Q&A with HewardMills: exploring data privacy and rare diseases

Allie Nawrat 27 August 2020 (Last Updated September 2nd, 2020 09:23)

One way to overcome some of the challenges facing rare disease drug development could be to leverage data sharing. However, this approach has comes with its own barriers – as pharma is a global industry, companies have to grapple with multiple different regulations and interpretations of regulations. HewardMills data protection and privacy consultant Diana Jabbar-Lopez discusses how companies can overcome these challenges and leverage data sharing to the benefit of rare disease innovation.

Q&A with HewardMills: exploring data privacy and rare diseases
One solution to improve rare disease clinical research could be better sharing of patient data globally, however, these are dictated by data privacy regulations. Credit: Shutterstock.

Over 90% of rare diseases do not yet have effective treatment options; this is linked to numerous challenges facing drug development and innovation in the rare disease field.

There are many barriers facing rare disease clinical trials, primarily because, by definition, these conditions affect very few people who are dispersed across the world. It is incredibly difficult to recruit adequate numbers of patients for large, placebo-controlled clinical trials that regulators require for drug approvals. This situation is compounded by limited physician expertise about these conditions, meaning diagnoses are often missed and possible trial participants are not identified.

Related to these challenges, there are also data questions facing innovation in the rare disease field. For instance, what are the right clinically established endpoints for measuring safety and efficacy in these conditions? Is it ethical to use placebo groups for these at-need patients?

One solution to improve rare disease clinical research could be better sharing of patient data globally. This could also allow better sharing of limited physician expertise to the benefit of diagnosis and trial recruitment.

However, this data sharing opportunity comes with its own set of challenges and regulations that life science companies need to navigate.

Global data protection support provider HewardMills’ privacy consultant Diana Jabbar-Lopez explains both the opportunities and regulatory challenges facing data sharing for the rare diseases, and discusses how life science companies can ensure they are compliant and can make the most of the benefits of sharing data.

Heward Mills rare diseases
HewardMills’ privacy consultant Diana Jabbar-Lopez. Credit: HewardMills.

Allie Nawrat: What are the main data-related challenges to rare disease development?

Diana Jabbar-Lopez: The rare disease field has many data challenges. But those that are most related to privacy are, first, finding enough patients who fit the right criteria for a clinical trial [in a certain disease] can be really difficult. By its nature a rare disease affects very few people – only about 10% of people globally have any rare disease. On top of that, those individuals [with a certain rare disease] also tend to be geographically dispersed.

Also, when pharmaceutical companies try to do drug development or research in this area, they also have to deal with different definitions for rare diseases that are very dependent on the location.

These two challenges force companies to reach out to more patients across the world, which means that those companies will be required to comply with many different regulations to recruit a sufficient number of patients in order to obtain informative results.

AN: How could better sharing of patient data foster much-needed innovation in the rare disease field?

DJ-L: Broadly speaking, sharing data is key to advance scientific research, but, in the rare disease field, this is even more essential. This is because around 80% of rare diseases have a genetic component, which means that research relies on sharing genomic data to predict, prevent, diagnose and develop treatments a lot quicker.

Along with this, in the last ten years or so, there’s been a huge focus on big data and the use of narrative technologies, like artificial intelligence. [But] these areas intensify the concerns around data compliance for those companies that are involved in this area.

AN: How does the need for data compliance create barriers to rare disease innovation?

DJ-L: In every jurisdiction, there will be a different type of regulation to take into account for clinical research.

But the two most important for data compliance are HIPAA [Health Insurance Portability and Accountability Act] in the US and GDPR [General Data Protection Regulation] in the EU.

They share some similarities, but they do differ on key areas. For example, the definition of personal data and data breach requirements. GDPR’s scope is a bit broader and tends to cover any personal data across all industries, including healthcare. Also, GDPR is a cross-border regulation. On the other hand, HIPAA has a much narrower scope and is very sectoral.

As you can imagine, for global companies trying to use a combination of data sets that come from US and the EU, it is hard to apply a consistent approach to processing genomic data for research and development.

In the case of GDPR, there are also many ambiguities and different interpretations by different jurisdictions in the EU. There are different views of how to implement the exemption under GDPR of the use of health data for research purposes. For example, in Spain, you can typically use this data for secondary research without patient consent. But then if you go to Italy, the researchers would have to ask for consent again even though both countries are governed by the same regulation.

Sometimes because of that, companies might opt to restrict data sharing globally and run separate local analysis. But that means the size of the database is limited and therefore the analysis is too.

AN: How can life sciences companies ensure they comply with these privacy regulations when leveraging patient data to benefit R&D?  

DJ-L: Generally, I believe that in the case of the EU, there should be more consistency across the regulator’s interpretation of the processing of healthcare data to make data sharing a lot more flexible and efficient.

Also, the UK Information Commissioner’s Office (ICO) has suggested that organisations should work toward more specific solutions between them. There have been many initiatives that have been started, which are partnerships between private and public organisations. For example, the ICO awarded a grant to [health policy think tank] the PHG Foundation, which is run by Cambridge University, to investigate how GDPR impacts the field of genomics. A lot of these collaborations are [already] happening, but they need to keep [and engage] increasingly different stakeholders.

There has [also] been a lot of talk about certification mechanisms to facilitate international [data] transfer within specific diseases. For example, there could be a certification mechanism purely for genomic data if organisations worked together to achieve that.

In addition, at an internal level, I could also see that companies could use the support from a data protection officer (DPO). The DPO could support conversations [about regulatory compliance] and make sure that compliance practices are embedded really early on in the clinical trials.

The DPO could play a key part in making sure that there is communication between patients, researchers and companies. [Although] generally speaking most of the population is reluctant to share their health data, in the rare disease field, there is evidence that individuals are much more willing to share their information. I think companies could leverage this.