Data protection

Figure 1. Amplitudes of the Fourier coefficients of log(model density, from a multipolar tit to 23 K diffraction data protect [45]. Continuous line m(x) = uniform distribution. Dotted line m(x) = core and valence monopoles. The vertical bar marks the experimental resolution limit 0.463 A. 

MetaPress is committed to respecting data-protection regulations. This statement informs you of the steps we take to protect your rights. 

Data Protection and the Substance Information Exchange Forum... 

In the past, various individuals and organisations have claimed to own the data produced from a clinical trial, including the state, the sponsor, the investigator and, in some cases, the patient or study subject. It is certainly true that with the advent of the EU Directive on Data Protection, the claim of ownership to his or her data by the patient or study subject has been strengthened. Unfortunately, there is no clear ownership of clinical data except that of society. Even then, society needs to respect the confidentiality and other wishes of individual subjects who have been clinical trial participants. Is there a difference in ownership between data produced from product-driven research to that produced in policy-driven therapeutic research ... 

A specified party must hold or obtain (and maintain) all necessary authorisations, for example, under the UK Medicines for Human Use (Clinical Trial) Regulations 2004, and sub-ordinate/related legislation, the Data Protection Act 1998 and the Animals (Scientific Procedures) Act 1986. 

In compliance with Data Protection legislation and the General Medical Council guidelines on confidentiality, the Yellow Card was updated in September 2000 to ask for an identification number for the patient for instance, a practice or hospital number. The CSM no longer asked for personal patient identifiers on Yellow Cards all that is now required is the patient s initials and age instead of their name and date of birth. The inclusion of the identification number enables the patient to be identifiable to the reporter but not to the CSM, thus allowing the reporter to know to whom the report refers for any potential future correspondence. 

Companies must ensure that patient confidentiality is maintained at all times and that data protection legislation is complied with. 

The Parties agree to adhere to the principles of medical confidentiality in relation to Clinical Trial Subjects involved in the Clinical Trial. Personal data shall not be disclosed to the Sponsor by the NHS Trust save where this is required directly or indirectly to satisfy the requirements of the Protocol or for the purpose of monitoring or adverse event reporting. The Sponsor shall not disclose the identity of Clinical Trial Subjects to third parties without prior written consent of the Clinical Trial Subject, in accordance with the requirements of the Data Protection Act 1998 and the principles set out in the Report of the Caldicott Committee on the review of patient identifiable information dated December 1997, a copy of which the NHS Trust shall supply to the Sponsor on request. 

The review regulation also requires that co-notifiers for the same active substance shall undertake all reasonable efforts to present a common notification, in whole or in part, in order to minimise animal testing for Annex 1 assessment. Unfortunately, this request for industrial collaboration must also be considered within the context that the specific provisions proposed to be developed by the Commission are not yet known and that the current status of data protection and confidentiality within the directive does not really encourage either investment or collaboration. 

A subtle shift has taken place, however. Ten years ago a laboratory might have been (appropriately) cited for poor data protection practices. Now a citation might be issued for lack of an audit trail, even with evidence that the data have never been compromised. In effect the regulatory attention has shifted back a step, from verification of data to verification of data protection devices (audit trails). The FDA now requires an automated regulatory tool as a QA monitor in all but the most unautomated laboratory environments. 

With increasingly networked, distributed computer systems the risk of deliberate malicious interactions, using software-based tools, became a serious threat. Many-fold related issues like data protection, privacy, integrity, authenticity, and denial of service attacks, viruses, worms etc. lead to a separate community to be established, which is nowadays in the main focus of the public as was safety some time ago (and still is—but only after catastrophic events). This community developed separate standards, methods, taxonomy and ways of thinking. 

The main elements responsible for impact have already been discussed costs in obtaining an authorisation lack of data protection and the free-rider issue once an authorisation is granted. The ultimate measure of this impact is the number of biocidal active substances and biocidal products on the EU market. This can be broken down into stages and these are discussed below. 

Validation concepts, although not the terminology, are also expected for computer, control, and laboratory systems that have the potential to seriously affect Safety, Health, and Enviromnental (SHE) data protection and financial control. Pharmaceutical and healthcare companies may want to institute common ways of working across these requirements. 

Electronic records are defined here as those records used for GxP decision/review processes or regulatory submissions. Appendix 15A helps identify examples. Financial, Data Protection, and other non-GxP records held electronically may also have regulatory requirements, but these are not... 

A workbook capturing the design of the spreadsheet then needs to be prepared. This should include the design of fields, traceable calculations, and data protection mechanisms. 

If a generic subject information sheet and informed consent form are attached to the protocol, these documents should also be reviewed for compliance with any requirements for informed consent, such as GCP, SOPs and the Declaration of Helsinki, and for consistency with the trial protocol. The information sheet and informed consent forms must be written in a language understandable to the trial participant and should include information on data protection/privacy. Further information on protocol and informed consent audits is available in literature (Bohaychuk and Ball, 1999 DGGF, 2003). 

Exclusivity All medicines approved through the CP will be granted an eight-year period of data protection and a ten-year period of marketing protection (see below). This period can be extended to 11 years if, during the first 10 years, a major new indication is developed. 

Quite apart from patent protections, innovator products are granted eight years of data protection and ten years of market exclusivity (see above), plus a further year of market exclusivity if a major new indication is registered. This means that a generic medicinal product can be placed on the market only 10 (or 11) years after the original authorization, although experimental activities to prepare the dossier, in particular to conduct bioequivalence studies, can start two or three years earlier. 

The European Union s Directive on Data Protection bars the movement of personal data to countries that do not have sufficient data privacy laws in place. Additionally, the US Health Insurance Portability and Accountability Act (HIPAA) sets national standards for the protection of health information, as applied to the three types of covered entities health plans, healthcare clearinghouses and healthcare providers who conduct certain healthcare transactions electronically. HHS OCR HIPAA Privacy (2003). This law was enacted in recognition of the fact that advances in... 

---