Accelerating Advances in Patient Health Research Through Responsible Data Sharing

Accelerating Advances in Patient Health Research Through Responsible Data Sharing

Muscular Dystrophy Association Adopts Privacy Analytics’ Plan
for Data De-Identification

With the expansion and growing awareness of its data hub, the Muscular Dystrophy Association (MDA) began receiving an influx of research requests from academia and life sciences companies for access to its data. The organization sought a more efficient way to prepare its data to be shared, while also meeting the highest standards for data privacy. The MDA turned to Privacy Analytics for a turnkey, data de-identification solution…

The Quest

Accelerating Improvements in Care for Neuromuscular Diseases

Neuromuscular diseases are a broad group of disorders characterized by progressive muscle weakness, and, often, fatigue and immobility. According to the IQVIA Institute for Human Data Science, these disorders collectively impact an estimated 250,000 individuals in the United States, although each one affects less than 40 individuals per 100,000. Many are so rare that they affect fewer than five people in 100,000. Neuromuscular diseases are degenerative and debilitating; they’re especially devastating as many of them disproportionately affect children.

IQVIA’s Real-World data estimates that, taken together, neuromuscular disorders account for more than $46 billion in healthcare costs annually in the United States alone.

Today, the use of patient registries and data hubs is deepening our understanding of the natural history of neuromuscular diseases, accelerating research and increasing access to new therapies – all to improve and customize patient care.

The Challenge

Meeting Data Needs While Protecting Patient Privacy

The MDA is a nonprofit patient advocacy group dedicated to curing muscular dystrophy, amyotrophic lateral sclerosis (ALS), and related diseases by funding worldwide research. In 2018 MDA established the neuroMuscular ObserVational Research (MOVR) Data Hub, a national patient data hub for neuromuscular diseases. MOVR was created in collaboration with IQVIA, a leading provider of registry technologies and health data management solutions.

The MOVR Data Hub gathers rich longitudinal data from participants who agree to share their information, with the goal of providing researchers with unique insights into how treatments affect outcomes, how clinical trials could be better designed, and how neuromuscular diseases impact people. MOVR will also help clinicians identify patients who may benefit from new therapies or who may be eligible for a clinical trial.

"I foresee that once we approve a request, we’ll be able to get data to academics or life sciences companies within a week."

Elisabeth Kilroy,

Director, MOVR at Muscular Dystrophy Association

Although MOVR collects data from an ever-increasing number of MDA Care Centers across the U.S., the number of participants represented in the data will remain very small. This is because each of the seven diseases captured in the data hub is rare. They include ALS, Becker muscular dystrophy, Duchenne muscular dystrophy, Facioscapulohumeral muscular dystrophy, Limb-girdle muscular dystrophies, Pompe disease, and Spinal muscular atrophy.

The low prevalence of these diseases poses special privacy challenges. “Just a few thousand individuals participate in our registry across all seven diseases,” explained Dr. Elisabeth Kilroy, the Director of the MOVR Data Hub. “It’s not like a registry on a prevalent disease such as diabetes, for example, that might include data on tens of thousands of patients all with the same disease. So, we have to take extra care to prevent anyone from being able to parse the data in a way that could reveal an individual’s identity.”

In addressing the growing number of requests to share its data, MDA was treating each request as a special case – conducting an involved risk assessment and data preparation process that often took at least six weeks. “This one-off approach was becoming unsustainable as MOVR gained attention,” Kilroy said. “We needed a scalable way of de-identifying data in order to respond to incoming requests quickly and confidently.”

Since IQVIA was collecting, storing, managing, and delivering MOVR data, it made sense for MDA to turn to Privacy Analytics, an IQVIA company, for help in de-identifying the data for external use. Privacy Analytics has a reputation for unmatched expertise and proven technology to solve privacy challenges and enable greater advances in patient health.

The Solution

A Systematic De-Identification Approach

MDA was accustomed to responding to requests for data from academics and life sciences companies across the seven disease areas, considering the unique risk profile of each request. This required the organization to develop as many as 28 different data de-identification processes, one for each potential usage scenario. With the goal of reducing these to a more manageable number, experts from Privacy Analytics began with a fact-finding exercise. Through in-depth conversations with MDA’s clinical operations managers, director of analytics, and chief research officer, the Privacy Analytics team set about:

  • Understanding the breadth of MDA’s data assets, identifying the information critical to each use case in contrast to the data elements that could be removed without losing value
  • Categorizing the different types of data sharing scenarios MDA could foresee within academia and industry across the seven different diseases
  • Mapping the flow of data through the organization and documenting the type of de-identification procedures in use
  • Determining the type of privacy and security controls data recipients had in place

Based on these insights, Privacy Analytics was able to find the commonalities among scenarios, ultimately determining that the various considerations and risks could be accommodated by just three distinct data-sharing scenarios. In other words, for any foreseeable data request, only one of three different strategies would need to be applied to de-identify the data. That way, in line with privacy regulations such as HIPAA, the data can be shared safely and responsibly while minimizing the effort required to maintain the de-identified data sets.

“Along the way, Privacy Analytics shared best practice recommendations with us on how to protect patient privacy, making suggestions in areas beyond just the de-identification plan,” said Kilroy. For example, Privacy Analytics created a checklist for MDA’s publication committee to ensure that when others publish or present data drawn from MOVR, they are complying with the organization’s privacy policies and avoid inadvertently exposing any participant’s identity.

Gain confidence to use and share sensitive data

Find out how our advisory services can help you safely leverage data derived from information about people. Watch this 15-minute webinar.

The Results

Peace of Mind Beyond Time and Cost Savings

Once Privacy Analytics’ de-identification plan is implemented, MDA will have a turnkey system it can use to respond rapidly to data requests from other entities. “I foresee that once we approve a request, we’ll be able to get data to academics or life sciences companies within a week,” predicted Kilroy. (MDA will only need to call Privacy Analytics should any of the data-sharing scenarios change drastically.) This has several tangible benefits, including:

  • Speeding the delivery of vital data to those working to find treatments
  • Eliminating the cost of preparing the data on a project-by-project basis
  • Increasing the resources that MDA can invest in furthering its mission of helping individuals living with neuromuscular diseases

With the streamlined approach developed by Privacy Analytics, it will be possible to easily convey the new process to Institutional Review Boards (IRBs) and participants, improving transparency.

Just as important, the approach will give MDA an intangible, but nonetheless invaluable benefit: peace of mind. “Thanks to Privacy Analytics,” said Kilroy, “we are confident that we’re doing everything possible to secure participants’ data and protect their privacy. That is of paramount importance to us.”

Archiving / Destroying

Are you unleashing the full value of data you retain?

Your Challenges

Do you need help...


Value Retention

Client Success

Client: Comcast

Situation: California’s Consumer Privacy Act inspired Comcast to evolve the way in which they protect the privacy of customers who consent to share personal information with them.


Are you achieving intended outcomes from data?

Your Challenge

Do you need help...


Unbiased Results

Client Success


Situation:’s AI-powered tech helps clients improve their online experience by sharing signals about website visitor intent. They wanted to ensure privacy remained fully protected within the machine learning / AI context that produces these signals.


Do the right people have the right data?

Your Challenges

Do you need help...


Usable and Reusable Data

Client Success

Client: Novartis

Situation: Novartis’ digital transformation in drug R&D drives their need to maximize value from vast stores of clinical study data for critical internal research enabled by their data42 platform.



Are you empowering people to safely leverage trusted data?

Your Challenges

Do you need help...


Security / compliance efficiency


Client: ASCO’s CancerLinQ

Situation: CancerLinQ™, a subsidiary of American Society of Clinical Oncology, is a rapid learning healthcare system that helps oncologists aggregate and analyze data on cancer patients to improve care. To achieve this goal, they must de-identify patient data provided by subscribing practices across the U.S.


Acquiring / Collecting

Are you acquiring the right data? Do you have appropriate consent?

Your Challenge

Do you need help...


Consent / Contracting strategy

Client Success

Client: IQVIA

Situation: Needed to ensure the primary market research process was fully compliant with internal policies and regulations such as GDPR. 



Are You Effectively Planning for Success?

Your Challenges

Do you need help...


Build privacy in by design

Client Success

Client: Nuance

Situation: Needed to enable AI-driven product innovation with a defensible governance program for the safe and responsible use
of voice-to-text data under Shrems II.


Join the next 5 Safes Data Privacy webinar

This course runs on the 2nd Wednesday of every month, at 11 a.m. ET (45 mins). Click the button to register and select the date that works best for you.