Security Magazine: Safely unlocking the value of clinical data

By Chris Hansen | July 6, 2023

Clinical trials undoubtedly continue to be essential to advancements in medicine; however, clinical trials often face challenges in participation. There are a myriad of hurdles to patient enrollment, and security is very much one of them. Before outlining these concerns, let’s zoom out and discuss why some of the broad challenges in unlocking the value of clinical data, and then address the role security plays in alleviating them.

A recent study found that around 20% of cancer clinical trials fail because of insufficient patient enrollment. Unlocking the value of real world data (RWD), or data extracted from sources such as patient medical records or health information, has emerged as another means of gaining insights from patient populations for the betterment of healthcare. In fact, the FDA has acknowledged the importance of the growth in RWD, which can ultimately support FDA regulatory decisions. Yet, many hospitals and health systems still have not adequately prioritized the management of its clinical data to better serve public health. So, what are the factors hindering hospital and health systems from sharing their clinical data to fulfill its potential?

According to one recent survey, concerns over the protection of patient data is an existing barrier to the sharing of RWD. In this survey of professionals holding managerial, executive, or other leadership roles at hospitals and health systems throughout the United States, 26% of respondents stated that protecting patient data was preventing their facility or health system from currently using and/or sharing real world data with other organizations. In addition, 31% of respondents cited concerns about protecting patient data when selecting the biggest barriers their facility or health system faced in its efforts to effectively use or share real world data in clinical research. These concerns are not unwarranted; the number of attacks on U.S. hospitals each year doubled between 2016 and 2021, according to the Journal of the American Medical Association. With these attacks only continuing to increase, patient data is especially at risk of exploitation and misuse. 

As clinical data becomes more vulnerable to cyberattacks while simultaneously gaining importance in the advancement of healthcare, hospitals must begin prioritizing updating and implementing data security strategies. Common security measures that can improve protection include encryption for healthcare data both at rest and in transit, backup mechanics and data recovery systems, and two-factor login authentication to ensure only users with permission can access private data. Replacing outdated IT infrastructure is also imperative to best protecting sensitive patient information. Lastly, healthcare executives should also choose partners that leverage protective measures to defend systems against cyberattacks through programs such as System and Organization Controls (SOC) and Health Information Trust Alliance (HITRUST). 

Another aspect of clinical data security is the concept of data de-identification, or the process of removing data elements in order to keep the patient’s personal information anonymous, but retaining his or her value for research. This enables hospitals, healthcare systems and/or researches to conduct queries around various categories like age, city and diagnosis, without revealing the individual’s specific birth date, address or healthcare issue. Patient de-identification facilitates comprehensive, informative clinical research without jeopardizing privacy. 

These steps and others are what enable secure, confidential data management by complying organizations. Without these measures, hospitals and health systems may continue to be at risk to malicious actors, further delaying the benefits of clinical data which in turn reduces the likelihood of positive patient outcomes.

Integrating modern IT infrastructure and adopting comprehensive security measures will only continue to become important as cyberattacks and malware become more threatening. The value of clinical data cannot be understated, and it is time that hospitals and health systems leverage their information to improve patient outcomes and inform medical innovation. By making key updates to security infrastructure and taking action, the healthcare industry as a whole can embrace a better future. 

Chris Hansen is the Head of Data Engineering at Q-Centrix.

Published in Security Magazine. See the full article here.