In January 2018, the Food and Drug Administration launched a clinical data transparency pilot program aimed at making Clinical Study Reports (CSR) public upon approval. The pilot program begins with the recent approval of nine new drugs.
The FDA is following in the European Medicines Agency (EMA) in trying to make clinical data publicly available, and therefore enhancing research and making trials safer for patients. Articles 80 and 81 of the Clinical Trial Regulation 536/2014 from the European Commission, taking full effect in 2019, require a portal for the publication of clinical trial data within 60 days of a marketing authorization decision.
While both the FDA and EMA are taking a step towards greater transparency, data privacy laws are not quite the same. While both entities look to protect sensitive patient information, the European Union has set out guidelines on data de-identification and anonymization to remove all levels of patient information including biometric data, indirect identifiers (such as birthdays) and any risk of data linking by connecting multiple data points.
The European Union is also set to apply the General Data Protection Regulation (GDPR) in May 2018 which protects EU citizen data in general. The GDPR applies to any company or organization collecting and managing data within the EU. Sponsors in the U.S. conducting trials in Europe need to be aware of this regulation and how to apply data anonymization processes. According to recent surveys, only 6% of pharmaceutical companies are prepared for GDPR.
How can Sponsors properly prepare?
Here is a checklist to discuss with your vendor:
- Does my vendor have a workflow and quality control process in place for data de-identification and anonymization?
- Does my vendor have a data anonymization tool in-house?
- Are my datasets CDISC compliant?
- Can my vendor provide regulatory support for both EMA and FDA requirements?
- Can my vendor provide data anonymization support for all 3 levels of patient identifiers?
- Does my vendor have an expert biometrics team of programmers and statisticians as well as medical writers that can support in preparing datasets and CSRs for publication?
- Does my vendor have data security and disaster recovery measures in place?
- Can my vendor support my needs as an SME (Small Medium Enterprise)?