Clinical trials are a crucial step in developing new life sciences products such as drugs and medical devices. All tests – whether with large or small groups of people – require medical and personal information from patients upfront, and then proceed to collect data throughout the process. Ultimately, research companies are responsible for large sets of sensitive data and securing that information should be a top priority.
Why does clinical trial data need to be protected?
To begin with, there are legal requirements for medical data security. All clinical trials require medical histories and personal information from everyone in the study. To protect participants from medical fraud, clinical trial groups are legally obligated to secure this sensitive information. HIPAA and the FDA’s Code of Federal Regulations, as well as other regulations require the protection of sensitive medical records. Your group can be fined for violating these rules.
From a PR perspective, strong data protection policies can protect your reputation. Potential participants are more likely to take part in a study if your organization is respected and shows a commitment to privacy. Additionally, it is in your business’s best interest to secure clinical trial data to protect your competitive advantage. If a competitor obtains your data, they may be able to use it to put a new drug or medical device on the market first, with less research cost on their end.
Risks to clinical trial data
Personal medical histories are highly sought after by hackers looking to turn a profit; medical data is considered to be ten times more valuable than credit card information. With personal medical information, criminals can forge IDs and documents, illegally acquire drugs, and collect on fraudulent insurance claims.
Many clinical trial organizations rely on 3rd party services to provide materials, financial support, or data analytics. By increasing the number of people who can access clinical trial data, the insider threat risk goes up. The majority of data breaches are actually caused by insiders – either with malicious intent or by mistake. By widening the umbrella of possible insider threats through the involvement of 3rd party services, the need for data security multiplies.
Malicious insiders look for ways to use company data for personal gain or to harm the organization. They may attempt to steal clinical trial records and sell them to a competitor or take it with them for future career advancement. They may also attempt to use the data to embarrass the company in some way. Accidental information security breaches can happen by employees opening an email with malware or not correctly following security protocol (such as leaving an Electronic Healthcare Record open on a monitor).
Clinical trial data security tools
The Society for Clinical Data Management has published a popular whitepaper Good Clinical Data Management Practices that your organization should review and discuss ways to implement. In addition, you should be in compliance with all data security laws and regulations.
To further secure clinical trial data, consider deploying employee monitoring software. With this tool, you can track user activity to make sure only approved employees are accessing sensitive information, and that their behavior is normal for the task. For example, employee monitoring software can detect actions such as downloading data sets and storing them on an external drive, which could signal theft. With so much on the line – fines, reputation, sales, participant safety – and so many insider threats, employee monitoring software is an effective and efficient way to make sure your data is being handled appropriately and securely.
Insider Risk – How Prepared Are You?
Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.
About the author
