Disclosure Best Practices: Commercial Confidential/Business Information (CCI/CBI)
A significant portion of initial submissions result in rejection by regulators - CBI redaction content for initial submission packages. CCI/CBI continues to be a critical component to disclosure submissions with regulators, yet, the tendency to over redact remains. This webinar will review internal business considerations, the need for strong collaboration between Disclosure, Legal and Clinical teams and balancing the needs of regulators.
Anonymization Primer: Adversaries - The Risk of Re-Identification
Health Canada has updated several policies to encourage transparency and data sharing in clinical trials, which in turn, will encourage secondary analyses of data. Health Canada PRCI highly recommends quantitative de-identification instead of qualitative rule-based redactions of patient identifiers. While complying with quantitative de-identification requirements, sponsors also have to ensure that the risk of re-identification of patients is minimized and meets a statistical threshold.
Adversaries pose a threat to patient privacy as they may attempt to know more about patients. This is referred to as “Identity Disclosure.” There are other types of disclosures such as “Attribute Disclosure” risks. A qualified research investigator may come to know the attributes of a study participant with a high degree of certainty. For instance, if all individuals born in a specific year were given a screening test, then a research investigator may be able to identify study participants who may have taken the test based on their birth year. However, since regulatory authorities primarily focus on identity disclosures and the risk of re-identification, we will take a deep dive into the topic.
The term “adversary” is used to describe the person or persons trying to re-identify patients using their Personally Identifiable Information (PII) or Personal Health Information (PHI). ‘Intruders’ or ‘attackers’ are some other terms used to describe an adversary. Sometimes, these adversaries may not be external agents, a qualified investigator may also act as an adversary.
Types of Adversaries
Adversaries can be of various types based on their interest in data or their role in interacting with data. Adversaries can come in the form of competitive organizations, researchers at other universities, marketers, or even hackers who want to attack secure databases as an intellectual challenge. Some of these adversaries can have malicious intent which may result in accidentally exposing data on the internet.
Broadly speaking, most adversaries do not know who is in the dataset. However, some adversaries could be directly related to the dataset and may inadvertently, unintentionally re-identify patients. For instance, a researcher interested in a high-profile celebrity in the dataset. Although they may not intend harm, deliberate attempts in patient reidentification may happen. Adversaries may also include family members or employers who are too curious about patient/ disease status.
Potential for re-identification
Previously, sharing individual-level participant data (IPD) was considered a voluntary disclosure. Health Canada now requires IPD as a part of mandatory disclosures. Due to reidentification, a patient may experience discrimination or stigmatization. Adversaries such as insurance companies or lawyers may use the information for financial purposes. The IPD may include direct or indirect identifiers that need to be de-identified. Depending on the variables seen, the risk of re-identification may be high. For instance, with access to direct identifiers such as name, phone number, an adversary can easily identify individuals in the dataset.
Indirect or quasi-identifiers may also help an adversary to put together information and re-identify an individual. For instance, when multiple quasi-identifiers such as date of birth, sex, languages spoken, marital status, occupation are available, a participant can be reidentified. Hence, the decision about whether a variable is a direct identifier (or quasi identifier) is crucial. The most common method is to allow two or more experts to evaluate whether a variable is an identifier. Then a statistical test Cohen’s Kappa is used as a measure of agreement. If the value of the test is more than 0.8 then the experts have agreed that the variable is an identifier. For values lower than 0.8, additional experts are consulted to get a classification agreement. These direct or indirectly identifying variables need to be protected from adversaries. Quasi identifiers may also be more complex to anonymise in an unstructured/verbatim text context. The sponsor organizations need both a quantitative approach and a tool that can manage these complexities.
RLS Protect performs quantitative de-identification that meets statistical thresholds. This reduces the risk of patient re-identification significantly. RLS Protect takes into account various patient identifying variables and then replaces them with transformed variables that achieve regulatory risk thresholds while optimizing data utility and collaboration between organizations to ensure appropriateness of the data. This process is facilitated by AI/machine learning algorithms, resulting in efficiency and accuracy. Each clinical trial dataset has its unique anonymization challenges. Real Life Sciences develops advanced algorithms needed for solving complicated problems. Our expert team can show you how to meet regulator risk thresholds reliably and efficiently.
Anonymization Primer: Participant Privacy Risks
Medical researchers from pharmaceutical industries and academia are increasingly engaging in the secondary analysis of unstructured data or unstructured clinical documents obtained from clinical trials. However, there are practical challenges in data-sharing for re-analysis or secondary analysis. One of such challenges is the lack of transparency while sharing data at the patient level.
The lack of transparency while sharing patient data was for good reasons. Since health information is often associated with our most personal aspects (e.g. ability to work, dietary habits, sexual orientation, stigmatizing medical history etc), redacting certain variables allows patients to maintain their privacy. It aligns with principles such as respect for persons, justice, and non-maleficence. Additionally, it aligns with applicable legal requirements such as General Data Protection Regulation (GDPR).
As the regulatory authorities move away from qualitative redactions and require de-identification, it is worthwhile to discuss privacy, consequences of privacy breach, and the quantitative de-identification process.
Although there is no consensus about a specific definition of ‘privacy’, researchers view privacy as ‘the ability to control the collection, use, and disclosure of one’s personal information.’ Another definition of privacy states that privacy means ‘whether others can access one’s information, regardless of whether it is the individual who is in control of her information’. But in the context of this article, we use privacy in the context of whether others know information about a person and can draw various inferences from it.
A survey study revealed that when participants were asked if they were willing to have their records used for research, without their knowledge or permission, a majority clearly stated ‘no’. But when researchers mentioned the database would be anonymous for research or that access to the data would be under their control, a majority of patients now thought data-sharing was a good idea that helps advance science. Typically, the sponsor organizations engage in practices that respect the sentiments of the patients. For instance, the use of controlled platforms, data sharing agreements and third-party ethical oversight can reduce risks to individuals.
Consequences of privacy breach
Privacy breaches can have drastic negative effects and may harm patients if the information is used by individuals with malicious intent. Health information can be misused and that may affect a person’s ability to get a specific job or maintain their current job. Their ability to get insurance may be affected. But worst of all, they may experience social stigma if information related to their gender, race, ethnicity, or disability status is revealed to the general public. In extreme scenarios, patients’ ability to maintain autonomy over their lives may be affected. Researchers need to de-identify variables to prevent the harm it may lead to the patients. For sponsor organizations, privacy breaches may mean heavy legal penalties.
At present, Health Canada strongly recommends quantitative de-identification instead of qualitative rule based redactions. The regulations focus our attention on what is called the “Risk of Re-identification” or “ROR”– namely, that there can be negative repercussions if an adversary or intruder can determine, with absolute certainty or very confident, the identity of a patient in a clinical trial. ‘Adversaries' is a term used to describe people or entities that might try to identify research participants.
The Health Insurance Portability and Accountability Act (HIPAA) privacy rules list eighteen identifiers that require de-identification. Most other regulatory authorities have similar policies. These direct identifiers can be summarized as:
Location. Usually, the first three digits of a Zip Code can be shared in certain cases or the names of states can be shared.
Dates. Age brackets or year of an event can be shared but sharing specific dates such as birth date, date of death creates a risk of re-identification.
Contact information such as Telephone number, Fax number, Emails
Identifying numbers such as Social Security numbers, Medical record numbers, Health plan beneficiary numbers, Account numbers, Certificate/license numbers, Vehicle identifiers, and serial numbers, including license plate numbers, Device identifiers, and serial numbers.
Web identifiers such as Universal Resource Locators (URLs), Internet Protocol (IP) addresses.
Biometric identifiers e.g., finger and voice prints, full-face photographs, and any comparable images
Any other unique identifying number or patient characteristic is also covered under privacy acts by various regulatory authorities, including Health Canada. To de-identify personal information, data science experts can help in finding personal identifiers in structured or unstructured datasets.
While de-identifying these variables, sponsors need to meet statistical thresholds to mitigate the risk of re-identification. Researchers in the pharma industry need technology solutions to meet these regulatory requirements within a short timeframe.
Real Life Sciences has launched the RLS Protect platform that helps sponsors in de-identifying data and meeting statistical thresholds defined by Health Canada. The platform enables sponsors to share high-quality data that upholds principles of openness, transparency, and adds data utility, yet protects patients from the risk of re-identification. Since each clinical trial has its unique sets of variables and study designs, our team of expert data scientists works closely with sponsor teams to ensure optimal results. To learn more about RLS Protect and our data science services, contact us here.
Trial Disclosure: A Focus On Rare Diseases
Working with rare disease populations requires compliance strategies be thought through carefully in advance. Small populations, like those found in rare and ultra-rare disease populations can increase the likelihood of patient re-identification if advanced methods are not applied. This webinar session will focus on learnings and best practices to apply when working with rare disease trials and populations.
New Webinar. Featured in our (EU) 536/2014 Resource Center: Regulation (EU) 536/2014: Planning Your Process For Public Disclosure
Regulation (EU) 536/2014 is in effect as of January 31st, 2022. Based on our experience with EMA learn how to effectively plan your process in preparation for submitting to the CTIS. Gain understand surrounding the increased public disclosure requirements and how you can prepare.
On-Demand Webinar: Practical Strategies for Successfully Navigating Your Health Canada PRCI Regulatory Disclosure Projects
Get your organization ready for disclosure projects in 2022 as Health Canada expects quantitative methodologies in support of Clinical Trial Disclosure submissions. Quantitative modeling and justification is a clear expectation of Health Canada and a well planned and proactive approach will save you time and money.
This 45 minute Live webinar is free to attend and features Real Life Sciences CEO Elliot Zimmerman and Real Life Sciences Health Canada Liaison Ahmed Eldafrawy. You will learn what regulators expect from your submission projects and how to avoid surprises and delays.
Health Canada PRCI & EMA Policy 070. The shift toward Quantitative Risk Assessment.
Significance of data anonymization
In the healthcare domain, regulatory authorities promote clinical trial transparency by providing reporting guidelines. These guidelines and regulations require patient privacy to be protected, and therefore, describe strict expectations related to data anonymization. Anonymization is a process conducted to remove personally identifiable information (PII) such as name, social security number, and also quasi-identifiable information (age, gender). After data anonymization, data can be used for research analysis and further improvement of patient care.
Qualitative redaction approaches
To protect patient privacy, at present, a popular qualitative method employed is redaction. In redaction, patient data is completely blocked out by overlaying it with opaque boxes. Redaction does not require any specialized equipment or other significant resources and hence has been a long-standing industry practice. But this practice brings a couple of unintended consequences - its qualitative nature and all usefulness of the information is removed. Both these consequences have prompted regulatory authorities to encourage alternate methods. Health Canada & the European Medicines Agency (EMA) encourage data sharing within institutes and also encourages making it available for secondary researchers. Too much qualitative redaction reduces data utility and now that alternative solutions (i.e., quantitative risk assessments) are becoming more commonplace, these newer techniques that offer greater data utility while protecting patient privacy should be favored.
Quantitative approaches in data anonymization for Health Canada PRCI.
Regulatory authorities such as Health Canada, and EMA are encouraging data anonymization, instead of redaction.
While the EMA’s process regarding the publication of clinical data (Policy 0070 ) was suspended in December 2018 (the one exception later being all medicines related to COVID-19), the date of applicability for the EMA’s Clinical Trials Regulation (CTR536) has been fixed as 31 January 2022. The EMA is requesting anonymization reports from the applicants where companies are expected to describe their anonymization method and how it affects data utility.
Health Canada is in favor of a quantitative approach- i.e. using statistical anonymization methodology. Using an anonymization approach, some data that previously would be redacted are instead transformed using techniques such as pseudonymization, date shifting, and generalizations. Currently, Health Canada is scrutinizing and labeling more and more submissions as non-compliant that take a qualitative redaction approach. It has asked sponsors to provide justification of redactions and also requested to submit an annotated or readable version. Some sponsors have received notices regarding non-conformance to Health Canada guidance when entire sections were redacted. Health Canada clearly states that it may reject proposed redactions “when the proposed redaction pertains to information already in the public domain”.
As sponsors adopt anonymization approaches, they need to comply with guidelines provided by Health Canada. Anonymizing variables would make re-identification of participants difficult and Health Canada has suggested a statistical threshold of 0.09, an extremely low level of risk. Anonymization, therefore, requires expertise in data science and technology for its implementation. Furthermore, as compared to structured data, anonymizing unstructured data such as clinical study reports poses unique challenges and high-level expertise becomes necessary. Additionally, keeping up with the evolving landscape of regulations is difficult for smaller companies. These considerations complicate data anonymization processes for the sponsors. Pharmaceutical companies and clinical research organizations (CROs) are looking for efficient, accurate, and reliable technology solutions to meet new regulatory standards of anonymization.
RLS Protect: a solution to data anonymization challenges
Data anonymization challenges can be overwhelming to sponsors and CROs in this changing environment. RLS Protect offers data anonymization and risk assessment services to fulfill regulatory requirements and voluntary sharing initiatives. Broadly speaking, using RLS Protect platform data anonymization can be achieved in three distinct steps: project initiation, risk modeling, and anonymization. During project initiation, initial data is reviewed and variables to be anonymized are determined. Next risk modeling, transformation rules are discussed with clients, and transformation rules are applied. Lastly, during the anonymization step, automated search and redacting are done. For ensuring the process has achieved its goals, various reports are generated in addition to manual quality control. Equipped with a powerful platform RLS Protect, our team of data scientists has the depth of expertise in quantitative risk modeling / high scale automated anonymization of PDFs. RLS Protect is well-suited for most healthcare organizations and their patient data.
The “What” and “Why” of Health Data Anonymization and how Pharmaceutical Sponsors and Contract Research Organizations need to prepare
Do we really need to share health data? The answer, when discussed across health care organizations varies. However, regardless of varying opinions, global health regulators and leading pharmaceutical companies overwhelmingly agree the answer is yes. From a research perspective, most would agree the sharing of trial results and real world data contributes to broader use cases, secondary research, more informed principal investigators, a more informed patient population and more. Ultimately, this benefits the greater good. Many pharmaceutical organizations believe in trial transparency and data sharing and have implemented policies to support it, while others think it’s a good idea but have not made it an organizational priority. Most, however, struggle to implement scalable systems and processes to effectively support it - even when there is broad organizational and strategic buy in.
Anonymizing health data – also known as data anonymization or de-identification puts patient privacy first while striving to retain as much data usefulness as possible. This data usefulness is also known as data utility.
Health data anonymization is undertaken to share data for a secondary audience such as other institutions, research organizations, or individuals that have a use for data that was originally collected by other researchers. Data sharing enables health and life sciences research to progress at a faster rate.
For example, a Pharmaceutical Sponsor specializes in drug development for a rare disease area and has conducted several clinical trials, some with successful outcomes while others failed. Meanwhile, a leading researcher at a University is undertaking new research to further understand the same rare disease. The researcher at the University would gain significant insights from the Pharmaceutical sponsor’s research outcomes saving potentially months or years of time and costly effort. According to industry advocates and government regulators, as long as patient identifiable information collected from the trials conducted by the Pharmaceutical Sponsor remain anonymous, that trial data can be shared and utilized.
How is Data Anonymized to Protect the Patient?
Historically, personal and patient data was redacted and only the remaining information was shared. This significantly minimized the potential for reusable information in a research setting. New technologies have evolved – methodologies that protect patient privacy while providing researchers with usable information that retains the integrity of the information for research purposes. It’s like crowdsourcing data so research can be taken in a multitude of directions, though individual privacy remains paramount. Consider the following:
The limited information that is retained is not useful for a researcher. However, we have achieved the primary goal of patient privacy by redacting any health information that could be tied back to a specific individual.
Health data anonymization has evolved by utilizing quantitative risk analysis to determine which data can be retained, anonymized or redacted. Think of this as a statistical analysis of health data to determine how to transform (anonymize) the data in a way that retains its validity for research while protecting the specific attributes/identity of an individual.
Unlike the redaction example, the integrity and utility of the information is retained and can be used by a researcher to advance her own research.
Anonymization algorithms can apply to research documents and datasets such as trial results or real world data. Patient records and patient narratives are often referenced in document form whereas clinical trial data are often in quantitative tabular formats.
How Anonymous is Sufficiently Anonymous? How Much Anonymization is Enough?
In practice, global regulatory agencies such as Health Canada, EMA and the FDA do not require 100% anonymity all of the time. But anonymity must meet an acceptable level as defined by each regulatory body. As discussed above, to make data sharing valuable the data must retain some meaning, or utility. Regulators measure the risk of data anonymization failure in terms of re-identification of the subject. Meaning, how likely is it that a trial participant or patient can be identified from the shared information. If it were completely impossible to identify trial participants from shared health data, the statistical probability of re-identification would be close to 0%. An example of this is the redacted statement above. However, regulators understand that if the probability of re-identification is 0%, then data utility is also at 0% and is of little use to researchers. At that point, why share it?
Global health regulators are willing to accept some risk of re-identification to maintain adequate levels of data utility. For data to be shared across health organizations or individuals, the risk of patient or trial participant reidentification has to fall below certain statistical risk thresholds. These risk thresholds vary from case to case depending on the particulars of the dataset or trial. For example, rare disease areas with small patient populations pose additional complexity to protect patient identity.
Health data anonymization requirements imposed by regulators have progressed significantly the last five years. The competing needs for data sharing and maintaining patient privacy are both growing at rapid rates. As technology evolves to help manage the risk side of the equation, so must the processes, tools and organizational readiness of Pharmaceutical Sponsors and Contract Research Organizations (CROs) for managing the process. All of these considerations are built on the foundation that it makes and there are distinct advantages to sharing health data. The recent global pandemic underlines the need for accelerated timelines in developing therapeutics, which can be achieved by sharing data. However, sharing data should not be at the cost of personal privacy.
Real Life Sciences, LLC works with clinical trial managers, R&D teams and researchers to provide the following services: Clinical Trial Redaction and Anonymization of data and documents, Qualitative and Quantitative Risk Assessments. Process and Workflow Automation, Expert Regulatory Knowledge, Strategy and Process Consulting.
Recent Global Regulatory Trends in Health Data Sharing and Data Anonymization
Our industry is at an interesting crossroads. On one hand, pressure to share clinical and real world data is increasing. The necessity for global data sharing has been magnified by the pandemic. Ambitions to accelerate research and the race for vaccines have been heightened by intense societal and economic need. This acceleration is taking place inline with significant technology development that has made it possible to access, process and share sensitive personal data in ways we have never contemplated.
This has given rise to two competing demands. First, the need to share health data with others as a means to accelerate research. Second, the need to protect personal health data and patient identity. Health regulators around the globe are instituting new policies to address both.
Along with these evolving needs, technology that enables the systematic assessment and transformation of health data as a means to best protect patient privacy is a critical consideration. Governmental health regulatory agencies, specifically Health Canada, EMA and the FDA are identifying, creating, and altering policy to address health data sharing expectations and acceptable disclosure risk thresholds. This includes patient and trial participant privacy considerations and the use of data anonymization (applying qualitative and quantitative risk assessments) as a viable solution to measure the likelihood of patient reidentification. Below is an overview of each regulatory branch and their current policy/position.
Health Canada PRCI, enacted in 2019, is emerging as the front runner in public policy relating to data sharing and anonymization of clinical trial results. The Health Canada PRCI guidance document specifically lays out its principles for protecting personal information, applying the “serious possibility” test to determine when information is about an identifiable individual. The document goes on to state that clinical information must be adequately anonymized (vs. outright redacted) prior to public disclosure to avoid the possibility of re-identifying individual clinical trial participants. Further, acceptable methods of data anonymization must be conducted on any potentially identifiable clinical data. Health Canada PRCI goes on to delineate the following practices for data anonymization:
All transformation of data should be conducted for the sole purpose of preventing the disclosure of personal information.
All data transformations should be accompanied by robust justification, and be applied to limited variables that risk re-identification, not to broad sections of clinical information; and
Data transformation should favor methods that retain analytical value, e.g. generalization, randomization and offsetting, as opposed to redaction.
EMA Policy 70 sets guidelines for Pharmaceutical Sponsors for publishing clinical data to enable public scrutiny of trial conduct and outcomes and to advance the application of new knowledge to future/secondary research purposes. While stating that the protection of personal data is paramount, EMA Policy 70 lays out its vision for clinical trial transparency as follows:
A high degree of transparency will take regulatory decision-making one step closer to EU citizens and promote better-informed use of medicines. In addition, the Agency takes the view that access to clinical data will benefit public health in future. The policy has the potential to make medicine development more efficient by establishing a level playing field that allows all medicine developers to learn from past successes and failures. Furthermore, it will enable the wider scientific community to make use of detailed clinical data to develop new knowledge in the interest of public health. Access to clinical data will allow third parties to verify the original analysis and conclusions, to conduct further analyses, and to examine the regulatory authority's positions and challenge them where appropriate. . 1
EMA Policy 70 focuses its evaluation of effective anonymization based on the following criteria:
Possibility to single out an individual
Possibility to link records relating to an individual
Whether information can be inferred concerning an individual.
An anonymization solution preventing all three of the above criteria is considered robust and therefore sufficiently anonymous according to the EMA.
FDA (Food and Drug Administration) Transparency Statement
The FDA appears to be watching the global trends. While it has no official policy, in its latest statement on clinical trial transparency, it states:
To realize the benefits and opportunities provided by a more transparent drug approval process, we must first identify, and address, some of the challenges facing the global drug development community. The FDA is committed to improving collaboration efforts with drug-approving regulatory agencies in other countries, and to increasing transparency related to the scientific basis for drug approval decisions. The FDA is working on multiple fronts to support these efforts and apply best practices.2
It stands to reason that as Health Canada PRCI and EMA Policy 70 advances, it may only be a matter of time until the FDA releases a more robust and up-to-date set of policies and guidelines with respect to clinical trial data and document disclosure. In the meantime, many global pharmaceutical sponsors are taking the “lowest common denominator” approach - meaning, they will combine the most stringent policies and guidelines and apply them in practice at a global level.
Real Life Sciences, LLC works with clinical trial managers, R&D teams, investigators and researchers to provide the following services: Automated redaction and anonymization of clinical and real-world data and documents and qualitative and quantitative risk assessments process and workflow automation, expert regulatory knowledge and strategy and process consulting.
Applying Key Learnings From Health Canada PRCI to EMA’s Regulation EU CTR No. 536 and Policy 0070
We often receive questions from sponsors about Regulation EU No. 536 which is expected to take effect later in 2021. Common questions include, “What is included in the rollout?” “What is the scope of documents and data anonymization for EMA Reg 536?” “Will EMA Policy 0070 be superseded?” “What are the timelines?” “How do we prepare?”
EMA is completing testing and moving toward its launch of the CTIS (Clinical Trials Information System) in December 2021, thus triggering the requirement to comply with EU CTR (Clinical Trial Regulation) 536. There are key learnings from Health Canada PRCI that can be applied to help Sponsors prepare.
When Health Canada (HC) released PRCI in March 2019 a stronger emphasis on utilizing a risk-based anonymization process for clinical study reports effectively began. Some suggest that Health Canada’s launch of PRCI (Public Release of Clinical Information) placed HC ahead of the EMA in prioritizing quantitative anonymization standards that reached beyond a redaction only approach. In addition, HC was enforcing a phased rollout of the policy to which Sponsors were expected to comply.
Health Canada PRCI and EMA Policy 70 in effect, allowed sponsors to prep for EMA Reg 536. By establishing a base of best practices within efficient document and risk-based data anonymization processes, Sponsors are well suited to adapt to EMA Reg 536. This set of practices includes establishing internal processes, roles and responsibilities and adopting technology to aid in analysis and processing of the applicable data and documents.
It is also recognized that Health Canada PRCI expectations continue to evolve. It is not out of the realm of possibility to see Health Canada continue on its current trajectory and greatly reduce redaction as a methodology in most instances and place its full weight behind risk based anonymization techniques. Would EMA then follow?
In working with a large and small sponsors and a wide range of therapeutic areas and study characteristics, one takeaway is apparent: taking the key learnings from HC PRCI and creating a tactical, actionable framework will position trial transparency teams ahead of the curve in terms of meeting a wider range of global regulatory policies. For any organization to be successful, standardization is key.
The disclosure requirements expected by EMA Reg 536 can be effectively managed by utilizing data/document anonymization templates and standardized processes that have been assembled through experience with HC submissions and known regulator preferences. Road tested anonymization techniques, multiple instances of successful pre-PIM preparation, approved report templates as well as extensive trial variable prioritization all provide a solid framework for EMA Reg 536 application and resumption of Policy 0070 activity.
We believe Health Canada PRCI, now in its second year, will continue to push clinical trial transparency further by seeking an increase in the number of submissions that employ risk based assessment techniques. More and more, we see notices on Health Canada’s clinical information database for recent decisions that underline HC’s emphasis on quantitative data transformation approaches. The notices begin:
“This clinical information package includes extensive redactions to the patient information and/or data listed below. These specific redactions do not conform to Health Canada guidance, which encourages manufacturers to retain the analytical value of information by using other transformation methods (e.g., generalization or randomization), and to apply these methods to specific information that risks reidentifying an individual rather than to redact broad sections of information.”
Based on the increased frequency of these Health Canada notices we can see a pattern emerge toward an increase in preference for risk-based data anonymization techniques. We have seen this pattern quite clearly in our interactions with Health Canada on behalf of our Sponsor organizations.
Initially, the emphasis for the EMA will be to roll out the CTIS, ensure functionality beyond beta and activate EMA Reg 536. It is then a conservative assumption, that as Policy 0070 activities resume it will be modified to follow the evolution of HC PRCI with implementation of quantitative risk based practices. Whether Policy 0070 is updated or rolled into the expanded scope of EMA Reg 536 the principles remain the same.
Based on what we have learned from Health Canada PRCI from processing multiple submission packages, undoubtedly there is a standard approach Sponsors can achieve that will result in successful submissions to both Health Canada PRCI and EMA Reg 536/Policy 0070 and its probable evolution. Note that Health Canada will already accept an approved EMA submission with reciprocity. More importantly Sponsors which choose to build a framework based on HC PRCI learnings and instituting repeatable automated processes stand to win.