Quantitative risk assessments to meet regulatory submission requirements
Case study
Safeguarding patient privacy and data utility through effective risk assessment
Overview
To ensure compliance with the European Medicines Agency (EMA) and Health Canada document/Clinical Study Report (CSR) anonymisation requirements, a quantitative assessment of the risk of subject reidentification is essential. This assessment allows for the anonymisation of documents and data to an acceptable regulatory level, enabling provision of anonymised study data and submission documents to the client, that satisfy regulatory requirements.
ICON was approached by the sponsor seeking to analyse the data and determine which risk model best reduces the risk to an acceptable level. The goal was to satisfy both the regulatory requirements and the sponsor’s needs for private data-sharing situations.
Challenge
A significant challenge in the risk assessment process lies in determining which data points in CDISC SDTM study datasets are classified as identifying, quasi-identifying, insensitive, or having no impact on the risk assessment. Developing a risk model that meets regulatory needs can be complex, requiring careful consideration of variable treatment.
Solution
ICON’s cross-functional biometrics team, comprising statisticians, statistical programmers, and clinical trial transparency experts, quantitatively measure the risk of identifying a study patient with the available data collected in a study and documented in clinical study reports when specific data various transformations are applied.
Leveraging ICON’s programming expertise and custom software, the team analysed the data to determine the most effective risk model for reducing risk to an acceptable level to meet either regulatory needs or sponsor needs for private data-sharing situations. ICON also worked closely with the client to mitigate patient re-identification risk and maximise data utility for documents and data.
Outcome
ICON’s cross-functional team successfully provided the client with a tailored solution that met different needs of each study in their portfolio. Through a collaborative effort, the team worked closely together to solve issues confronted when anonymising datasets and assessing the risk of re-identification. ICON’s support for the sponsor provided these three solutions:
- Document anonymisation, with and without quantitative risk assessment, such as the CSR and Statistical Analysis Plan (SAP)
- Document and data anonymisation, ensuring consistency between the two deliverables whilst mitigating the risk of subject re-identification
- Data-only anonymisation for public and private data sharing where quantitative risk is assessed based on data-sharing requirements through a collaborative effort, with the sponsor, the team successfully attained risk of identification reduction to acceptable levels for data sharing and submission compliance.