The goal of every life sciences company is to improve the lives of patients by getting their product to market. To do so often requires successfully completing a clinical trial. It goes without saying, however, that keeping the resulting data secure and compliant is paramount. Restricting access to only those that need it is an essential first step, but there is much more that needs to be done. 

To help you in your journey, we’ve created a list of five common ways that trial data puts us in jeopardy, and approaches you can take to avoid these risks: 

Risk #1 – Botched data transfers
If you use or are going to use a CRO, then they will be storing your trial data. The challenge here is that it’s on the sponsor to retrieve the data from a CRO in a compliant way.  How do you prove to an auditor that the data maintains integrity after transfer? The best approach for this process is to find a solution that can help you prove data integrity and automates the transfer process.

Risk #2 – Losing chain of custody
When working with clinical data, there are multiple systems within which that data needs to be manipulated. A great example is the workflow for clinical data analysis: regulated data needs to be extracted from an EDC, transferred to a biostatistician, analyzed in SAS, and results returned. Though those systems may be validated and secure themselves, how do you know the data isn’t being manipulated between those steps? Having a compliant repository that integrates with your analytics and hosted software can help you prevent gaps in the chain of custody of data from patient to decision

Risk #3 – Becoming a victim of ransomware
Let’s face it, ransomware attacks continue to grow and the associated costs continue to climb. Here are some questions you should ask yourself – Does my company (or my CRO) have ransomware protection in place? Does that include where you keep your clinical trial data? Is there a documented procedure in place to mitigate business impact? A ransomware attack is a double whammy: your organization loses its data and is a clear violation of FDA 21 CFR Part 11. Keep in mind that on-premises file servers are just as susceptible as cloud solutions.

If you are uncertain of the answers to these questions? Then you need to take action now!

Risk #4 – Violating data privacy laws
Conducting a clinical trial involves a host of identifiable information, not only from the patients, but also from the research team that is conducting the trials. Of course patient records are the most obvious and critical to secure, but in some countries, even the resumes of the research team are subject to privacy regulations. It gets even more complicated when you are requested to delete personal information. Failure to comply can get very expensive. For example, violators of GDPR can be fined up to €20 million, or up to 4% of their annual worldwide revenue. Make sure you have this well-thought through before you start your trial.

Risk #5: Lack of a backup
It’s important to include an often-overlooked risk – addressing your backup strategy. There are many options and pros and cons here. Rather than discuss them all, I’ll list some of the things to consider. For on-premises storage, is there site redundancy in case the building becomes inaccessible? How do you retrieve the data if it’s off-site? How often does the backup happen? What’s the cost of losing data? If you are using a cloud solution, don’t assume that they have a recovery solution by default, and if they do, make sure it meets your needs.

Clinical trials are a huge undertaking and there is little room for failure. Following these tips can help eliminate risks to your data before you even start.

Interested in more information? Egnyte can help. Visit us at egnyte.com/lifesciences.

 

Photo by Louis Reed on Unsplash

Comments are closed.