Technology continues to play a larger and more critical role in advancing clinical research. It has also brought challenges as regulatory bodies try to establish ethical standards while keeping pace with the rate of technological innovation.
In December of 2020, the European Medicines Agency (EMA) announced they were the victims of a cyber-attack. Confidential documents relating to the Pfizer-BioNTech COVID-19 vaccine had been accessed and leaked on a mass scale. This incident served as a humbling reminder to regulators and researchers alike that data security is an ever-present threat.
Prior to the pandemic, researchers were ready and eager to implement enhancements like remote monitoring and wearables into their trials. But, they had to actively request relevant guidance on their use from regulatory bodies, who seemed caught off-guard by the arrival of these technologies.
When COVID-19 arrived, it disrupted nearly all clinical trials globally and postponed the promise of new therapies and life-saving vaccines. It also cost the life sciences industry millions in foregone or delayed revenue. As such, the FDA and EMA began issuing new guidance to enable trial continuity. This guidance touched on in-home visits, direct-to-patient trial supply, telehealth, ePRO/eCOA, eConsent, and remote patient monitoring.
But as clinical technology continues to expand through the introduction of decentralized solutions, researchers are struggling to maintain security for a growing number of in-clinic and remote data endpoints. As a result, between 2009 and 2020, there were nearly 4,000 healthcare data breaches resulting in the loss, theft, exposure, and impermissible disclosure of over 250 million healthcare records.
Patient data has become more valuable and vulnerable as the technology used to store it – EDC, EHRs, and other systems – outpaces the regulations designed to protect it.
When it comes to data security, healthcare has a lot of work to do. For clinical research, in which few things are valued as much as patient privacy and intellectual property, this is no small cause for concern.
As the regulations that govern data security in clinical research begin to catch up to the available technology, researchers will need to ensure that they have the right data management tools to help them adapt. ClinOps and study managers need to focus on introducing new decentralized workflows and technologies to their sites, teams, and patients. They don’t need to also worry that these new technologies could be exposing them—or their stakeholders—to potential security risks.
Having a fully compliant, robust EDC is essential to ensuring that regardless of how you facilitate your trial, your data is always accurate, compliant, and secure.
Prior to the pandemic, Medrio was investing in higher data security standards. We did this by establishing and maintaining a comprehensive security infrastructure that starts at the core of our EDC and extends through every technology in our unified ecosystem.
Through this journey we identified guiding principles to ensure data security for EDC software:
Incorporating data privacy and protection into your clinical workflows can be challenging. The data security landscape is always evolving, so it is imperative that your EDC provider be a partner in maintaining data integrity and privacy throughout the course of your trial.
At Medrio, we pride ourselves on being an extension of your data security team. The framework for our comprehensive security program was built from ISO 27001 standards, as well as guidance from industry leaders such as OWASP and NIST. We do this to deliver the highest standards of confidentiality, integrity, and data availability on the market.
You may not always be able to predict or prevent risks to your data. But with the right EDC, you can make sure you have the best possible protection and preventative measures in place. And when that time comes, Medrio will be ready.