Published on February 15, 2018

Since the beginning of our journey, we have made it our mission to accelerate medical research by unlocking the potential of every byte of research data. We want to empower researchers to to do as much as possible in the most efficient way, which is why we are happy to announce that we are the world’s first EDC system to become both HIPAA and GDPR compliant!

You may be wondering how this impacts you as an organization conducting global trials. Having Castor comply with both regulations means that you will be able to house data from participants in the United States and Europe with Castor EDC. For example, even if your study is outside of Europe, but you have European participants, you would still need to comply with GDPR. Inversely, if your study is in Europe, but you are storing data from participants in the United States, you would need to comply with HIPAA. This is especially useful for researchers who work in pharmaceutical companies, medical devices, CROs… where collaboration and data capture in multiple locations is required.

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information.

At Castor, we recognize that we live in a digital era where data crosses borders and therefore many laws. That is why we are proud to lead the industry in multinational data compliance. We also host ISO-compliant servers in the United States, as well as the United Kingdom and the Netherlands, in order to better serve you, our customers!

For an in-depth look, check out our security statement, it covers how we prioritize security for our users.

Thanks to this compliance, we see a world of opportunities opening for our fellow researchers working in multinational organizations. Starting now, you’ll be able to have the data of participants from both the US and Europe under the same roof.

Would you like to know more? Contact us!