Published in EPM Magazine: https://www.epmmagazine.com/op...
The recent introduction of stringent data regulation, and the hardening of attitudes to data privacy globally could have a significant impact on the pharmaceutical sector. While new technologies are enabling the capture of purer patient data at an unprecedented volume and rate, which is being used to accelerate and enhance research and development, the onus is on pharma companies to recognise the paramount importance of data protection by implementing ‘best practice’ systems.
The McKinsey Global Institute estimates that applying big-data strategies to better inform decision making could generate up to $100 billion in value annually across the US healthcare sector. For the pharmaceutical industry, the big-data opportunity lies both in the variety of information sources including wearable devices, social media, internet searches and the results of clinical trials, as well as the volumes of potentially available data.
Big data in clinical trials
The effective use of big data can help to identify and expedite drug efficacy and development into approved, reimbursed medicines. Serious consideration must be given, however, to the associated ethical challenges concerning patient privacy and confidentiality, and whether the data collected is of sufficient quality to influence clinical decision making.
It is essential for pharma companies to ensure the privacy of the data they collect and store on patients who participate in their trials. The importance of protecting private data cannot be overstated. Successful trials which provide reliable data can only be run if participants have confidence in how their data is being managed. It is imperative that through the consent process, data is collected for ‘specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes’.
Rise of real world big data
With the increasing cost of research and development throughout the pharmaceutical industry there has been an emphasis on the collection and analysis of real-world data both pre and post clinical trials. Real world data, which is derived from a number of sources that are associated with outcomes in a patient population in real-world settings, is fundamental to capturing the benefit and risk after a product has received regulatory approval. This allows for inferences to be made on the product’s long-term safety and effectiveness, as well as its comparative effectiveness.
The phenomenal rise of wearable consumer health tech represents a huge opportunity for the collection for real world data, and therefore the pharma industry; but inevitably raises concerns about patient privacy and usage consent. While patients may have agreed for their data to be used by the tech provider, they may be more suspicious of its secondary use by pharma.
Data regulation and GDPR
The introduction of General Data Protection Regulation (GDPR) in 2018 is challenging some of the existing processes and in particular the secondary use of data. The uniform level of data protection requires explicit consent for a range of data sharing practices, with tough penalties for non-compliance. Organisations that fail to comply with GDPR, for example, can in the most serious cases be fined up to 4% of annual global revenue or €20 million ($23.9 million) — whichever is greater.
It is imperative that pharmaceutical companies have plans in place to meet GDPR, including the development of data protection impact assessments (DPIAs) that enable them to comply with their data protection obligations and meet individuals’ expectations of privacy. An effective DPIA will allow organisations to identify and fix problems at an early stage and avoid future penalties or reputational damage.
Preventing data breaches and implementing best practice
Big data collection inevitably leads to the risk of data breaches. One concern is the ever-growing sophistication and audacity of cyber-attacks, such as the Petya ransomware cyberattack on pharma company Merck in June 2017. It is imperative that pharma companies implement security measures which are robust enough to prevent such breaches.‘Best practice’ measures include hosting in GxP cloud infrastructure designed with stringent restrictions regarding data access, full record of data access logs, regular data backups, off-site back-up storage and full encryption of all data at rest or in transit. Security Information and Event Management (SIEM) solutions should be implemented to enable organisations to monitor and respond to threats in real time.
Big data represents a huge potential opportunity for the pharma industry. In particular, the rise of real-world data amongst patients who represent a wider sample of society than the comparatively narrow selection enrolled into traditional clinical trials, will become increasingly valuable as medicine becomes more personalised. By implementing best practice data protection measures, pharmaceutical companies can ensure that they identify and mitigate risks associated with the collection and processing of personal data, whilst leveraging the information it provides to expedite drug development into approved, commercially viable, effective medicines.