated in law, which is done in the form of specific secrecy provisions in the Public Access to Information and Secrecy Act (SFS 2009:400).
Within health and medical care, the main rule is that secrecy applies to data about a person’s state of health and other personal circumstances, unless it is clear that the data may be disclosed without harm to the individual or anyone related to the individual. It is thus the provisions of the Public Access to Information and Secrecy Act that determine whether patient data may be disclosed by a public care provider. Each care provider must decide independently whether data requested may be disclosed.
The professional duty of confidentiality of employees of private care providers is regulated in the Patient Safety Act (SFS 2010:659). The regulation of the professional duty of confidentiality means that employees of a private care provider may not disclose without authorisation what he or she have learnt in a professional capacity about a person’s state of health or any other personal circumstances. The duty to report that follows from a law or ordinance is not regarded as unauthorised disclosure. There are also exceptions that make it possible to disclose certain information to the police or public prosecutor, for example.
However, the main rule is that a patient will dispose himself or herself over his or her own data. When a patient wishes to take part in a clinical study, he or she may waive the confidentiality that covers the patient records with a care provider. Such a waiver makes it possible for the care provider to issue data to the person conducting a clinical study. A waiver of confidentiality is usually given in conjunction with the patient consenting to take part in a study.
Research projects in which study participants are irradiated
Activities within the radiation protection area are covered by special rules. These apply to clinical studies where the participants are irradiated The Swedish regulations are based on EU legislation, implemented in Swedish law via statutes such as the Radiation Protection Act (SFS 1988:220) and the Radiation Protection Ordinance (SFS 1988:293).
The Swedish Radiation Safety Authority has also issued directions on subjects such as general obligations for medical and dental activities using ionising radiation (SSMFS 2008:35).
The directions state that anyone who carries out a medical, dental or biomedical research project in which study participants are irradiated must ensure the project is approved by both a radiation protection committee and the Ethical Review Authority. They also state that the clinical investigator in a research project must ensure that all persons participating must do so voluntarily. If children are being irradiated, approval must be obtained from their guardians.
It also follows from the directions that the clinical investigator must make sure all study participators have received information on the risks that the irradiation may entail, and that dose restrictions have been drawn up and are complied with for persons who are not gaining any direct medical benefit from the irradiation. For irradiation for research purposes of clients who may be expected to gain some medical benefit of the irradiation, the same principles shall apply for optimisation as for medical therapy or investigation.
Specific rules for clinical trials using medicines or medical devices
A clinical medicine trial must be approved by the Medical Products Agency, and a trial using medical devices must be registered with the Medical Products Agency. Information about application and registration is available on the Medical Products Agency’s website.
There are special regulations that govern how these types of studies shall be conducted. The Medical Products Agency has made a summary of the regulations that apply for clinical medicine trials and the legislation and guidance documents that apply for trials using medical devices.