The proliferation of health data in our ever more digitalised world of health care creates opportunities for better research around – and delivery of – pharmaceutical innovation. However, these opportunities may be constrained around the legal barriers to the use of health data for these purposes, which are poorly understood, particularly in relation to the new General Data Protection Regulation (GDPR).

The European Federation of Pharmaceutical Industries and Associations (EFPIA) summarises research evaluating the main legal barriers to the better use of health data for pharmaceutical innovation.

Six specific problems

The report took into consideration six specific problems that impact on the possibility of collecting, accessing and using data for research purposes in the pharmaceutical field, for which the main barriers that currently limit its potential have been identified.

     1. Epidemiology and pharmacoepidemiology: identifying unmet need
     2. Pharmacogenetics: targeting development
     3. Interventional studies
     4. Non-interventional studies
     5. Pharmacovigilance
     6. Managed entry agreements

Legal barriers

The report was commented on the Efpia blog by Amanda Cole, one of the authors of the report. The legal barriers that arise in the utilisation of data by pharmaceutical companies vary across a product’s lifecycle. However, the main issues can be described under eight main themes.

     1. Data subject rights are not absolute and may be more limited within the context of health research due to the scientific or public interest merits of the data use, along with the high level of safeguards in place to protect data.
     2. Data ceases to be personal once anonymisation has been achieved, in which case it does not fall under data protection legislation. Where anonymisation is not possible, processors must have a legal basis for processing data.
     3. One such basis is (informed) consent. However, a key challenge is in constructing consent that is broad enough to permit later research, but specific enough to meet legal standards, particularly within the heightened requirements of the GDPR. We argue that these requirements are not usually compatible with medical research, and whilst consent is critical for other reasons, it should not usually be the legal basis for data processing.
     4. However, as outlined already, uncertainty around the appropriate legal basis for processing data under the GDPR is currently a major issue for industry.
     5. There is a need for a shared and consistent understanding of the compatibility of primary and secondary (re-)use of data.
     6. This addresses the heterogeneity both within and between countries that arises from divergent interpretations.
     7. There is a need for clear guidance or minimum standards for industry in the emerging area of digital health.
     8. Promoting confidence and engendering trust is fundamental and is achieved through being transparent and sharing good practice. The public must be convinced of the benefits of data processing for pharmaceutical research, and of the high safeguarding standards employed in handling their sensitive information.