How to Implement Virtual Data Rooms to Improve Clinical Research Trials
Date: 3 March 2020 Share on Twitter Share on Facebook
Clinical research organizations handle large quantities of data, much of which is subject to various privacy rules. While digital tools exist to help researchers handle data securely, concerns about security and privacy cause many clinical research organizations to balk at committing their data to the cloud.
Virtual data rooms are built specifically to protect the information they hold. Commonly used in sensitive business transactions, virtual data rooms are also becoming standard in fields like law, accounting and scientific research. A virtual data room can let clinical research organizations share information among teams while meeting security and privacy demands.
Privacy and Security Needs in Clinical Research
Clinical research trials can create a number of cybersecurity weak points due to the large number of people involved and the quantity of data being generated and stored. “The trial sponsor, the investigators, clinical research organizations (CROs) and even human subject participants are exposed to cyber security threats,” says Daniel S. Brettler, managing director of life science and technology co-practice leader at Conner Strong & Buckelew.
Digital innovations offer exciting new opportunities in clinical research, including the ability to gather data more efficiently and with less stress to participants through the use of remote tracking devices. Protecting the transmission and storage of this data, however, requires keen attention to security risks.
And the risks may be higher in healthcare than in other industries. An IBM report estimates that the average total cost of a data breach in healthcare is $6.45 million, nearly twice as high as the average total cost across all industries.
“As attackers discover new methods to make money, the healthcare industry is becoming a much riper target because of the ability to sell large batches of personal data for profit,” says Dave Kennedy, founder and CEO of information security consulting company TrustedSec.
Legislative attempts to protect privacy also affect clinical research. For instance, the European Union’s General Data Protection Regulation (GDPR) “contains a number of articles that present unique challenges to the pharmaceutical clinical trials industry,” writes Victoria Watts at Premier Research. It imposes data privacy and security requirements on both the parties that control data and the parties that analyze it. A clinical research organization may play either role at any given point in the research process. At other points, it may play both roles simultaneously. The organization’s GDPR obligations, then, can shift depending on its relationship to generated clinical trial data.
Data privacy and security are vital but often murky issues for clinical research. Applying specific digital tools to concrete privacy and security questions may help clarify matters and protect data.
Data Rooms and Digital Tools for Clinical Researchers
The answer: It depends on the tool. “When we originally started looking at the cloud, most regulators had the ‘cloud is bad’ mentality — you shouldn’t put medical data in the cloud, period. It’s not as binary as that,” says technology and compliance lawyer Jonathan Armstrong.
With so many privacy and security demands, many clinical research organizations question whether cloud-based storage and organization tools are safe.
Cloud-based virtual data rooms may be more secure in some ways, he notes. For example, clinical trial data that could be corrupted, lost or stolen on a single hard drive or laptop cannot be so compromised in the cloud.
Transparency is also a significant issue in clinical trial research. For instance, a 2019 study by Jennifer Miller, Ph.D. and fellow researchers found that only 25% of participating pharmaceutical companies fully met a pilot program’s measures of clinical trial data sharing policies. After seeing the results, however, several companies were able to alter their policies in order to improve their performance.
Data rooms can improve transparency in clinical trials in several ways. First, the ability to grant specific permissions in a data room can ensure that external investigators access data without exposing it to additional cybersecurity risks, such as accidentally being stored on an unsecured server or obtained through a vulnerable router.
Virtual data rooms also offer built-in transparency features such as login and access tracking. These tools allow administrators to see exactly who has logged in and the information that person viewed, uploaded or edited during their time in the VDR. Such transparency makes it easier to track not only unauthorized activity, but also edits and updates, including edits that introduce errors into the data or its analysis.
Finally, a VDR may facilitate standardization of clinical research data. A research team led by epidemiologist Mark D. Danese, president at Outcomes Insights, found that clinical research organizations and other healthcare organizations can find it difficult to parse or reproduce one another’s research, due to a lack of standardized data storage and modeling.
While the researchers focused on creating a standardized model, clinical research organizations can improve standardization within their own teams and make data easier for authorized external parties to access by storing it securely within a virtual data room. The VDR keeps teams on the same digital page when it comes to storing and evaluating clinical trial data.
Tips for Choosing a Virtual Data Room for Clinical Research
Generating data will remain an essential element of clinical research for the foreseeable future. “In healthcare and life sciences research, there’s a natural model toward progress and learning and education. But how do you get there? Through more and more data,” says Carlos Rodarte, founder and managing director of strategy and innovation consultancy Volar Health.
The question, then, isn’t whether to generate data but how to protect it.
First, consider which aspect of the data security and privacy problem demands the most attention within the context of your organization and its work. For instance, says Rodarte, “Is it about data ownership or consent? Is this a technology problem or is it a values one?”
When a clinical research organization is clear on its security strengths and weaknesses, it can better address key security concerns.
Next, think about data sharing demands, both within the organization’s own teams and with external parties. By determining which parties need access to which data and for what purposes, an organization can choose a VDR with access permissions that can be fine-tuned to their specific needs.
Efficient exchanges of clinical data and improved data collection standards are among the top concerns for pharmaceutical organizations. Ninety percent or more listed exchange and collection among their top concerns in a Clinical Data Interchange Standards Consortium study, writes Dan Stempel, president of clinical trial patient recruitment solutions provider PatientCentra.
While considering your team’s specific data-sharing needs, it can help to factor in the need to preserve or redact certain patient data. Such decisions often represent a balancing act between preserving the usefulness of a data set and protecting patient privacy, as Roche data privacy technical lead Katherine Tucker and fellow researchers noted in a 2016 study.
A virtual data room can help clinical research organizations embrace both sides of the balance. A VDR with redaction tools, for example, can shield patient-identifying information from parties who do not need access to it, while allowing parties that do need access to see that information and use it for research purposes.
The collection and exchange of clinical trial data are significant concerns in the clinical trial sphere. A virtual data room can help researchers improve in both areas, boosting the quality of research while also meeting digital security and privacy demands.