“Patients are often willing to share their health data if it helps people with conditions similar to theirs.” — Jennifer Kubino, COO, BC Platforms
Currently, it can be challenging for biopharmaceutical companies to gain access to health data due to different regulatory climates around the world. In a recent interview, Cubino discussed the regulatory differences between the US, the European Union (EU) and other countries amid ongoing efforts to encourage patients who want to share their data, including Cubino’s experience with BC platforms.
BC Platforms is a bioinformatics company offering real-world data and technology platforms for use in clinical genomics, personalized medicine and drug development. Among the biggest regulatory differences, Kubino said, are those between the US and the EU. Although both seek to protect patient data, EU rules are generally stricter.
In the US, access to patient data is governed by the Health Insurance Portability and Accountability Act, or HIPAA. Enacted in 1996, HIPAA allows the sharing of protected patient health information only for the purposes of treatment, payment or operations. In order for researchers to access the same data, patients must give explicit consent.
There is an exception: HIPAA allows researchers to use what is known as de-identified data without the patient’s consent. For this purpose, the law enumerates 18 secure identifiers which must be removed before a data set can be considered de-identified.
The main EU privacy legislation known as the General Data Protection Regulation (GDPR) uses the term “anonymization”. This includes broader and more extensive de-identification of patient data than in the US. In both cases, if researchers take the time to explain their need for the data and the benefits it can bring, patients often agree, Kubino said.
“At the end of the day, patients want to know if their data will be used for the greater good.”
If a patient is going through cancer treatment, for example, and researchers ask to study their data to help other cancer patients, they are more likely to agree, Kubino said.
“They know what other patients are going through and want to find more meaning in what they themselves are going through.”
Kubino cites a personal example from one of her children who has a long-term chronic illness that is now well under control. Researchers have requested personal health data to help conduct research into the condition.
“I discussed it with my child, who also understands my work at BC Platforms,” Kubino said. “This, of course, provided a good foundation for understanding the purpose of data-driven research. As a result, my child’s response was, “Yes, I want to do that. It’s been hard to have this condition and I really want researchers to understand more about what kids like me go through.
Patients are still aware of the risks, she added.
“For example, I have read in the press about the anger that people can feel at the lack of transparency about how their data has been used, especially when it involves commercial activities. Patients may feel that there is insufficient oversight for users of their data.
One solution to improve transparency is emerging from a BC Platforms partner in the Asia Pacific region. The partner is working on an app that will allow patients who share their data to access research using that data, Kubino said.
“It’s a dynamic solution that fosters a transparent, real-time dialogue with patients.”
Greater transparency and engagement offer legal and regulatory benefits for researchers. But they could also help deepen public trust and appreciation for the research community, Kubino said.
“Patients will be able to say ‘look what these researchers were able to learn!'”
Regulations are also likely to evolve, especially as concerns about legitimate data use grow. The EU and some of its member states have responded by tightening access, Kubino said.
But some states are trying to balance both research needs and patient privacy. Legislation from South Africa, for example, currently sits between GDPR and HIPAA and appears to be applying what has been learned from other countries, Kubino said.
For now, BC Platforms uses the EU’s GDPR as a global standard, adjusting as local or institutional requirements are needed, Kubino said. BC Platforms also uses an EU-based cloud provider that is not subject to the US Cloud Act, a law that allows US authorities to access, without a subpoena, any data stored by US-based cloud providers.
“This provides our partners with an additional layer of data protection,” Kubino said.
The company also supports compliance with local requirements related to the sharing and protection of patient data, including genomic information, multiomic data, longitudinal clinical data, patient outcomes and imaging. In short, it offers a robust approach to collecting a rich set of data – while building trust with patients.
“Because of our expertise in genomics, we can help our partners develop a path that allows them to grow in a way that is nuanced for them, with patient privacy and data protection always at the forefront of our thinking.” she said.
picture: imtmphoto, Getty Images