Security, control of data seen as key barriers to cloud adoption by pharma

There's continued resistance from many pharmaceutical industry executives, who think it's never possible to safely store sensitive data in the cloud.
By Nathan Eddy
10:12 AM
Security, control of data seen as key barriers to cloud adoption by pharma

From improved access to data to the ability to streamline operations and reduce costs, cloud technology offers many potential benefits for the life sciences and pharmaceutical industry, but barriers to adoption still persist.

One challenge is continued resistance by a substantial percentage of executives who think it's never possible to safely store sensitive data in the cloud.

That's the point of view of Jonathan Armstrong, a technology and compliance lawyer at London-based legal services firm Cordery, who noted there is resistance from hospital administrators and also from patients.

Local laws that prohibit transfer and access of data by non-healthcare professionals are another issue Armstrong highlighted, particularly in privacy-centric countries in Europe.

"You can't really have a one-size-fits-all solution because local law might intervene, but also because different apps may have different data security risks," he noted.

Armstrong said another challenge for pharmaceutical companies deploying cloud technology is that a lot of vendors of cloud-based solutions are misleading in their literature.

"Take for example the phrase 'patient data is fully anonymized,'" he said. "Every time I've read that I've found it to be untrue."

He explained somewhere in those data there will be details that make someone identifiable through dates, or locations or an age, making it in fact "pseudo-anonymized" data.

"The theory goes that if you believe the cloud provider, you don't have to follow regulatory principles, but that data is not fully anonymized," Armstrong said. "That incorrect categorization of cloud applications is something we're still dealing with."

The question of control over where data is stored is another major issue slowing pharma's move to the cloud, Dr. Larry Ponemon of the Ponemon Institute said.

"There's a lot of concern about sensitive information winding up in the hands of a cloud provider, where you don't have the final say as to where that data resides," he said. "There's so much sensitivity about sharing that information – if you fail once and that information gets out, the reputation impact would be enormous."

The challenges to adoption will continue center mostly around how tightly these cloud companies are regulated and the implications this has for the transition, Dr. Abed Saif, founding partner and director of cybersecurity advisory services specialist AbedGraham, pointed out.

He explained the two issues that come up time and again are demonstrating a clear, tangible return on investment and security compliance, especially from regulatory and IP protection perspectives.

He noted regulations and best practice standards for cloud security exist for a reason – pharmaceutical companies need to know where the server that's processing and storing the data is, and get even more granular on the exact location, as well as who has access to patient data.

"Make sure you are accessing the right expertise to guide you through your journey and price that into your cloud transition," he said. "By doing this you will ensure you have all the key elements for a secure move to the cloud without any surprises that can upset the business case that made the cloud attractive in the first place."

Focus on: The Future of Pharma

In the month of July, we'll take a closer look at the many answers to this question, as well as exploring what the changing face of pharma means for other healthcare stakeholders.

Nathan Eddy is a healthcare and technology freelancer based in Berlin.
Email the writer: nathaneddy@gmail.com
Twitter: @dropdeaded209