Categories
Case Study clinical decision support decidemedical GDPR

Case study: How to provide clinical decision support during post-training phase

They are essential to our health: new medical products. Every year, medical device manufacturers, biotech companies, and pharmaceutical companies spend billions to develop them – and then millions to train and educate physicians to know how to use them and how to best help patients. But what happens after that, and how can medical product manufacturers support physicians when it comes to treating real people?

Once a medical product or treatment has been developed, various methods are initially used in the training phase. These range from descriptions and instructions supported by e-learning platforms, videos and audio files to sophisticated training centers with hands-on learning in real operating room facilities with training on animals or cadaver explants. Simulation software and 3D-printed artificial materials to mimic real-world scenarios are also emerging technologies for training and preparing physicians to use new treatments.

Time gap between training and first patient treatment

All of these efforts are designed to prepare medical teams for the moment when a real patient is to be treated. Right after training, what usually happens first is…. nothing! That’s because often the first treatment of a real patient doesn’t happen until weeks or months after training. This is the moment when training and reality meet. 

Now it’s up to the physician in his or her clinic to decide whether the patient meets the criteria for a particular implant or interventional treatment. The physician may need to select the right size implant or decide on the access route. 

Assessment of medical images vital during post-training-phase

Medical images play a key role in the best treatment outcome, such as methodological selection and determining the size of an implant. And this is where medical device manufacturers can come in: Namely, by supporting physicians with a second opinion at these critical moments. But this is not always so easy and, above all, often too slow, for example because of a physical distance. It is not uncommon, for example, for the attending physician and his patient to be located in Europe, but the manufacturer in the USA, and for medical images to be exchanged by mail.

Clinical decision support via web-based tools to ensure the best treatment possible

A straightforward and secure solution here can be provided by web-based clinical decision support tools, such as our GDPR-compliant online solution decidemedical, which has been used by the medical device industry for ten years. With its help, clinicians can upload their clinical data and medical images and submit them securely and compliantly to industry experts to either get their opinion on the suitability of a case or industry provides sizing services. Clinical experts from the manufacturer review and measure the medical images using specialized imaging software and submit their assessments to the physician via the web-based platform to recommend the best treatment option and implant size.

The benefits to the physician, the industry – and most importantly, the patient – from using web-based Clinical Decision Support tools in the post training phase are clear:

  • Utilization of existing medical expertise,
  • available worldwide,
  • fast turnaround time,
  • enables a controlled product launch,
  • efficient customer support,
  • compliance with regulations, and it’s
  • accessible from anywhere – no software required.

How do you manage physician support in the post-training phase? And how does your clinical team share medical images with the different sites?

Discuss here or contact us at info(at)clinflows.com

Categories
GDPR

ECJ invalidates Privacy Shield – what does this mean for you and your company?

The European Court of Justice (ECJ) declared the Privacy Shield invalid in its ruling (C-311/18) on 16 July 2020. We have summarized here what this can mean for you and your company.

Data protection, the exchange of data and what has to be considered – I know that this is not a very funny or entertaining topic. Nevertheless, it is one of great importance, especially in the healthcare market. Why? 

Because in our healthcare market, doctors and industry personnel deal with patients’ personal data on a daily basis and transmit it online, whether for clinical studies, sending medical images (DICOM) to CoreLabs or to obtain a second opinion from medical experts for screening purposes or to check the suitability of a patient for a particular treatment – sometimes across several continents. And here comes the problem:

Following the rejection of the Safe Harbor Agreement in October 2015, the replacement Privacy Shield, which was a self-certifying mechanism for U.S. companies to comply with privacy requirements when transferring personal data from the EU to the United States, was declared invalid in July 2020.

European personal data not protected in the USA: U.S. government may use communications providers to monitor foreign individuals

The reason: the ECJ found that the US surveillance programmes allow the US authorities to carry out large-scale surveillance activities that do not comply with the principles of European standards, in particular with regards to necessity and proportionality. An example of this is the hotly debated Section 702 of the FISA (Foreign Intelligence Surveillance Act), a key provision of the FISA Amendments Act of 2008, which allows the U.S. government, with the help of electronic communications service providers to conduct targeted surveillance of foreign persons located outside the United States in order to obtain foreign information.

Furthermore, the mechanism of the so-called “ombudsperson” embedded in the Privacy Shield does not actually offer a realistic possibility for the persons concerned to bring their legal dispute before an independent court, as provided for in the Charter of Fundamental Rights of the European Union.

The problematic situation was clearly expressed by Mr. Schrems, the founder of the NOYB-European Center for Digital Rights, who stated during a hearing before the EU Commission on September 3: “(…)we have a fundamental clash of laws. We have in the European Union, the Charter of Human Fundamental Rights and in the US, FISA (…) there is a legal clash (…) having two different obligations on the legislative level, in the US to have surveillance and in the EU the obligation to privacy (…)“.

Why could this be a problem for European companies?

Well, the answer is simple: If you and your company rely on service providers for the exchange of European patient data, then you need to check: 

1. where are the data hosted – US or EU?

2. where is the company located processing your data?

If you host your patient data on US servers, or utilize services from a data processor which has its headquarters located in the USA your data is at risk to be surveilled.

The question now is what the European data protection authorities will do about it. It must be remembered that the European Court of Justice’s ruling obliges the authorities to act as the ruling is binding. Their measures are under discussion and must be awaited.

So we are not only dealing with a complex legal situation that makes it difficult for the industry to operate and make clear decisions, but also with questions such as: Are the standard contractual clauses sufficient or should supplementary measures be taken? At present, we also do not know what the consequences of the measures to be taken by the data protection authorities will be.

Will data from your EU patients be transferred to the USA?

I am often surprised when I speak to senior clinical or business managers in the healthcare industry who have to manage the transfer of personal data of patients, such as medical images as part of clinical monitoring or study projects. Often, they have little knowledge of the current discussions regarding data transfer between the EU and the US – often they don’t even know in which country their project data is hosted. Also, the term “anonymized” data is often used incorrectly, because in fact, data is usually only pseudonymized, which has completely different legal consequences than anonymization.

I can clearly recommend any manager who manages the transfer of personal patient data: Make every effort to understand where the relevant data is hosted and whether it is hosted by a U.S. or EU entity that handles the data, so that you can assess how much of a risk the U.S. authorities are monitoring. 

The solution: Hosting European patient data on European servers using European providers

It is clear that it will be almost impossible to prevent the US authorities from monitoring EU-US data transfers and that it will take years, if ever possible, to resolve these issues legally.

Therefore, for the security of the privacy of our patients in Europe in the context described above, it is strongly recommended to ensure that the data is hosted in Europe by a European company as data processor – only then will the US authorities not have access to the data.

And guess what, yes, that is exactly what we offer at ClinFlows: ClinFlows only uses dedicated servers located in Europe to process data – because the security of the patient data we process is our top priority.

And we promise you: We will continue to monitor the recommendations of data protection authorities to ensure that appropriate mechanisms are implemented and that our services remain secure for all parties involved.

About the author:

Uwe Gladbach is a biomedical engineer, who started his career as a perfusionist in open heart surgery back in the 90ties. In more than 25 years he gained experience in the medical device industry in various positions, covering clinical research, as well as sales and operations in global positions. Uwe is the CEO and founder of ClinFlows, which offers e-solutions for clinical workflows.