Claims data, activity records, clinical registries, electronic health records: these are all examples of sources for ‘real-world data’ (RWD), a term used to describe information that is collected outside an experimental clinical trial setting. RWD therefore has the benefit of reflecting outcomes in routine clinical practice.
As well as the ever-improving technology which is allowing us to collect more and more data, the environment for utilising RWD to support decision-making is also changing. Regulatory flexibilities and increasing public pressure to facilitate earlier access to medicines (eg through adaptive pathways or early access schemes) means that regulators are increasingly monitoring benefits and risks throughout a medicine’s life cycle. Payers are similarly being challenged to conduct earlier value assessments under greater uncertainty, and revisiting assessments as further RWD is collected. Moreover, managed entry agreements and performance-based payments require data collection alongside clinical practice. These emerging regulatory and reimbursement models all aim to make treatment provision and access more sensitive to the evolving evidence base, and all require RWD. However, beyond data collection capabilities alone, the processes that govern how data is collected, processed and shared, all impact the utility of RWD.
RWD must become real-world evidence (RWE) through a series of activities that transform raw data into analysis and results. Robust and appropriate data governance, applied at each step, are essential in realising the value of RWD and its derivative RWE. In a study conducted by OHE Consulting, funded by Lilly, we analysed the current data governance arrangements in eight countries, and proposed an aspirational governance framework based on these analyses.
What is the role for data governance in healthcare?
Information governance in healthcare has the central aim of balancing public and privacy interests – of advancing our understanding of medical treatments through evaluation and research, on the one hand, and protecting individuals’ privacy, on the other. Issues arise because RWD is being utilised for purposes beyond those for which it was originally collected – to directly manage patient care. Legal frameworks are playing catch-up in order to accommodate these new secondary uses of data, which can benefit patients and society but in a different way. The resulting rules and regulations vary substantially by country, and are not always completely prescriptive. This makes a clear and transparent governance framework all the more important.
What are the core elements of an aspirational data governance framework?
Good data governance is essential for making the best use of personal health information, enabling a learning health system where knowledge flows effectively and efficiently between research and clinical care. It is also essential in fostering public trust. We break down a governance framework according to four themes which represent steps in a data value chain: collecting the raw data; cleaning and managing the data; linkage and aggregation; and access/use of the data.
Personal data is any data that contains or can be attached to personal identifying information. Patient consent has a central role to play in the authorisation and protection of data. As such, the systems and processes in place to collect data must be cognisant of the intended later uses. Where patient consent is not feasible, the collection of data for purposes beyond direct care can be supported in some countries with relevant legislation, where statutory exemption can be granted – requirements that new legislation be passed for each new data set poses prohibitive restraints on legitimate and worthwhile data collection activities. Where data collection is on a routine basis across a large patient cohort, an opt-out, rather than an opt-in, system of patient consent may serve to maximise coverage and allow patients to contribute data more easily.
An opt-out, rather than an opt-in, system of patient consent may allow patients to contribute data more easily
Data controllers who are responsible for collecting, managing and linking patient data must demonstrate strong and robust processes and meet quality criteria that give the public and data users confidence in the quality and security of the data held. The ability to link information across data sets is important for research, for which a unique patient identifier is essential. However, this carries the risk of re-identification. Where appropriate, de-identification of data that replaces the unique patient identifier with a pseudonym can provide added data security; however, where data is not managed by one single entity, care should be taken that the algorithm for the pseudonymisation process is replicable for other data sets so that they may be linked, otherwise that the pseudonymisation process can be reversed if necessary. Common organisational and technical barriers to data linkage arise when there is no single group or organisation that has the responsibility or technical expertise required to manage the linking process. This could be minimised if linkage is undertaken by a single trusted third party.
Different arrangements for access to data can be employed to achieve the needed balance between protection of patient privacy and informing research that can indirectly benefit the population as a whole. Common approaches include ethical review panels that can evaluate the potential benefits and risks, data use agreements and confidentiality requirements, the provision of physical spaces for data analysts, and distributed network models. Where the appropriate safeguards are in place, authorisation should be based on careful consideration of the motivation for and outputs of the research facilitated, rather than on the basis of the organisation’s status.
How do individual country policies for data governance compare?
Current governance arrangements across countries differ substantially, and perform variably across the different elements of a governance framework. For example, in Italy data collection is strong but access is poor. National data linkage networks, such as that established in Australia, offer huge potential. However, transparency is essential: the UK and the Netherlands provide examples of public trust breaking down, thus impeding RWD programmes. Sweden and the U.S. perform well across our proposed framework; Germany and France are more restrictive, with particular difficulties in data linkage and access.
On a European-level, the European Parliament and Council are introducing a ‘General Data Protection Regulation’ to harmonise data protection and privacy across the EU. Early amendments to the Commission’s proposal caused significant controversy, particularly around the general prohibition of processing data in the absence of patient consent, which would have severely restricted the use of personal data for research purposes. These disproportionate limits on research and data sharing across health functions have been avoided in the final agreement of the Commission’s EU data protection reform, which will be released imminently.
Given the expanding capabilities to capture and utilise RWD, it is important that governance – the rules and regulations that govern how RWD is accessed or generated, and used credibly to generate RWE – is fit for purpose. Appropriate and facilitative governance arrangements for RWE are imperative to facilitate evidence collection to meet the demands of regulators and HTA bodies, and to make the most of healthcare information and the role it can play in improving patient care.
