Auto-redact personal information from Expanded Access requests
For people who work on Expanded Access to investigational medicines, one of the most common pain points is how to handle personally identifiable data regarding patients — which I will refer to using the abbreviation PHI (Protected Health Information) as defined under U.S. law, although the underlying challenge is relevant internationally.
In an ideal world, pharmaceutical companies would not receive PHI from Expanded Access. The identity of a patient is not needed in order to assess potential clinical benefit relative to risks. And receipt of this information may open the pharmaceutical company to allegations of favoritism or discrimination with respect to decisions about who receives access to developmental drugs and biologics on compassionate grounds under Expanded Access. Moreover, receiving PHI can put a pharmaceutical company out of compliance with its Standard Operating Procedures, not to mention privacy regulations at local and national levels.
There are several socially-oriented approaches to addressing this challenge. One is to remind the healthcare provider not to include PHI when requesting Expanded Access. Another is to ask the healthcare provider to attest that they have indeed included no such PHI. But these nudges are only partly effective, and they tend to be barely effective at all in the case of requests submitted directly by patients or their families.
“When an HCP uploads patient information the platform automatically scans incoming information and highlights any PHI that is found, along with a confidence score. The software prompts the user to accept suggested redactions. Any PHI can be scrubbed with just a few mouse clicks.”
As a result, pharmaceutical companies tend to still experience frustrations from inbound PHI and the resulting work (and cost) required to scrub this from computer servers and backups.
A new approach
MedaSystems is a digital health platform designed to support and facilitate Expanded Access programs. Because we collect information via online forms, we have the ability to blind those fields most likely to contain PHI. And our platform now includes an even more powerful technological solution for removing PHI, based on machine learning and natural language processing algorithms.
When healthcare providers (or patients and families) email or upload patient information as part of an Expanded Access request submission into MedaSystems, the platform automatically scans incoming information and highlights any PHI that is found, along with a confidence score. The software will then prompt the pharmaceutical company to accept or overrule suggested redactions, so that any PHI can be scrubbed from requests with just a few mouse clicks.
Here's an illustration:
All the work takes place inside the MedaSystems platform, hence obviating the need to download documents and search them for PHI, make redactions using 3rd party image editing software, then reupload again into the system of record. The process is fast and scalable, and the automated detection algorithm reduces the risk of PHI being overlooked. Once redacted during the scan and review process, such information is permanently removed from the document.
MedaSystems' mission is to make Expanded Access easier for the healthcare providers and pharmaceutical companies who participate in this important and growing pathway to provide early access to potentially life-changing medical treatments. Automated redaction is just one of the tools we bring to the table with the MedaSystems platform. To start a conversation with our team, please email us at info@medasystems.com.