3 Ways to Mitigate Data Manipulation Risk in Drug Development

Developing new drugs is an expensive, time-consuming endeavor.  A critical output of the drug development process, besides the compound itself, is data.  As you may have read recently, Zolgensma™ re-surfaced in the press because of supposed data manipulation in a specific animal testing procedure.

Needless to say, this is a big deal.

As anyone in the life sciences industry knows, scientists rigorously test and retest drugs to earn the right to bring their products to market.  The data produced is the focal point of any regulatory package. In this case, the prominence of this circumstance is substantial in three ways:  

1. Zolgensma treats Spinal Muscular Atrophy (SMA), a rare disease with few alternatives.  
2. Novartis acquired this asset by purchasing AveXis for $8.7B, and
3. Zolgensma is among the first gene therapies approved by regulators and at $2M+ per patient, the worlds’ most expensive drug.

Novartis stands by the clinical impact of this therapy, but this event raises the spectre of an unspoken thought circulating through boards and executive leadership at other companies:

‍Could this happen to us?

‍We understand your anxiety. Egnyte has helped 16,000+ customers across numerous industries to unify and secure their data, including the life sciences industry. Given the growth in the domain, concerns over data integrity will only amplify.

Why? Because science has changed.

Twenty or thirty years ago, vertically-integrated pharmaceutical industries handled everything from chemical synthesis through clinical recruitment.  However, today, drug development has become highly distributed, highly dynamic, and highly diverse. Contract research organizations, contract manufacturing organizations, clinical research organizations, academics, and emerging biotechs, among others, participate in advancing new therapies from research to commercial.

Below, we highlight specific actions to mitigate your organization’s risk of data manipulation.  From our perspective, there are three key steps in tackling this problem:

1. Unifying data across regulated & unregulated repositories,
2. Implementing data governance policies, and  
3. Integrating your enterprise applications.

1. Unifying data

The drug development process generates large quantities of diverse data from numerous sources.  One of the biggest challenges is tracking this data and illuminating ‘dark data’ - data sets that go unused or lost over time.  Filings, analyses, and collaboration are all impeded by the search for (and preparation of) these important data sets. Organizations, including executive, quality, and regulatory teams, need to have full requisite access to each piece of data.  This complete data visibility also enables biopharmaceutical organizations to increase the velocity of drug development. Further, by bringing data together into a single, auditable repository, you’re better able to eliminate any confusion over how data is being handled. In turn, you’re more likely to be able to detect and mitigate data manipulation. Unifying data is the first step. The solution is a single source of truth content platform with full auditing and reporting capability that houses regulated and unregulated data.

2. Data governance, security

Once you centralize data across both unregulated and regulated repositories, the second step is to implement data governance and data security policies.  Data governance, for instance, is a broad concept related to how available and usable data is - and likely a foreign one to most drug developers. However, the challenges at AveXis, and elsewhere, have elevated data governance and data security as a scientific/business problem.

In the context of data manipulation, we advocate for enabling data governance and data security through automation, e.g. machine learning, to classify data across different policies like HIPAA, geographic boundaries, sensitivity, etc.  This leads to more visibility and awareness of unauthorized access, duplication, movement and more. Further, our advice is to ensure your platform enables audit trails across both data and users. This way, you can trace who accesses and changes each piece of data in your secure content platform.

As data manipulation is caused by human intervention, a best practice for this second step is to implement protection against insider threats, namely anomalous end user behavior.  Through machine learning, algorithms discern between normal business operations and suspicious activity. This feature ensures that system administrators and executives alike can prevent data theft and be notified if an issue arises.

3. Integrated enterprise applications

The third step in mitigating risk of data manipulation is to ensure that your security protocols extend across your numerous enterprise applications.  Drug development involves multiple pieces of software: CTMS, LIMS, EDC, ELN, eTMF, amongst others. An area of risk is the manipulation of data entered into or extracted from these systems of record. By integrating your secure content platform to your enterprise applications, an automatic, secure exchange of data can be enabled.  Therefore, as protocols are created in your QMS, for example, the resulting SOP can be protected and governed by the same tools implemented across your other data sets.

Conclusion

For any drug program, data is the key product of drug development activities.  However, in an age where data traverses a broad network of institutions, geographies, and individuals, tracking data and preventing manipulation is of paramount importance.  The aforementioned steps outline three specific actions and technologies that can help mitigate one's risk.

‍Speak with a domain expert about how Egnyte can help you secure your data.