Health Canada PRCI & EMA Policy 070. The shift toward Quantitative Risk Assessment.

Significance of data anonymization

In the healthcare domain, regulatory authorities promote clinical trial transparency by providing reporting guidelines. These guidelines and regulations require patient privacy to be protected, and therefore, describe strict expectations related to data anonymization. Anonymization is a process conducted to remove personally identifiable information (PII) such as name, social security number, and also quasi-identifiable information (age, gender). After data anonymization, data can be used for research analysis and further improvement of patient care.    

Qualitative redaction approaches  

To protect patient privacy, at present, a popular qualitative method employed is redaction. In redaction, patient data is completely blocked out by overlaying it with opaque boxes. Redaction does not require any specialized equipment or other significant resources and hence has been a long-standing industry practice. But this practice brings a couple of unintended consequences - its qualitative nature and all usefulness of the information is removed. Both these consequences have prompted regulatory authorities to encourage alternate methods. Health Canada & the European Medicines Agency (EMA) encourage data sharing within institutes and also encourages making it available for secondary researchers. Too much qualitative redaction reduces data utility and now that alternative solutions (i.e., quantitative risk assessments) are becoming more commonplace, these newer techniques that offer greater data utility while protecting patient privacy should be favored.   

Quantitative approaches in data anonymization for Health Canada PRCI.

Regulatory authorities such as Health Canada, and EMA are encouraging data anonymization, instead of redaction.

While the EMA’s process regarding the publication of clinical data (Policy 0070 ) was suspended in December 2018 (the one exception later being all medicines related to COVID-19), the date of applicability for the EMA’s Clinical Trials Regulation (CTR536) has been fixed as 31 January 2022. The EMA is requesting anonymization reports from the applicants where companies are expected to describe their anonymization method and how it affects data utility.

Health Canada is in favor of a quantitative approach- i.e. using statistical anonymization methodology. Using an anonymization approach, some data that previously would be redacted are instead transformed using techniques such as pseudonymization, date shifting, and generalizations. Currently, Health Canada is scrutinizing and labeling more and more submissions as non-compliant that take a qualitative redaction approach. It has asked sponsors to provide justification of redactions and also requested to submit an annotated or readable version. Some sponsors have received notices regarding non-conformance to Health Canada guidance when entire sections were redacted. Health Canada clearly states that it may reject proposed redactions “when the proposed redaction pertains to information already in the public domain”. 

As sponsors adopt anonymization approaches, they need to comply with guidelines provided by Health Canada. Anonymizing variables would make re-identification of participants difficult and Health Canada has suggested a statistical threshold of 0.09, an extremely low level of risk. Anonymization, therefore, requires expertise in data science and technology for its implementation. Furthermore, as compared to structured data, anonymizing unstructured data such as clinical study reports poses unique challenges and high-level expertise becomes necessary. Additionally, keeping up with the evolving landscape of regulations is difficult for smaller companies. These considerations complicate data anonymization processes for the sponsors. Pharmaceutical companies and clinical research organizations (CROs) are looking for efficient, accurate, and reliable technology solutions to meet new regulatory standards of anonymization.   

RLS Protect: a solution to data anonymization challenges

Data anonymization challenges can be overwhelming to sponsors and CROs in this changing environment. RLS Protect offers data anonymization and risk assessment services to fulfill regulatory requirements and voluntary sharing initiatives. Broadly speaking, using RLS Protect platform data anonymization can be achieved in three distinct steps: project initiation, risk modeling, and anonymization. During project initiation, initial data is reviewed and variables to be anonymized are determined. Next risk modeling, transformation rules are discussed with clients, and transformation rules are applied. Lastly, during the anonymization step, automated search and redacting are done. For ensuring the process has achieved its goals, various reports are generated in addition to manual quality control. Equipped with a powerful platform RLS Protect, our team of data scientists has the depth of expertise in quantitative risk modeling / high scale automated anonymization of PDFs. RLS Protect is well-suited for most healthcare organizations and their patient data.

The “What” and “Why” of Health Data Anonymization and how Pharmaceutical Sponsors and Contract Research Organizations need to prepare

Do we really need to share health data?  The answer, when discussed across health care organizations varies. However, regardless of varying opinions, global health regulators and leading pharmaceutical companies overwhelmingly agree the answer is yes. From a research perspective, most would agree the sharing of trial results and real world data contributes to broader use cases, secondary research, more informed principal investigators, a more informed patient population and more. Ultimately, this benefits the greater good.  Many pharmaceutical organizations believe in trial transparency and data sharing and have implemented policies to support it, while others think it’s a good idea but have not made it an organizational priority. Most, however, struggle to implement scalable systems and processes to effectively support it - even when there is broad organizational and strategic buy in.

Anonymizing health data – also known as data anonymization or de-identification puts patient privacy first while striving to retain as much data usefulness as possible.  This data usefulness is also known as data utility.  

Health data anonymization is undertaken to share data for a secondary audience such as other institutions, research organizations, or individuals that have a use for data that was originally collected by other researchers.  Data sharing enables health and life sciences research to progress at a faster rate. 

For example, a Pharmaceutical Sponsor specializes in drug development for a rare disease area and has conducted several clinical trials, some with successful outcomes while others failed.  Meanwhile, a leading researcher at a University is undertaking new research to further understand the same rare disease.  The researcher at the University would gain significant insights from the Pharmaceutical sponsor’s research outcomes saving potentially months or years of time and costly effort.  According to industry advocates and government regulators, as long as patient identifiable information collected from the trials conducted by the Pharmaceutical Sponsor remain anonymous, that trial data can be shared and utilized.

How is Data Anonymized to Protect the Patient?

Historically, personal and patient data was redacted and only the remaining information was shared. This significantly minimized the potential for reusable information in a research setting.  New technologies have evolved – methodologies that protect patient privacy while providing researchers with usable information that retains the integrity of the information for research purposes.  It’s like crowdsourcing data so research can be taken in a multitude of directions, though individual privacy remains paramount.  Consider the following:

Screenshot (781).png

The limited information that is retained is not useful for a researcher. However, we have achieved the primary goal of patient privacy by redacting any health information that could be tied back to a specific individual. 

Health data anonymization has evolved by utilizing quantitative risk analysis to determine which data can be retained, anonymized or redacted. Think of this as a statistical analysis of health data to determine how to transform (anonymize) the data in a way that retains its validity for research while protecting the specific attributes/identity of an individual. 

Screenshot (783).png

Unlike the redaction example, the integrity and utility of the information is retained and can be used by a researcher to advance her own research.

Anonymization algorithms can apply to research documents and datasets such as trial results or real world data.  Patient records and patient narratives are often referenced in document form whereas clinical trial data are often in quantitative tabular formats.

How Anonymous is Sufficiently Anonymous? How Much Anonymization is Enough?

In practice, global regulatory agencies such as Health Canada, EMA and the FDA do not require 100% anonymity all of the time. But anonymity must meet an acceptable level as defined by each regulatory body. As discussed above, to make data sharing valuable the data must retain some meaning, or utility. Regulators measure the risk of data anonymization failure in terms of re-identification of the subject. Meaning, how likely is it that a trial participant or patient can be identified from the shared information.  If it were completely impossible to identify trial participants from shared health data, the statistical probability of re-identification would be close to 0%. An example of this is the redacted statement above. However, regulators understand that if the probability of re-identification is 0%, then data utility is also at 0% and is of little use to researchers. At that point, why share it?

Global health regulators are willing to accept some risk of re-identification to maintain adequate levels of data utility.  For data to be shared across health organizations or individuals, the risk of patient or trial participant reidentification has to fall below certain statistical risk thresholds. These risk thresholds vary from case to case depending on the particulars of the dataset or trial. For example, rare disease areas with small patient populations pose additional complexity to protect patient identity.

Health data anonymization requirements imposed by regulators have progressed significantly the last five years. The competing needs for data sharing and maintaining patient privacy are both growing at rapid rates.  As technology evolves to help manage the risk side of the equation, so must the processes, tools and organizational readiness of Pharmaceutical Sponsors and Contract Research Organizations (CROs) for managing the process.  All of these considerations are built on the foundation that it makes and there are distinct advantages to sharing health data. The recent global pandemic underlines the need for accelerated timelines in developing therapeutics, which can be achieved by sharing data. However, sharing data should not be at the cost of personal privacy.

Real Life Sciences, LLC works with clinical trial managers, R&D teams and researchers to provide the following services:  Clinical Trial Redaction and Anonymization of data and documents, Qualitative and Quantitative Risk Assessments. Process and Workflow Automation, Expert Regulatory Knowledge, Strategy and Process Consulting.

Contact Real Life Sciences at:

Recent Global Regulatory Trends in Health Data Sharing and Data Anonymization

Our industry is at an interesting crossroads.  On one hand, pressure to share clinical and real world data is increasing.  The necessity for global data sharing has been magnified by the pandemic.  Ambitions to accelerate research and the race for vaccines have been heightened by intense societal and economic need. This acceleration is taking place inline with significant technology development that has made it possible to access, process and share sensitive personal data in ways we have never contemplated.

This has given rise to two competing demands. First, the need to share health data with others as a means to accelerate research. Second, the need to protect personal health data and patient identity. Health regulators around the globe are instituting new policies to address both.

Along with these evolving needs, technology that enables the systematic assessment and transformation of health data as a means to best protect patient privacy is a critical consideration. Governmental health regulatory agencies, specifically Health Canada, EMA and the FDA are identifying, creating, and altering policy to address health data sharing expectations and acceptable disclosure risk thresholds. This includes patient and trial participant privacy considerations and the use of data anonymization (applying qualitative and quantitative risk assessments) as a viable solution to measure the likelihood of patient reidentification. Below is an overview of each regulatory branch and their current policy/position.

Health Canada PRCI (Public Release of Clinical Information):

Health Canada PRCI, enacted in 2019, is emerging as the front runner in public policy relating to data sharing and anonymization of clinical trial results.  The Health Canada PRCI guidance document specifically lays out its principles for protecting personal information, applying the “serious possibility” test to determine when information is about an identifiable individual.  The document goes on to state that clinical information must be adequately anonymized (vs. outright redacted) prior to public disclosure to avoid the possibility of re-identifying individual clinical trial participants.  Further, acceptable methods of data anonymization must be conducted on any potentially identifiable clinical data.  Health Canada PRCI goes on to delineate the following practices for data anonymization:  

EMA (European Medicines Agency) Policy 70

EMA Policy 70 sets guidelines for Pharmaceutical Sponsors for publishing clinical data to enable public scrutiny of trial conduct and outcomes and to advance the application of new knowledge to future/secondary research purposes.  While stating that the protection of personal data is paramount, EMA Policy 70 lays out its vision for clinical trial transparency as follows:   

A high degree of transparency will take regulatory decision-making one step closer to EU citizens and promote better-informed use of medicines. In addition, the Agency takes the view that access to clinical data will benefit public health in future. The policy has the potential to make medicine development more efficient by establishing a level playing field that allows all medicine developers to learn from past successes and failures. Furthermore, it will enable the wider scientific community to make use of detailed clinical data to develop new knowledge in the interest of public health. Access to clinical data will allow third parties to verify the original analysis and conclusions, to conduct further analyses, and to examine the regulatory authority's positions and challenge them where appropriate. . 1

EMA Policy 70 focuses its evaluation of effective anonymization based on the following criteria:

  1. Possibility to single out an individual
  2. Possibility to link records relating to an individual
  3. Whether information can be inferred concerning an individual.

An anonymization solution preventing all three of the above criteria is considered robust and therefore sufficiently anonymous according to the EMA.

FDA (Food and Drug Administration) Transparency Statement

The FDA appears to be watching the global trends. While it has no official policy, in its latest statement on clinical trial transparency, it states:

To realize the benefits and opportunities provided by a more transparent drug approval process, we must first identify, and address, some of the challenges facing the global drug development community. The FDA is committed to improving collaboration efforts with drug-approving regulatory agencies in other countries, and to increasing transparency related to the scientific basis for drug approval decisions. The FDA is working on multiple fronts to support these efforts and apply best practices.2

It stands to reason that as Health Canada PRCI and EMA Policy 70 advances, it may only be a matter of time until the FDA releases a more robust and up-to-date set of policies and guidelines with respect to clinical trial data and document disclosure. In the meantime, many global pharmaceutical sponsors are taking the “lowest common denominator” approach - meaning, they will combine the most stringent policies and guidelines and apply them in practice at a global level.


  1. Health Canada PRCI Guidance Document
  2. FDA Continues to Support Transparency and Collaboration in Drug Approval Process as the Clinical Data Summary Pilot Concludes

Real Life Sciences, LLC works with clinical trial managers, R&D teams, investigators and researchers to provide the following services:  Automated redaction and anonymization of clinical and real-world data and documents and qualitative and quantitative risk assessments process and workflow automation, expert regulatory knowledge and strategy and process consulting.

Contact Real Life Sciences at:

Applying Key Learnings From Health Canada PRCI to EMA’s Regulation EU CTR No. 536 and Policy 0070

We often receive questions from sponsors about Regulation EU No. 536 which is expected to take effect later in 2021. Common questions include, “What is included in the rollout?” “What is the scope of documents and data anonymization for EMA Reg 536?” “Will EMA Policy 0070 be superseded?” “What are the timelines?” “How do we prepare?”

EMA is completing testing and moving toward its launch of the CTIS (Clinical Trials Information System) in December 2021, thus triggering the requirement to comply with EU CTR (Clinical Trial Regulation) 536. There are key learnings from Health Canada PRCI that can be applied to help Sponsors prepare.

When Health Canada (HC) released PRCI in March 2019 a stronger emphasis on utilizing a risk-based anonymization process for clinical study reports effectively began. Some suggest that Health Canada’s launch of PRCI (Public Release of Clinical Information) placed HC ahead of the EMA in prioritizing quantitative anonymization standards that reached beyond a redaction only approach. In addition, HC was enforcing a phased rollout of the policy to which Sponsors were expected to comply.  

Health Canada PRCI and EMA Policy 70 in effect, allowed sponsors to prep for EMA Reg 536.  By establishing a base of best practices within efficient document and risk-based data anonymization processes, Sponsors are well suited to adapt to EMA Reg 536. This set of practices includes establishing internal processes, roles and responsibilities and adopting technology to aid in analysis and processing of the applicable data and documents.

It is also recognized that  Health Canada PRCI expectations continue to evolve.  It is not out of the realm of possibility to see Health Canada continue on its current trajectory and greatly reduce redaction as a methodology in most instances and place its full weight behind risk based anonymization techniques.  Would EMA then follow?

In working with a large and small sponsors and a wide range of therapeutic areas and study characteristics, one takeaway is apparent: taking the key learnings from HC PRCI and creating a tactical, actionable framework will position trial transparency teams ahead of the curve in terms of meeting a wider range of global regulatory policies.  For any organization to be successful, standardization is key.

The disclosure requirements  expected  by EMA Reg 536 can be effectively managed by utilizing data/document anonymization templates and standardized processes that have been assembled through experience with HC submissions and known regulator preferences.  Road tested anonymization techniques, multiple instances of successful pre-PIM preparation, approved report templates as well as extensive trial variable prioritization all provide a solid framework for EMA Reg 536 application and resumption of Policy 0070 activity.

We believe Health Canada PRCI, now in its second year, will continue to push clinical trial transparency further by seeking an increase in the number of submissions that employ risk based assessment techniques. More and more, we see notices on Health Canada’s clinical information database for recent decisions that underline HC’s emphasis on quantitative data transformation approaches. The notices begin:

“This clinical information package includes extensive redactions to the patient information and/or data listed below. These specific redactions do not conform to Health Canada guidance, which encourages manufacturers to retain the analytical value of information by using other transformation methods (e.g., generalization or randomization), and to apply these methods to specific information that risks reidentifying an individual rather than to redact broad sections of information.”

Based on the increased frequency of these Health Canada notices we can see a pattern emerge toward an increase in preference for risk-based data anonymization techniques.  We have seen this pattern quite clearly in our interactions with Health Canada on behalf of our Sponsor organizations.

Initially, the emphasis for the EMA will be to roll out the CTIS, ensure functionality beyond beta and activate EMA Reg 536.  It is then a conservative assumption, that as Policy 0070 activities resume it will be modified to follow the evolution of HC PRCI with   implementation of quantitative risk based practices.  Whether Policy 0070 is updated or rolled into the expanded scope of EMA Reg 536 the principles remain the same.

Based on what we have learned from Health Canada PRCI from processing multiple submission packages, undoubtedly there is a standard approach Sponsors can achieve that will result in successful submissions to both Health Canada PRCI and EMA Reg 536/Policy 0070 and its probable evolution. Note that Health Canada will already accept an approved EMA submission with reciprocity. More importantly Sponsors which choose to build a framework based on HC PRCI learnings and instituting repeatable automated processes stand to win. 

The Upcoming Clinical Trial Regulation and EMA Policy 0070 Restart? Are You Ready?

The conduct of clinical trials in the EU is expected to change greatly once the Clinical Trial Regulation 536/2014 comes into application[1]. To support the implementation of this regulation, the Clinical Trials Information System (CTIS), containing a centralized portal and database, is now expected to go live on 31 January 2022. In preparation of this launch, training material is available on the EMA website, with additional modules planned for release throughout 2021.

Publication of clinical data under EMA Policy 0070 has been suspended since December 2018 (with the exception of documents related to COVID-19 treatments and vaccines) due to the ongoing implementation of EMA’s business continuity plan as well as the impact of COVID-19[2]. In early 2020, EMA invited interested parties to submit suggestions for how to restart this policy. Although no priority order for disclosure or timelines for this restart have yet been shared, many expect it to occur in the coming months, perhaps coinciding with the Clinical Trial Regulation coming into application.

With the CTR and Policy 0070 both possibly active soon, it is a busy time for sponsors. Questions to consider could include:

So, how to proceed?  Most sponsor organizations partnering with Real Life Sciences are taking a proactive approach. The general feeling is that there will be a flurry of activity as the go-live date of the CTIS approaches and as more information becomes available for a Policy 0070 restart. Regardless of approach, now more than ever, sponsor organizations require agility.

One factor repeatedly seen as a technology partner, is the rapid response time required as it becomes clear how quickly sponsors need to deliver once they are called upon by regulators to publish clinical trial documents. The fast-moving, deadline-oriented environment that exists once EMA or Health Canada requests trial data requires experience, agility, and a road-tested process.

As Policy 0070 and the Clinical Trial Regulation move back to the fore in the coming months, streamlined internal processes and the ability to handle backlogs will be required. By the end of 2022, it is hoped that the pace of submissions will become more fully understood. In the meantime, proactive preparation for an interesting start to 2022 may be prudent.