By Dana Everett Edwards
Clinical trial data sharing, or the lack of it, is one area where the pharmaceutical industry faces big challenges. But the reasons for withholding data are more complex than critics may be willing to acknowledge. By government decree and a gradual acceptance by individual companies that clinical trial and other health data sharing are in everyone’s interest, the issue now is not that there isn’t enough data sharing but that soon there will be so much data sharing that it will be difficult to make maximum use of it.
For the most part this is a good problem to have, as there is now general agreement within the industry, in pharmaceutical companies of all sizes, that sharing data is a core business value. They believe that sharing is good, that it’s important for more patients to participate in clinical trials, and that we need to accelerate bringing cures to patients.
Data overload leads to a potential shortage of experts who can tease out the next super drug. But there is a growing embrace of the principle that the benefits of putting it all out there far outweigh potential costs. For example, transparency proponents point out that increased sharing will decrease the likelihood that teams of researchers from different companies will be working separately on developing the same therapy—an expensive, inefficient effort.
Challenges and Dilemmas
Despite the altruistic enthusiasm and legal requirement for sharing, collectors and analysts of data from clinical trials face the legal requirement of protecting the privacy of trial participants. This concern predates compulsory sharing, and its complexity, associated legal liability, and reputational damage if patients’ identities are revealed are reasons why sharing wasn’t more widespread in the past.
Big and small pharmaceutical companies face the same challenge of finding the right balance between sharing and protecting privacy. Companies, regardless of size, face an additional concern when working with small numbers of patients in a clinical study, which typically involves finding treatments for rare diseases. The smaller the population, the harder it is to anonymize information.
Fortunately for people who suffer from rare diseases, scientific interest isn’t rare. An estimated 30 million people in the United States—about 10% of the population—have one of the nearly 7,000 rare diseases that have been identified, according to “His Doctors Were Stumped. Then He Took Over,” a February 5, 2017 article in The New York Times. Consequently, there have been breakthroughs in several diseases, including cystic fibrosis and spinal muscular atrophy. More research is being done and more drugs are in the pipeline, representing more clinical trials and more patient data.
A second dilemma for dealing with the risk of exposing personal identities is the tendency for companies to respond to the pressures and impulses for sharing data by using the most extreme methods available for deidentifying datasets and documents. What is referred to as anonymization can, depending on the technique used, render the data largely useless for secondary purposes. Even use of extreme methods in other than expert hands can result in missed indicators, raising the risk of reidentification. This is why a risk-based approach to deidentification is the most reliable method for preserving the quality of the data while providing a high level of privacy.
A third dilemma is the practice of using different deidentification methods on different data sets. This can be costly and confusing, while increasing the risk that key identifiers may slip through cracks in the processes. As more and more health data are being linked from various sources, the odds increase that a patient may be reidentified.
New Solutions — And New Dilemmas
Despite the numerous challenges, these are exciting times for the industry because better methods and technologies exist to reliably deidentify clinical trial and other data containing patient information. Solutions utilizing the Expert Determination Method and techniques that precisely measure the level of risk in specific datasets are commercially available. The solutions are particularly valuable to small pharmaceutical companies that typically lack in-house expertise. Some big companies also use these solutions and outsource work to assess and quantify the level of risk in data sets that have been anonymized in house.
Also exciting is that “me too” drugs are being replaced on the market by cutting-edge therapies that represent potential medical breakthroughs. It’s all the more reason to aggressively address the obligation to protect privacy and control risk while preparing to share more data. The good news is that risks can be addressed and reduced to levels where everyone can be more comfortable with this new culture of sharing.
Is that the end of the matter? All the personal health data accumulating in databases from smartphones, wearables, and other devices are being linked. This is why data privacy must be managed more robustly, and risk-based deidentification is the key to ensuring that it will be.
It’s highly likely that whatever challenges wait around the corner, we’ll be able to keep one or more steps ahead with risk-based deidentification leading the way.
Exciting times, indeed.
— Dana Everett Edwards, Privacy Analytics