The document discusses legal barriers to using health data to deliver pharmaceutical innovation. It conducted interviews with pharmaceutical industry members and external experts to identify key barriers. It found uncertainties around appropriate legal bases for data processing under GDPR without consent, heterogeneous data access across countries, and issues with anonymization. It proposes solutions like developing common standards, clarifying GDPR exemptions, and an industry code of conduct to address uncertainties and build trust. The conclusion states that while GDPR does not inherently create barriers, uncertainties remain, and stakeholders should work together proactively to enable important research.
💚Chandigarh Call Girls Service 💯Piya 📲🔝8868886958🔝Call Girls In Chandigarh No...
Legal barriers to better use of health data to deliver pharmaceutical innovation
1. Legal barriers to the better use of
health data to deliver
pharmaceutical innovation
Presentation for the CPDP Conference 2019
Brussels
Amanda Cole
1st February 2019
Research funded by the European Federation
of Pharmaceutical Industries and Associations
2. Project remit
• Background: The range of data sources and technologies relevant
to pharmaceutical R&D continues to expand. Actual practice is
constrained by the legal environment, which has to catch-up with
these opportunities.
• Objective: To build a consensus and prioritisation of the main legal
barriers to the better use of health data to deliver pharmaceutical
innovation.
• Our approach:
• Developed a framework according to the applications of health
data across the pharmaceutical lifecycle.
• Interviews (twelve) and a workshop with pharmaceutical
industry members. This was followed by further interviews (six)
with external experts in data protection, digital health policy,
health research, informatics and cyber security to corroborate
findings, resolve uncertainties and seek further inputs.
Legal barriers to better use of data
3. Cole, A. and Towse, A., 2018. Legal Barriers
to Better the Better Use of Health Data to
Deliver Pharmaceutical Innovation. OHE
Consulting Report, London: Office of Health
Economics. Available at:
https://www.ohe.org/publications/legal-
barriers-better-use-health-data-deliver-
pharmaceutical-innovation
4. Core concepts
Privacy interest Public interest
Supporting sustainable
health systems and better
outcomes
Optimising R&D and
treatment targeting
Research: effectiveness
and cost-effectiveness
Audit / service evaluation
Prohibiting discrimination
Safeguarding against
improper use of personal
information
Protecting patient identity
• Balancing public and privacy
interests. Protecting privacy whilst
enabling research and evaluation.
• Protection of personal data
• Consent, anonymisation, and
authorization according to
intended use
• GDPR
5. Framework – use of health data
across medicine lifecycle
Legal barriers to better use of data
2. Pharmacogenetics:
targeting development
Utilising
evidence to
support
specific
activities /
business
processes:
• Early clinical studies (proof
of concept, dose ranging
etc.)
• Randomized controlled trials
Efficacy and effectiveness
Pre-discovery Drug discovery
Pre-clinical
development
Clinical
development
(Phase I, II, III)
Market
authorisation /
regulation &
reimbursement
Post-marketing
evaluation
(Phase IV)
• Incidence &
prevalence
• Burden of illness
• Disease
mechanisms
• Comorbidities
• Natural history
• Clinical practice
patterns
Identifying unmet need
• Utilization
• Pharmacovigilance
• Outcome predictors
• Personalised medicine
• Managed entry
On-market evidence generation
• Observational
study designs
Patient-powered
research
networks
Surveillance
Mobile
devices &
wearables
Electronic
health
records
Social media;
consumer
data
Patient-
reported
outcomes
Administrative
data and claims
databases
Patient registries
(disease /
intervention)
Health
surveys
Mortality
database
Genomic data
Pharmacy
data
EvidenceDatatypes
1. Epidemiology and
pharmacoepidemiology:
Identifying unmet need
3. Interventional studies
4. Non-interventional studies
5. Pharmacovigilance
6. Managed entry agreements
Activity
VALUE
DATA
EVIDENCE
Drug discovery Regulation Pricing & ReimbursementHTA
6. Pre-discovery Drug discovery
Pre-clinical
development
Clinical
development
(Phase I, II, III)
Market
authorisation /
regulation &
reimbursement
Post-marketing
evaluation
(Phase IV)
1. Epidemiology and
pharmacoepidemiology:
Identifying unmet need
2. Pharmacogenetics:
targeting development
3. Interventional studies
4. Non-interventional studies
5. Pharmacovigilance
6. Managed entry agreements
Legal barriers to better use of data
Identifying unmet need
Efficacy and effectiveness
On-market evidence generation
- Ensuring the company can re-use data at a later point in
development, and to enable data linkages
(Anonymisation; Consent)
- Heterogeneity in data access models and legal frameworks
across countries (Harmonisation)
- Envisaging future research questions, and feasibility of re-consent
(Consent)
- Primary versus secondary-use data: judging compatibility of proposed
“new uses” of data (Compatibility)
- Heterogeneity in data governance requirements in multi-country studies
(Harmonisation)
- Restrictive data access for pharmaceutical companies
(Trust/Reputation)
- Anonymity for observational data (Anonymisation)
- Ambiguity: legitimate legal bases for processing data
in the absence of consent: Public interest; Scientific
research; Provision / management of health care (GDPR)
Findings: Main legal issues identified
7. Findings: Cross-cutting principles
Legal basis for data collection and use
Data subject rights
Rights to information, rights to
access, rights to erasure (“to be
forgotten”)
Anonymisation
Not an absolute term. "Pseudonymisation"
Considering safeguards and the technical
resources required to identify a person.
Policy distinction between personal and non-
personal data
Consent
Broad (enough to permit later
use) vs. Specific (enough to
comply with legal standards)
Compatibility of primary
and secondary (re-)use of
data
Critical implications for legal
framework and governance
Engendering Trust
Communication of safeguards and
industry standards; data
stewardship; principles of
responsible use
Uncertainties around appropriate legal basis: GDPR
Clarifying legal basis for secondary use of data without explicit consent, based on 'compatibility' of purpose with purpose of
original data collection:
Understanding what is covered by 'public interest', 'scientific research', 'provision/management of health care'
exemptions.
Will GDPR harmonise or fragment?
Heterogeneity
Divergent data access / linkage
opportunities hampers cross-border research
Issues relating to digital health
8. Challenge Solution?
- GDPR further enshrines data
subject rights. Of particular
concern: right to erasure
- Guidance and an industry-wide position
of how these rights apply to health research
- Clear specification by industry upfront of
retention periods and how data will be
handled if consent is withdrawn
- Limited utility of truly
anonymous data
- Uncertainty around degree of
anonymisation required for
different uses
- How to address re-
identification risk
- Clarify scope / concept of anonymisation
and pseudonymisation
- A probabilistic approach should be taken,
which includes consideration of the
safeguards and context of intended use
- A process guide around level of de-
identification appropriate under which
circumstances
Findings: Issues and solutions
Data subject rights
Rights to information, rights to access,
rights to erasure (“to be forgotten”)
Anonymisation
Not an absolute term.
"Pseudonymisation" Considering
safeguards and the technical resources
required to identify a person. Policy
distinction between personal and non-
personal data
9. Challenge Solution?
- Constructing consent that
retains flexibility to permit re-
use across the value chain
- Questionable viability of re-
consent
- Alignment /consensus on the alternative
legal bases for data processing, which
may be more appropriate than consent in
the context of medical research (GDPR:
scientific research, public interest,
provision of health care).
- Clear guidance on how these exemptions
to consent apply to specific pharmaceutical
activities.
- Reliance on consent may be
inappropriate or unfeasible for
some pharmaceutical data
processing activities
Findings: Issues and solutions
Consent
Broad (enough to permit later use) vs.
Specific (enough to comply with legal
standards)
Uncertainties around
appropriate legal basis:
GDPR
Clarifying legal basis for secondary use
of data without explicit consent
Understanding what is covered by
'public interest', 'scientific research',
'provision/management of health care'
exemptions.
Will GDPR harmonise or fragment?
10. Challenge Solution?
- Variable judgements of ethics
committees
- More consistent interpretations required
- Heterogeneity hampers
valuable cross-border research
and leads to duplicated effort
for multi-national organisations
- Developing common standards and
approaches to health care data access across
Europe would support health care innovation
- Given the number of opening clauses and
provisions for member state divergence in
GDPR implementation, a cross-border
initiative and shared understanding would
greatly benefit industry and researchers; this
must include national authorities
- Enabling the re-purposing of
wellness data for research
- Blurred boundary between
research and health care
provision (legal bases distinct)
- Clear guidance or sets of minimum
standards for digital health. The benefits of
sharing and linking data must be understood
and shared with the wider community, to
promote confidence and trust.
Findings: Issues and solutions
Compatibility of primary
and secondary (re-)use of
data
Critical implications for legal framework
and governance
Heterogeneity
Divergent data access / linkage
opportunities hampers cross-border
research
Issues relating to digital
health
11. Challenge Solution?
- How to address ethical/legal
obligations to patients and
citizens in a big data
environment
- Preventing bad news from
defining policy
- How to address pharma-only
data access restrictions
- There is a case for industry leadership
and collaboration across stakeholders in
dealing proactively with the uncertainties,
sharing good practice, and promoting trust.
Consider code of conduct based on:
• Co-development of principles for
responsible use
• Agreement and communication around:
• what level of de-identification is
acceptable for what use
• data ‘chain of custody’
• cybersecurity and safeguards
• legal bases for data processing (a
menu of channels for which GDPR
exemptions may apply)
Findings: Issues and solutions
Engendering Trust
Communication of safeguards and
industry standards; data stewardship;
principles of responsible use
12. • The GDPR does not create “new” legal barriers, and was not
designed to hamper important scientific research.
• Most issues identified are in fact uncertainties rather than
barriers per se.
• National data protection authorities should find a way of
working with industry, in a way that enables research and
reduces the legal risk of important data processing activities.
However, authorities are stretched.
• There is therefore a strong case for industry to deal proactively
with the uncertainties, sharing good practice and engendering
trust by co-creating a code of conduct, and promoting a shared
understanding of the value to society of pharmaceutical
research.
• All stakeholders must be on board, as all stakeholders stand to
benefit from the better use of health data.
Conclusion
13. Contacts
To enquire about additional information and analyses, please contact
Amanda Cole at acole@ohe.org or Adrian Towse at atowse@ohe.org
To keep up with the latest news and research, subscribe to our blog, OHE News
Follow us on Twitter @OHENews, LinkedIn and SlideShare
OHE Consulting Ltd
Southside, 7th Floor
105 Victoria Street
London SW1E 6QT
United Kingdom
+44 20 7747 8850
www.ohe.org
OHE’s publications may be downloaded free of charge from our website.