Data Management and Governance: A Primer for Life Sciences Companies

The COVID-19 pandemic increased the need for cross-company collaboration. Yet, working with external partners shouldn’t mean giving away company secrets. Now, information security is more vital than ever. Proper data management and governance are good ways to control access to your files, protect secure information, and maintain compliance with all industry laws and regulations.

Without data compliance, companies risk fines and a loss of both funding and the ability to continue research—but with good data management and governance practices, you’ll be able to ensure data integrity, data security and data privacy.

What Are Data Management and Data Governance?

Data governance creates policies around the use and storage of data in your company. Data management is how those policies are carried out and how the data is used for decision-making. Data governance and management enable you to create, organize, and monitor a company’s files, programs, and online information for things like the data’s security, reliability, and accessibility.

Creating data governance policies and performing data management must take into account the need for remote workers and in-house team members to obtain secure and sensitive information while protecting that data from would-be hackers. There are a few aspects of data management and governance commonly found in all industries:

• Set storage guidelines - Having standard operating procedures for saving files on the company server paves the way for the effective monitoring of those files.
• Regular auditing - Audits allow you to know what files have been added to the server, who they’ve been shared with, and if they’re being stored properly.
• Automation - Automation can allow you to save time while making sure that your files are where they need to be and protected in the correct ways.
• Access management - Controlling access helps ensure file security by making sure that only those who need the files have access to them.
• Retention - Maintaining versions and obsolete documents help auditors and inspectors verify whether research was conducted in line with the study protocol, regulatory requirements and GxP standards.

In short, the primary goal of data governance is to control how data is saved and stored. And the primary goal of data management is generally to protect the data of a company. In addition to the above, life science companies have a few other things to think about.

Why Should Life Science Companies Invest in Data Management and Governance?

Data management and data governance are important for the security of any operation, of any size, in any industry. However, as a life science company, these processes also become ways of ensuring compliance with the law. Governing laws like GxP, GDPR, and HIPAA within the life sciences industry mean that your data has to comply with strict regulations to protect data integrity and data privacy.

For example, the GxP guidelines require system validation, which means verifying all features that process data (audit trails, time stamping, permissions, etc). Automated validation can make system audits easier and less time-intensive by running daily tests for all system features and providing testing documents for review — a smoother process than an in-person, manual audit.

How to Approach Data Management and Governance as a Life Science Company

Data management is not as hard as it may seem. Getting started with these four concepts can get you pretty far, pretty fast.

Protect Patient Information

When a drug is created, it must go through clinical trials that require the personally identifiable information (PII) of real patients be stripped out of the clinical data at the investigational site. But PII can sneak into trial data, especially with digital data sources. Electronic health records, X-rays with hardcoded patient names, or DICOM imaging with health record identifiers hidden in the metadata often fail anonymization. Effective data management and governance keep this information secure and law-abiding.

Think about encrypting your data and running regular audits that look for vulnerabilities in security or nonconforming files. Simply put, protecting patient privacy means keeping all PII secure and away from those who don’t need that information. Ensure that your organization is complying with all regulations to avoid fines, jail time, a loss of government funding, and even potential bankruptcy.

Manage Data with Software

Manually managing data and making sure it complies with all laws would mean looking at every individual file with hundreds if not thousands of regulations in mind. The larger the research footprint, the harder manual data management becomes. Using software to assist or even automate the management side of things can allow you to focus solely on data governance. That means more time spent getting people to do the right thing in the first place.

Keeping a complex or manual data governance and management system can cause team members to bypass it in an effort to save time. Use software that weaves data management directly into the fabric of your business without much (if any) extra work to encourage your team to follow proper policies. In addition, software like this provides legal assurances that if something goes wrong, you will have time to find a fix

Make Access Simple

Good data management and data governance practices follow the law to protect all involved parties while also enabling a modern company to migrate to the cloud. Secure clouds enable scientists and investigational sites worldwide to work on advancing cures and medicines to treat illnesses.

Data management and governance can be done on in-house servers that are disconnected from the internet. This is one way to keep data secure and protected. However, this prevents anyone working from home or another office from accessing the data and collaborating with a team.

Modern cloud options can keep data protected while also keeping it accessible to team members in-house, at home, and at other companies. With easy-to-use cloud software, you’ll have the option to keep your data encrypted and secure but also to analyze and share it with whoever needs it, wherever they are.

Keep in mind who will be acting as the lead on data governance and management. This is the person who will have to grant or oversee the granting of access to restricted files. The key is to keep file access simple — for example, requesting access after entering a password — for those who need it yet impossible for those who don’t need the files.

Keep Data from Competitors

While COVID-19 created a world of collaboration, not all treatments, drugs, and cures need to be shared with your competition in order for society to progress. Data governance policies should be set up so that file management increases data quality while also enabling separation and organization between various file types.

Making sure files that contain sensitive data are behind strong firewalls while files that contain general information are locked but perhaps not behind firewalls will create a system that better prevents accidental data breaches. Think about writing data governance guidelines that spell out what is considered sensitive and private versus what’s not as important and where it should go within the database.

For example, suppose you have all files in one place. In that case, you might accidentally share something highly sensitive with the wrong person. On the other hand, if you have highly sensitive files separated and behind a firewall, you won’t accidentally share the wrong thing without conscious, extra steps.

Reduce the Complexity and Risk of Your Data

Data management isn't as scary as it sounds. Secure and compliant data management can and should be easy. Take control of your data and check off your list of regulations so you can focus on what really matters—the work your team does. Know that you’re keeping your company’s data safe for the benefit of the patient experience and the company's bottom line with Egnyte's Life Science Data Governance Solution.

‍