New Rules Challenging Data Privacy Retention Processes

Mar 21, 2017

Data privacy and data retention seem to become more complicated by the day in the realm of medical affairs and pharmacovigilance. I am beginning to think that there really is no solution. With the GDPR (General Data Protection Regulation) coming in 2018 followed by Brexit I trust I am not alone in being a little confused.

In recent meetings with an international pharmaceutical company, I was asked about how our systems cover data privacy.  I thought I had a good and complete answer.  I reassured them that we had implemented country specific data privacy.  We could decide if data privacy was enabled and if it was, we would encrypt all personal data in the database.   We could then set a retention period and ensure that any responses would be essentially unrecoverable after the retention period had passed.  We discussed redaction of data and finally through role-based security we could ensure that users of one company unit could not see any contact data or inquiry history of another unit.

But then a small bombshell was dropped.

Could our medical information systems support product-specific data retention?  In other words, could we keep our data privacy retention period for some products, yet ensure all requests and responses for a specific product are retained indefinitely?

I had to ask why.

The response was actually quite enlightening and questions the notion of when data retention is required.   The response was that if certain products are under legal challenge then it would be required that all responses given for that product are retained as they may become part of ruling on that product.  In other words, we have to be able to retain all inquiries and responses for a particular product.

So in the event of a lawsuit how can we see what advice was given to a patient if we do not retain the data?  We decided there was nothing that could be done prior to the lawsuit but agreed to maintain all data post the law suit…hence the need to remove data privacy from individual products.

So data privacy is simply getting more and more complicated.  Good news for the lawyers!

Contact us to learn how ArisGlobal can help your teams succeed.

SHARE