Safeguarding Clinical Trial Data in the Age of Artificial Intelligence & Data Breaches
The data derived from clinical trials is one of the most important assets in new drug discovery, especially for companies seeking investment. AI can be used in many ways in the drug discovery process, including identifying target compounds to treat specific diseases and drug product development. AI also has vast potential to enhance the capacity to analyze clinical trial data for scientific and patient outcome purposes. It can speed data analysis, help sponsors identify and recruit participants, and add efficiencies that save valuable time and capital. Yet, reliance on advanced, data-driven technologies also carries risks, requiring trial sponsors to responsibly manage and oversee how they use the data generated through the trial.
Security and Privacy Risks to Data in Clinical Trials
Clinical trial sponsors and sites are prime targets for cybercriminals because of the large volume of research and development data and analysis—as well as protected health information—that is produced and collected before, during, and after the study. Multiple parties touch clinical trial data, including trial sponsors, academic research institutions and other clinical trial sites, clinical research organizations, and other service providers. The data are collected, transmitted, processed, and stored in the IT systems used by these parties, and may undergo data pseudonymization and database management in cloud-based services. This creates a substantial attack surface for which trial sponsors must account in their data governance and cybersecurity plans. With rising incidences of data breaches particularly in the life sciences and healthcare industries, trial sponsors must ensure they—and all participants—design and implement robust cybersecurity and data privacy measures, seeking outside expertise and resources as necessary or appropriate.
If AI processes are layered on, there will be additional privacy risks the sponsor, the trial sites, and other participants will need to consider. These issues include the potential for bias and discrimination in the underlying data used to “train” the AI algorithms, the need to obtain legally enforceable and ethically appropriate consent to use a patient’s data for AI training purposes, and the lack of clarity about the intellectual property rights in the products of the AI systems used. The legal ramifications of these are just beginning to be evaluated and addressed by legislatures and courts, and sponsors will face uncertainty and inconsistency as they navigate the AI terrain.
For clinical trial sponsors operating in today’s advanced technology and data security environment, here are four things to consider for safeguarding data and protecting the value of a commercial development program.
Key Considerations for Trial Sponsors
1. Investors today are examining AI and cybersecurity practices.
Responsible data management has become an industry best practice, and investors in new drugs and medical devices are increasingly emphasizing its importance. Now more than ever, they are raising questions about the use of AI and data storage processes, particularly regarding the handling of participants’ personal data. Additionally, investors expect sponsors to have cybersecurity programs in place sufficient to safeguard their investment. Intellectual property is the most valuable asset in the trial, and investors need assurance that this information is being adequately protected. Investors are also looking for trial sponsors to partner with AI and cybersecurity experts who can add value and ensure that best practices are followed.
2. AI must be leveraged responsibly.
AI platforms used in clinical trials create a target for bad actors seeking to obtain personal information and competitively sensitive data, potentially compromising the trial, its results, and the product’s valuation to investors. Companies using AI for clinical trials must proactively plan and prepare for possible data breaches and have sufficient prevention measures in place to protect study subject data. Furthermore, they need to make sure the AI systems in use do not collect information that could be shared with external users outside the company.
Trial sponsors must also carefully consider how they explain the use of advanced technology in the informed consent document so study subjects understand and properly consent to how their data may be used. Finally, trial sponsors need to consider how AI can be leveraged to analyze clinical trial data – for example, to teach AI models for future drug discovery or to inform AI models to develop a second generation of a particular product.
3. Sponsors are responsible for their third-party vendors.
Defense against cybercriminals is only as strong as its weakest link. Trial sponsors must ensure everyone involved in the trial, including third parties, adheres to cybersecurity and AI best practices. In the eyes of FDA, trial sponsors are ultimately responsible for their third-party vendors, and this responsibility cannot be contracted away. As a result, trial sponsors must oversee the actions of their third-party vendors, making the due diligence process when vetting partners, and negotiations of strong data protection contract provisions, extremely important. When in doubt, trial sponsors should partner with reputable firms that have obtained independent certifications for their data security and AI programs and are willing to contractually stand behind those programs.
4. Decentralized trials add new challenges.
Decentralized clinical trials offer some significant benefits to sponsors. For example, a wider range of participants can be recruited if there are few, or even no, visits to a centralized clinical trial site required for participation. However, these types of trials present new challenges from a data security perspective. For example, when nurses travel to administer tests and collect data at trial participants’ homes, there is a greater chance that laptops or other mobile devices containing valuable intellectual property and personal data could be lost, stolen, or compromised. This is one of the most common yet overlooked ways data breaches occur. Trial sponsors must take extra steps to ensure that data stored and transmitted using these devices is secured safely through multi-factor authentication and self-locking computer screens, as well as by leveraging cloud-storage providers with robust cybersecurity infrastructures and appropriate data localization procedures.
Navigating AI and Cybersecurity in Clinical Trials
While AI and advanced technologies offer massive opportunities for the pharma industry and clinical trial sponsors, they also come with inherent risks. To keep valuable intellectual property and participant data secure, it is critical to collaborate with experts who can provide guidance on how to use AI effectively while protecting data. This has become one of the most important ways life sciences companies can preserve the value of their commercial development program in the eyes of investors.
At Buchanan, our life sciences and cybersecurity teams are on top of the ever-evolving landscape of AI and data security. We are ready to help your company embrace innovation and stay compliant with all regulatory requirements, all while making sure your data and intellectual property are protected and secure.