A recent article in Clinical Leader outlined concerns about Pharma’s ability to comply with the new EU Data Protection Regulation set to go into effect in May 2018. Indeed, companies doing business in the European Union will have major regulatory changes to contend with, including:
- Increased territorial scope, which includes where data is processed and stored
- Increased penalties, which can reach 4% of global profit
- Strengthened patient consent
As the global reach of clinical trials has increased, and with the deadline for compliance quickly arriving, many in Pharma are finding themselves in a dilemma.
What’s behind the new regulation?
In 2013, high profile data breaches and revelations of widespread NSA spying sent shivers through the EU and sparked debate over data protection. A lawsuit, citing Edward Snowden’s revelations of widespread monitoring of online personally identifiable information (PII) by the US government, found that the US-EU Safe Harbor privacy guidelines were invalid. Suddenly, companies that store PII on European citizens—including personal health information (PHI)—without the care mandated by the EU were in breach of European privacy laws. The EU parliament put together a new set of laws: the General Data Protection Regulation (GDPR) updated for the information age and with strong consumer protections.
What does this mean for eClinical users?
It’s imperative that eClinical users operating in Europe have assurance that patient data stored in their software is in compliance with the GDPR. Here’s how Medrio provides that assurance:
- EU privacy standards for trial data – By the end of March 2018, well ahead of the May 25 deadline, Medrio will have servers up and running in Germany and France dedicated to the storage and processing of European trial data. Our industry-leading data protection measures (physical and network security, data encryption, disaster protection) and best practices (two-factor authentication, audit trail, obfuscation of patient identity) already meet the level of protection that will be required when the GDPR takes effect. The results of European trial data can be aggregated with trial data from around the globe, while the PHI and PII of European citizens will remain secure in compliance with the GDPR.
- Improved patient consent – Medrio’s mConsent technology helps make it not only simple and fast to create an “intelligible” consent form, but makes it easy to access in the form of a tablet. The ability to include multimedia, like video, images, and PDFs, in the consent process, as well as test for comprehension through a quiz module, allows study builders to make the process comprehensible to the layperson.
The measures we’ve taken to ensure compliance with the GDPR stem from a simple, but essential, aspect of our philosophy: that one of the fundamental functions of eClinical software is to keep operations as simple as possible for the user. We handle the regulatory complexities so that users can focus on their subjects and the underlying science of their trials.