Big Data

On 15 February 2019, the European Medicines Agency (EMA) and Heads of Medicines Agencies (HMA) published their Joint Big Data Taskforce’s summary report (available here) setting out recommendations for understanding the acceptability of evidence derived from ‘big data’ in support of the evaluation and supervision of medicines by regulators.

The Taskforce has sought to clarify the meaning of ‘big data’ within the medicines regulatory context, defining it within the report as: “extremely large datasets which may be complex, multi-dimensional, unstructured and heterogeneous, which are accumulating rapidly and which may be analysed computationally to reveal patterns, trends, and associations. In general big data sets require advanced or specialised methods to provide an answer within reliable constraints”.

The Taskforce was split into seven sub-groups, each focusing on different categories of datasets:

  1. Clinical trials and imaging;
  2. Observational (or ‘Real World’) data;
  3. Spontaneous adverse drug reports (ADR);
  4. Social media and mobile health;
  5. Genomics;
  6. Bioanalytical ‘omics (with a focus on proteomics); and
  7. Data analytics (this work is ongoing and cuts across the above six sub-groups; a further report is expected in Q1 2019).

The sub-groups were each asked, amongst other thing, to characterise their respective datasets; consider the specific areas where big data usability and applicability may add value; assess the existing competencies and expertise present across the European regulatory network regarding the analysis and interpretation of big data; and provide a list of recommendations and a ‘Big Data Roadmap’.Continue Reading EMA-HMA joint taskforce publish report outlining recommendations for using ‘big data’ for medicines regulation

The UK’s National Institute for Health and Care Excellence (NICE) has recently published an evidence standards framework for DHTs (the Standards), available here.  It did so through a working group led by NHS England, but supported by representatives from Public Health England, MedCity and DigitalHealth.London.

The Standards cover DHTs,
Continue Reading NICE adopts evidence standards for the development and assessment of digital health technologies (DHTs)

On 8 October, the European Medicines Agency (EMA) published a report (available here) setting out the progress it has made towards applying a common data model (CDM) in Europe. The EMA defines a CDM as “a mechanism by which raw data are standardized to a common structure, format and terminology independently from any particular study in order to allow a combined analysis across several databases/datasets”. The report follows an EMA-hosted workshop in December 2017 to examine the opportunities and challenges of developing a CDM.

The report acknowledges that the use of ‘Real World Data’ (RWD) (data relating to patient health status or delivery of health care data that is routinely collected from sources other than clinical trials) has become an increasingly common source of evidence to support drug development and regulatory decision making for human medical use in Europe. However, Europe currently has no pan-European data network, despite the wealth of data generated through various national healthcare systems that provide access for all. Many multi-database studies currently performed are typically slow and still allow for substantial variability in the conduct of studies. Further, there are a growing number of innovative products that no longer align with customary drug development pathways. This may create uncertainty in their data packages required for authorization, and subsequent tension between facilitating earlier access for patients with limited treatment options against the requirement for proactive robust pharmacovigilance of medicines for wider clinical use across the product life cycle (the existing EMA Patient Registry Initiative addresses this need in part).
Continue Reading EMA publishes “A Common Data Model for Europe? – Why? Which? How?” Workshop Report

Designing data-driven products and services in compliance with privacy requirements can be a challenging process.  Technological innovation enables novel uses of personal data, and companies designing new data-driven products must navigate new, untested, and sometimes unclear requirements of privacy laws, including the General Data Protection Regulation (GDPR).  These challenges are often particularly acute for companies providing products and services leveraging artificial intelligence technologies, or operating with sensitive personal data, such as digital health products and services.

Recognising some of the above challenges, the Information Commissioner’s Office (ICO) has commenced a consultation on establishing a “regulatory sandbox”.  The first stage is a survey to gather market views on how such a regulatory sandbox may work (Survey).  Interested organisations have until 12 October to reply.

The key feature of the regulatory sandbox is to allow companies to test ideas, services and business models without risk of enforcement and in a manner that facilitates greater engagement between industry and the ICO as new products and services are being developed.

The regulatory sandbox model has been deployed in other areas, particularly in the financial services sector (see here), including by the Financial Conduct Authority in the UK (see here).

Potential benefits of the regulatory sandbox include reducing regulatory uncertainty, enabling more products to be brought to market, and reducing the time of doing so, while ensuring appropriate protections are in place (see the FCA’s report on its regulatory sandbox here for the impact it has had on the financial services sector, including lessons learned).

The ICO indicated earlier this year that it intends to launch the regulatory sandbox in 2019 and will focus on AI applications (see here).

Further details on the scope of the Survey are summarised below.Continue Reading ICO consults on privacy “regulatory sandbox”

On 5 September, in response to the opportunities presented by data-driven innovations, apps, clinician decision support tools, electronic health care records and advances in technology such as artificial intelligence, the UK Government published a draft “Initial code of conduct for data-driven health and care technology” (Code) for consultation.  The Code is designed to be supplementary to the Data Ethics Framework, published by the Department for Digital, Culture, Media and Sport on 30 August, which guides appropriate data use in the public sector.  The Code demonstrates a willingness of the UK Government to support data sharing to take advantage of new technologies to improve outcomes for patients and accelerate medical breakthroughs, while balancing key privacy principles enshrined in the GDPR and emerging issues such as the validation and monitoring of algorithm-based technologies.  For parties considering data-driven digital health projects, the Code provides a framework to help conceptualise a commercial strategy before engaging with legal teams.

The Code contains:

  • a set of ten principles for safe and effective digital innovations; and
  • five commitments from Government to ensure the health and care system is ready and able to adopt new technologies at scale,

each of which are listed further below.

While the full text of the Code will be of interest to all those operating in the digital health space, the following points are of particular note:

  • the UK Government recognises the “immense promise” that data sharing has for improving the NHS and social care system as well as for developing new treatments and medical breakthroughs;
  • the UK Government is committed to the safe use of data to improve outcomes of patients;
  • the Code intends to provide the basis for the health and care system and suppliers of digital technology to enter into commercial terms in which the benefits of the partnerships between technology companies and health and care providers are shared fairly (see further below); and
  • given the need of artificial intelligence for large datasets to function, two key challenges arise: (i) these datasets must be defined and structured in accordance with interoperable standards, and (ii) from an ethical and legal standpoint, people must be able to trust that data is used appropriately, safely and securely as the benefits of data sharing rely upon public confidence in the appropriate and effective use of data.

The Code provides sets out a number of factors consider before engaging with legal teams to help define a commercial strategy for data-driven digital health project.  These factors include: considering the scope of the project, term, value, compliance obligations and responsibilities, IP, liability and risk allocation, transparency, management of potential bias in algorithms, the ability of the NHS to add value, and defining the respective roles of the parties (which will require thinking beyond traditional research collaboration models).

Considering how value is created and realised is a key aspect of any data-driven digital health project, the Code identifies a number of potential options: simple royalties, reduced payments for commercial products, equity shares in business, improved datasets – but there is also no simple of single answer.  Members of Covington’s digital health group have advised on numerous data-driven collaborations in the healthcare sector.  Covington recently advised UK healthcare technology company Sensyne Health plc on pioneering strategic research and data processing agreements with three NHS Trust partners. Financial returns generated by Sensyne Health are shared with its NHS Trust partners via equity ownership in Sensyne Health and a share of royalties (further details are available here).

The UK Government also intends to conduct a formal review of the regulatory framework and assessing the commercial models used in technology partnerships in order to address issues such as bias, transparency, liability and accountability.

The UK Government is currently consulting on the Code (a questionnaire on the Code is available here) and intends to publish a final version of the Code in December.Continue Reading UK Government publishes “Initial code of conduct for data-driven health and care technology” for consultation

On 1 May, 2018 the Centre for Policy Studies (the “CPS”) published its latest paper on the UK’s National Health Service (the “NHS”) entitled “Powerful Patients, Paperless Systems: How New Technology Can Renew The NHS” (the “Paper”). The Paper advocates a “digital first NHS” that adopts a paperless system and enables patients to take full advantage of the continuing digitisation and integration of technology, often referred to as the Fourth Industrial Revolution (“4IR”).

To facilitate this change the Paper outlines three key targets that should be set by the Department of Health and Social Care, to be achieved by 2028:

  1. Move the NHS to a “digital first” platform and to aim to ensure that all interactions within the health service are digitally driven.
  2. Build an ecosystem of apps and innovation within and around the NHS, to improve patient service and control.
  3. Ensure that the savings made from automation and innovation are put back into frontline services and that budgets for staff R&D and technology training rise in line with overall NHS spending.

Continue Reading Summary of the CPS Paper on the Integration of Technology in the UK’s National Health Service

Although the National Cybersecurity Awareness Month of October has come to a close, it is not too late for corporate counsel and risk managers to be thinking about cyber-risk insurance — an increasingly essential tool in the enterprise risk management toolkit. But a prospective policyholder purchasing cyber insurance for the first time may be hard put to understand what coverage the insurer is selling and whether that coverage is a proper fit for its own risk profile. With little standardization among cyber policies’ wordings, confusing labels for their covered perils, and little interpretive guidance from case law to date, a cyber insurance buyer trying to evaluate a new proposed policy may hardly know where to focus first.

After pursuing coverage for historically major cyber breaches and analyzing scores of cyber insurance forms over the past 15 years, we suggest the following issues as a starting point for any cyber policy review:
Continue Reading Top Tips and Traps for Cyber Insurance Buyers

Digital Health

In the second of a three-part series, Covington’s global cross-practice Digital Health team considers some additional key questions that companies across the life sciences, technology, and communications industries should be asking as they seek to fit together the regulatory and commercial pieces of the complex digital health puzzle.

Key Commercial

Continue Reading Digital Health Checkup (Part Two): Key Commercial Questions When Contracting for Digital Health Solutions

On August 30, the UK government published a report by Professor Sir John Bell of Oxford University providing a number of recommendations to government to ensure the long term success of the life sciences sector in the UK (Life Sciences Industry Strategy).  This blog post summarises the key
Continue Reading The UK’s Life Sciences Industrial Strategy: Digital Health Implications

On May 11, 2017, the European Cloud in Health Advisory Council (ECHAC) – a group of healthcare organizations, technology companies and patient representatives  –  launched its second whitepaper focused on use of data to improve health outcomes and delivery of care.

ECHAC launched the whitepaper at an eHealth Week 2017
Continue Reading European Cloud in Health Advisory Council Calls For Review of eHealth Rules and Ethics of Medical Data Re-Use