By continuing to use our site, you consent to the processing of cookies, user data (location information, type and version of the OS, the type and version of the browser, the type of device and the resolution of its screen, the source of where the user came from, from which site or for what advertisement, language OS and Browser, which pages are opened and to which buttons the user presses, ip-address) for the purpose of site functioning, retargeting and statistical surveys and reviews. If you do not want your data to be processed, please leave the site.

Delivering on the Promise of Synthetic Data

PETs and Sharing Clinical Trial Data

Using PETs to Responsibly Share Clinical Trial Data

Janssen’s Head of Clinical Data Standards & Transparency, Stephen Bamford, recently published the compelling article “Applications of privacy-enhancing technology to data sharing at a global pharmaceutical company”[1]  in the Journal of Data Protection and Privacy. This article discusses the pharmaceutical company's commitment to clinical trial data transparency and sharing, and the ways in which privacy-enhancing technologies (PETs) are employed to help fulfill that commitment. 

Data synthesis is the most recent PET adopted by Janssen, but it has quickly become their go-to tool to facilitate secondary research using clinical trial data. Bamford notes that “the use of synthetic data for research purposes is preferred whenever possible.”[1]

Janssen is involved in several leading-edge data sharing initiatives such as Yale University’s YODA Project, Project Data Sphere and DataCelerate, making clinical trial data available for secondary research and innovation. Initiatives such as these are changing the way in which clinical research is conducted to the benefit of not only the pharmaceutical industry, but researchers, patients, and the public as well. But broader sharing of clinical trial data has the potential to put patients at risk if it is not carried out in a responsible manner that respects the privacy of data subjects and takes into account the consent provided by clinical trial participants. This is where PETs come in.

PETs such as the three main tools used by Janssen for its data-sharing initiatives — data synthesis, pseudonymisation, and anonymisation — can mitigate privacy risks while allowing for broader access to data. Data synthesis, pseudonymisation, and anonymisation are practically proven technologies that are being applied across many different industries to safeguard patient and consumer privacy. Of course, these PETs go hand-in-hand with other privacy, security and contractual controls that may be required, depending on the context, to ensure that individual privacy is secured and regulatory compliance is maintained.

A guiding principle leading the implementation and use of PETs at Janssen is data minimization [1]. Data minimization is a requirement of many global privacy regulations, such as the General Data Protection Regulation (GDPR) in European countries [2] and the Health Insurance Portability and Accountability Act (HIPAA) in the United States [3]. The principle indicates that personal information being collected and/or processed should be “limited to what is necessary in relation to the purposes for which they are processed” [2]. PETs are key tools in operationalizing this principle. For example, data synthesis can produce datasets that do not contain personal information (low identification risk). The data synthesis process replicates the patterns and distributions of real data sets while creating a fully synthetic dataset that has no 1:1 mapping with actual individuals.  The use of PETs like data synthesis helps organizations ensure that the least amount of personal information, or no personal information in some cases, is being utilized for a given purpose.

Also, due to the fact that fully synthetic data is not considered to be personal information, organizations benefit from needing fewer controls in the processing and sharing of this data. As a result, fully synthetic data may be used for internal purposes such as software testing and research in lower level environments with fewer security controls than would be required for personal information. And when fully synthetic data is shared externally with independent researchers, fewer conditions need to be attached and monitored/enforced.

For more information on how PETs can be used by organizations to facilitate data sharing, see the July 2020 Special issue of the Journal of Data Protection and Privacy co-edited by Editor-in-Chief, Ardi Kolah, and guest editor and Replica Analytics’ co-founder, Khaled El Emam. This issue includes Stephen Bamford’s article discussed here as well as other insightful contributions from leading privacy and technology practitioners in UK, France, Belgium, US, Canada, and Hong Kong.

[2] European Parliament and the Council of the European Union, REGULATION (EU) NO 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF APRIL 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)., vol. NO 2016/679. 2016. 

[3]“US Congress,” “The Health Insurance Portability and Accountability Act of 1996; 45 Code of Federal Regulations Part 164 - Security and Privacy.” 1996.

Related posts

  • Aug 7, 2020, 12:00 AM

    As the pace of technological innovation continues to grow, new risks to consumer and patient privacy are appearing at a rate which could be difficult for regulators to keep up with.

  • Aug 19, 2020, 12:00 AM

    Due to contemporary surveillance laws in the United States, on July 16th the European Union’s Court of Justice ruled that E.U. data was not adequately protected under the existing Privacy Shield agreement with the U.S.