With the expansion and growing awareness of its data hub, the Muscular Dystrophy Association (MDA) began receiving an influx of research requests from academia and life sciences companies for access to its data. The organization sought a more efficient way to prepare its data to be shared, while also meeting the highest standards for data privacy. The MDA turned to Privacy Analytics for a turnkey, data de-identification solution…
The Quest
Accelerating Improvements in Care for Neuromuscular Diseases
Neuromuscular diseases are a broad group of disorders characterized by progressive muscle weakness, and, often, fatigue and immobility. According to the IQVIA Institute for Human Data Science, these disorders collectively impact an estimated 250,000 individuals in the United States, although each one affects less than 40 individuals per 100,000. Many are so rare that they affect fewer than five people in 100,000. Neuromuscular diseases are degenerative and debilitating; they’re especially devastating as many of them disproportionately affect children.
IQVIA’s Real-World data estimates that, taken together, neuromuscular disorders account for more than $46 billion in healthcare costs annually in the United States alone.
Today, the use of patient registries and data hubs is deepening our understanding of the natural history of neuromuscular diseases, accelerating research and increasing access to new therapies – all to improve and customize patient care.
The Challenge
Meeting Data Needs While Protecting Patient Privacy
The MDA is a nonprofit patient advocacy group dedicated to curing muscular dystrophy, amyotrophic lateral sclerosis (ALS), and related diseases by funding worldwide research. In 2018 MDA established the neuroMuscular ObserVational Research (MOVR) Data Hub, a national patient data hub for neuromuscular diseases. MOVR was created in collaboration with IQVIA, a leading provider of registry technologies and health data management solutions.
The MOVR Data Hub gathers rich longitudinal data from participants who agree to share their information, with the goal of providing researchers with unique insights into how treatments affect outcomes, how clinical trials could be better designed, and how neuromuscular diseases impact people. MOVR will also help clinicians identify patients who may benefit from new therapies or who may be eligible for a clinical trial.
"I foresee that once we approve a request, we’ll be able to get data to academics or life sciences companies within a week."
Elisabeth Kilroy,
Director, MOVR at Muscular Dystrophy Association
Although MOVR collects data from an ever-increasing number of MDA Care Centers across the U.S., the number of participants represented in the data will remain very small. This is because each of the seven diseases captured in the data hub is rare. They include ALS, Becker muscular dystrophy, Duchenne muscular dystrophy, Facioscapulohumeral muscular dystrophy, Limb-girdle muscular dystrophies, Pompe disease, and Spinal muscular atrophy.
The low prevalence of these diseases poses special privacy challenges. “Just a few thousand individuals participate in our registry across all seven diseases,” explained Dr. Elisabeth Kilroy, the Director of the MOVR Data Hub. “It’s not like a registry on a prevalent disease such as diabetes, for example, that might include data on tens of thousands of patients all with the same disease. So, we have to take extra care to prevent anyone from being able to parse the data in a way that could reveal an individual’s identity.”
In addressing the growing number of requests to share its data, MDA was treating each request as a special case – conducting an involved risk assessment and data preparation process that often took at least six weeks. “This one-off approach was becoming unsustainable as MOVR gained attention,” Kilroy said. “We needed a scalable way of de-identifying data in order to respond to incoming requests quickly and confidently.”
Since IQVIA was collecting, storing, managing, and delivering MOVR data, it made sense for MDA to turn to Privacy Analytics, an IQVIA company, for help in de-identifying the data for external use. Privacy Analytics has a reputation for unmatched expertise and proven technology to solve privacy challenges and enable greater advances in patient health.
The Solution
A Systematic De-Identification Approach
MDA was accustomed to responding to requests for data from academics and life sciences companies across the seven disease areas, considering the unique risk profile of each request. This required the organization to develop as many as 28 different data de-identification processes, one for each potential usage scenario. With the goal of reducing these to a more manageable number, experts from Privacy Analytics began with a fact-finding exercise. Through in-depth conversations with MDA’s clinical operations managers, director of analytics, and chief research officer, the Privacy Analytics team set about:
- Understanding the breadth of MDA’s data assets, identifying the information critical to each use case in contrast to the data elements that could be removed without losing value
- Categorizing the different types of data sharing scenarios MDA could foresee within academia and industry across the seven different diseases
- Mapping the flow of data through the organization and documenting the type of de-identification procedures in use
- Determining the type of privacy and security controls data recipients had in place
Based on these insights, Privacy Analytics was able to find the commonalities among scenarios, ultimately determining that the various considerations and risks could be accommodated by just three distinct data-sharing scenarios. In other words, for any foreseeable data request, only one of three different strategies would need to be applied to de-identify the data. That way, in line with privacy regulations such as HIPAA, the data can be shared safely and responsibly while minimizing the effort required to maintain the de-identified data sets.
“Along the way, Privacy Analytics shared best practice recommendations with us on how to protect patient privacy, making suggestions in areas beyond just the de-identification plan,” said Kilroy. For example, Privacy Analytics created a checklist for MDA’s publication committee to ensure that when others publish or present data drawn from MOVR, they are complying with the organization’s privacy policies and avoid inadvertently exposing any participant’s identity.
Gain confidence to use and share sensitive data
Find out how our advisory services can help you safely leverage data derived from information about people. Watch this 15-minute webinar.
The Results
Peace of Mind Beyond Time and Cost Savings
Once Privacy Analytics’ de-identification plan is implemented, MDA will have a turnkey system it can use to respond rapidly to data requests from other entities. “I foresee that once we approve a request, we’ll be able to get data to academics or life sciences companies within a week,” predicted Kilroy. (MDA will only need to call Privacy Analytics should any of the data-sharing scenarios change drastically.) This has several tangible benefits, including:
- Speeding the delivery of vital data to those working to find treatments
- Eliminating the cost of preparing the data on a project-by-project basis
- Increasing the resources that MDA can invest in furthering its mission of helping individuals living with neuromuscular diseases
With the streamlined approach developed by Privacy Analytics, it will be possible to easily convey the new process to Institutional Review Boards (IRBs) and participants, improving transparency.
Just as important, the approach will give MDA an intangible, but nonetheless invaluable benefit: peace of mind. “Thanks to Privacy Analytics,” said Kilroy, “we are confident that we’re doing everything possible to secure participants’ data and protect their privacy. That is of paramount importance to us.”
