Protecting Patient Records, Clinical Trial Data & Communications

   Protecting Patient Information

Using Safeguard PDF Security to protect confidential patient information

Patient confidentiality has always been the watchword of healthcare providers, but although the advance into the digital age has helped leverage speed of administration it has come at a cost of lower confidentiality.  It used to be quite difficult to disclose large amounts of patient data because you had to find tons of paper, steal or copy it, and then try to read the handwriting – a form of encryption?  But now, like everything else, theft can be done at the touch of a button!  So much so that data protection regulation (HIPAA, the European Data Protection Directive and so on) singles out healthcare data as requiring specific protection.

Most everybody knows that they should encrypt data stored in databases and on servers, but fewer understand how the power of DRM access control extends the ability to comply with regulation as well as internal controls.  Just consider the humble PDF documents, often sent out by email, to patients making appointments or sending test results.  And the same goes for patient communications and exchanges with other healthcare professionals.  At the moment there is little effective control, especially when Bring Your Own Device (BYOD) and cloud computing means there is no longer a defined internal security boundary.  Everyone inside is outside, so you have to apply DRM access control to the documents themselves rather than relying on database controls.

DRM access control has the advantage of persisting with the document, allowing you to enforce extensions such as license checking, end by dates, preventing data extraction and processing or onwards distribution.  You can also remove users and cancel access to documents dynamically if required.  These are all critical features for handling personal data. Also, being able to log exactly who has accessed which documents and if they were printed creates a powerful record for auditors and compliance staff to review.

Locklizard PDF DRM solutions provide a flexible approach to achieving privacy objectives for both provider and patient.  Protected documents cannot be harvested from email by attackers or even ISPs.  They can still be read by the authorized recipients, and, if necessary, can be printed out for filing and reference purposes, but cannot be used or processed if they are intercepted, forwarded or stolen.

   Protecting Clinical Trials

Protection of clinical trial data

Apart from the actual formula and precise method of manufacture, the other big secret in life sciences is the conducting of clinical trials.  Apart from the documentation of how the trials are to be conducted (to ensure safety and efficacy) there are the results obtained as part of the trials to consider.

PDF document security is required at several stages during clinical trials.

At the point of clinical study design, key documents are created, and, whether outsourced partners or internal staff are used, the design and test methods have to be accessible to all testing staff.  They may have to be able to print parts of the document out in order to use it while obtaining samples or conducting analyses.

Following the clinical study test results have to be collated and analysed and reviewed.  Although much of the donkey work is done by computer automated analysis, the end results need to be reviewed carefully prior to submission, and these must be carefully controlled to ensure that partial results and incomplete analyses do not become published.

Locklizard PDF DRM controls can play a valuable role in supporting the control of clinical trials information in life sciences.  Particular features, such as prevention of unauthorized distribution, are very valuable when sensitive documents must be distributed in a tightly controlled manner.

Using Safeguard Enterprise PDF DRM to protect clinical trial data

The focus of life sciences businesses is finding new formulations and getting them to market.  Some say that finding a new formulation is easier than getting FDA approval to distribute?  Perhaps that is unkind.  But the fact remains that having found a new wonder drug you have to jump through the hoops of clinical trials.

Although in theory this could involve only a small number of people and a single test center, reality is that it will need hundreds if not thousands of people and several test centers in multiple countries (if it’s that interesting).

First off you have to design the clinical trial itself, what are the tests, how are they to be conducted, and so on.  This creates the trials reference which must be provided to all the testing teams (whether internal staff or third parties) who have to be able to read the document, possibly printing out sections for use as checklists or procedure guides when tests are being carried out.

Locklizard PDF protection allows you to specify that users can copy and paste sections of content, or that the document can be printed, but at the same can limit the IP address that the request can come from, so document handling can be restricted to specific teams and areas where printing may be supervised (so that a whole document is not printed and then removed).  Typically only a few pages would be needed, so printing the whole document would not need to be permitted.

Safeguard Enterprise PDF DRM can apply the PDF controls we have discussed.  Printing can be prevented whilst copy and paste can be allowed.  Document authorization may be by specific individual, an IP address, or range of addresses, and may have fixed end dates as well as the ability to change the end date if needed.  Logging document opens may be achieved to provide reporting on the actual use of the documentation.

Then we move to reviewing results.  Obviously this is a critical process, both in understanding and interpretation, so it is vital that review documents do not leak outside the reviewers themselves, and that their use of the document(s) is logged to demonstrate that review has properly occurred.

In this case it is not likely that any type of printing would be allowed.  But controlled documents would still need to have access limited to specific individuals and locations identified by ISP addresses, reducing the possibility of any leakage.

Safeguard Enterprise PDF DRM provides all the facilities needed in order to implement the controls described for clinical trials reviews – namely preventing printing, resisting screen capture, restricting access to individuals, an IP address or range of addresses, and logging use of the review documents.

   Life Sciences

Protection of targeted treatment data

Thanks to highly advanced techniques of DNA profiling it is becoming theoretically feasible to target treatments that will more closely match a patient’s specific treatment requirement than ever before.  This is a new and potentially very exciting potential approach to obtaining treatment that is effective for the patient and efficient for the healthcare provider, since it can also reduce side-effects and avoid adverse responses whilst improving treatment response.

Obviously, targeted treatment is, by its nature, highly sensitive.  It requires the use of patient specific formulations and dispensing and treatment cycle have to be controlled if the approach is to achieve the maximum benefits.  This requires that the provider carrying out the profiling and calculations must be able to securely transmit the patient treatment details to the pharmacy unit and to the clinical staffs responsible for treatment administration, and be certain that the information cannot be altered or sent or forwarded to the wrong entity.

Locklizard DRM products are an ideal approach to providing the security needed in this environment.  They can secure PDF documents so that only the designated recipient(s) are able to use them, and can allow limited printing with watermarking to make sure that both the identity of the recipient and the nature of confidentiality are clearly stated.

Using Safeguard PDF Security to protect treatment data

The benefits of DNA analysis go far beyond finding out who our historical ancestors were or providing forensic evidence at a crime scene.  Such analyses can potentially offer the ability to develop therapies that are truly patient centric.

However, targeted solutions are highly confidential for a number of reasons.  Firstly they must be usable only by the people who are authorized to use them. Secondly the recipient must be confident that the therapy has come from the approved source and that following what might be, in the normal course of events, a counter-intuitive approach, has actually been recommended for a reason.  Thirdly they must not leak out to unauthorized third parties (insurers perhaps) where the nuances of treatment may be misunderstood as indicating other conditions that are outside of the treatment in hand.

Healthcare information is considered critical for security purposes in all nation states that regulate data protection (in the USA the HIPAA, in Europe the Data Protection Directive, in Canada PIPEDA, in Australia the Privacy Act, and so on).  As healthcare data become more and more personal so the requirement to prevent unauthorized access and ensure leakage cannot take place beyond the boundaries of the enterprise increases, as does the requirement to implement encryption as part of the controls.

Several parties may be involved in the circulation of this information.  The laboratory that has created by DNA analysis and the treatment schedule has to provide this to a pharmacist as a prescription for dispensing.  The pharmacist will need to review the prescription in the light of any other treatments being used to control other conditions to make sure that there is no clash of drugs (interactions) or over prescription of particular drugs that would make the overall regime unsafe.

One or more clinicians may need to be advised of the prescription, and finally the patient may also need to be advised.

Although this may sound rather complex it is not too forbidding using Locklizard DRM systems to provide PDF document protection.

It is likely that a Document Management System (DMS) will be used to create the separate documents for each participant (they may all have the same basic data but the format and structure could well be quite different).

From the DMS, each document is prepared, and then, using the Locklizard Command Line feature, each document is protected for direct allocation to a specific user.  As soon as it has been protected, the Locklizard Ecommerce feature is used to grant the correct user(s) access to the document.  In the case of patients it may be necessary to use eCommerce to add a new patient prior to granting access to a document.  It may also be necessary to allow the patient to print out the document so that they can show it to someone else whilst retaining the original that cannot be redistributed.

In this way a number of the PDF DRM controls supported by the Locklizard system are brought together to solve an otherwise difficult control problem.  All documents are controlled so that they cannot be seen or used by anyone not authorised.  None of the parties may forward the documents to anyone else.  Applying controls to documents can be automated for reliability and accuracy, and allocation of documents to specific users can also be automated in order to streamline the process.