Regulations and Standards Blur Data De-Identification & Anonymization Data Accessibility

EMA Policy 0070 and GDPR: De-identification and Data Transparency

Regulations and Standards Blur Data De-Identification & Anonymization Data Accessibility

As the life sciences industry prepares for compliance with EMA Policy 0070 and its requirements for the anonymization of shared clinical study reports, d-Wise has been previewing its powerful Blur de-identification platform and managed services. 


The life sciences industry has been undergoing considerable transformation over the last five years, particularly in relation to transparency. Original and secondary use cases for clinical data have grown in scope. These now encompass greater sharing between teams in the business, as well as increased external sharing of findings in the public domain and as part of greater collaboration with partners and peer research groups.

This opening up of clinical findings is important not only to strengthen confidence in results, but also to ensure that knowledge is maximized and progress accelerated. With this growing appetite to share potentially sensitive content, as found in clinical study reports (CSRs), comes a lot of responsibility towards the subjects who have taken part - whose privacy organizations have promised to protect. So the authorities must now update the required measures - to encourage life sciences to be more open about their findings, yet without compromising patient identities. This is a particular concern in the context of rare conditions, for instance, where subjects are fewer and farther between.

Policy 0070 from the European Medicines Agency (EMA) is designed to regulate this situation, by specifying how publicly shared CSRs should be presented – specifically in terms of patient anonymization. The EMA’s ruling on CSR treatment is just the beginning. Ultimately, the original data behind the reports will also have to be anonymized, requiring additional consideration and processes so that companies don’t get caught out – or become so lost in their de-identification efforts that they lose track of the complete, unaltered findings.

Logistically, all of this could become a nightmare and companies need to be sure they can handle the de-identification process reliably and systematically so the risks are minimized yet the integrity and onward value of clinical research is preserved. Anonymization processes need to be consistent, traceable and auditable internally, not only to satisfy the needs of regulators and legal teams, but also to retain confidence in the quality of the research output and its enduring value to the business.


Balancing openness & usability


How to preserve the value of a study’s findings is one of the big issues for the industry - if references to the participating subjects must be sufficiently blurred so that no one could conceivably work out who the individuals are. Go too far, and the findings become too bland to be useable. This balance of privacy protection versus meaningful knowledge sharing has been the topic of rousing debate across the life sciences market over recent months.

Companies will need to carefully manage the trade-off between risk of patient identification (not to mention the potential breach of new general data protection requirements under GDPR), and the planned use of the data, then.

Not all use cases present the same vulnerabilities, so it makes sense that companies have a measure of control over how far they go in respective document and data anonymization efforts. In the case of rare disease-related research where findings are going to be made public, the safeguards will need to be turned up high. For more common conditions with very large samples, or in scenarios where data sharing is more contained (eg kept to internal use, but extended beyond regulatory affairs to biostatistics and data management, IT, clinical operations, medical and scientific affairs, and medical writing teams), the need for extensive data manipulation could be justifiably reduced. As long as the right controls and role-based workflow are in place, and the data owners maintain clear visibility of any changes, companies should be able to achieve the balance they need.


Maintaining focus


All that aside, R&D organisations need to ensure that adhering to the developing anonymization requirements do not become a major distraction from their day-to-day operations, consuming experts’ valuable time which is needed for higher purposes.

Together, all of these complexities prompted us to develop Blur; a complete, workflow-driven lifecycle management solution for de-identifying clinical trial data, clinical study reports, and protecting patient privacy. Crucially, it has the controls and rule-setting ability to enable companies to assess identification risks and match the de-identification requirements to the target use case and audience, all without requiring any SAS coding experience. Different rights can be set for different roles, and all actions are fully traceable. Outcomes are also highly accurate and efficient, thanks to intelligent automation of anonymization processes. Because of the system’s complete transparency, companies will be able to show regulators and legal teams that they have taken all reasonable steps to protect people’s identity. The initial market reaction to Blur has been exactly as we expected: one of relief and great interest. The market need for it is substantial, as we look forward to helping companies navigate the changing regulatory environment with this robust and comprehensive solution.

View this webinar on Blur:


To find out more about Blur and the managed services we offer on top of this powerful platform, visit our Blur de-identification information page or see us at one of our upcoming events - we'll be at the CDISC Interchange in Austin, TX on November 13-17, the DIA meeting on disclosure and transparency in London, UK on December 8-9, and the CBI Data Transparency Conference in Philadelphia, PA on January 30-31.