Enabling Patient Data Ownership With Self-Sovereign Identity

Hadil Es-Sbai

Encouraged by regulators and health authorities worldwide, the industry is making efforts to promote patient-centric clinical research. These efforts take many different forms and shapes with a shared aim of putting patients at the center of clinical trial design and execution. In this article, we touch upon the current state of patient-centric clinical research, focusing on the areas of convenience, empowerment, and privacy. We then take a leap forward by examining how Self-Sovereign Identity (SSI), a novel decentralized approach to identity and access management, will help advance patient-centric research by enabling patient data ownership.

Patient-centric initiatives in clinical research often entail promoting convenience with the help of decentralized trial tools, such as eConsent, ePRO, and virtual visit solutions. These tools have become increasingly sophisticated over the years, allowing patients to participate from the comfort of their own home by enabling remote patient onboarding, data capture, and doctor-patient interaction.

However, according to a recent industry-wide survey, only 56% of sponsors and CROs think decentralized trials actually improved the patient experience.¹ The main argument is that decentralized trials often use multiple different and disconnected patient-facing applications, thereby adding complexity for patients, especially for those that might not be tech-savvy.

Patient empowerment: a two-way interaction

Next to convenience, patient-centric clinical research centers around empowerment.In the age of growing health literacy and health consumerism, patients have become increasingly autonomous in their healthcare-related decisions. Sponsors can take advantage of this transition by incorporating patient feedback in clinical trial design and execution with the help of tools such as the Patient Protocol Engagement Toolkit and the Study Participant Feedback Questionnaire developed by TransCelerate BioPharma.^2,3 This can be an effective measure, as demonstrated by a study conducted by the DIA, Tufts Center for the Study of Drug Development, and 17 other stakeholder organizations, who evaluated 30 patient-centric clinical research initiatives.⁴ The study concluded that low-cost initiatives such as patient advocacy groups, patient advisory panels, and focus groups generated the highest return compared to some of the more costly initiatives such as gamifying ePRO.

However, sponsors should not forget empowering patients is a two-way interaction, meaning it’s not only about gathering feedback, but also about informing the patient in the best ways possible. While the informed consent process mandates what information needs to be communicated pre-study, information requirements during and post-study are much less rigid.To illustrate, patients are often left in the dark about clinical trial results or what happens with their data after study completion. This is a missed opportunity, since patients will have a natural interest in knowing the trial results and their performance in a study. Therefore, informing patients on how they contributed to the study results and how their data benefits future research endeavors may offer a most-welcome way to boost patient recruitment and retention.

Patient privacy and the GDPR

Thirdly, patient-centric clinical research involves protectingprivacy. As clinical research gets increasingly digital and decentralized, there are growing concerns about privacy and cybersecurity threats. Since healthcare data is often centrally stored, many healthcare institutions have a target on their back and, not surprisingly, ransomware attacks on hospitals have become increasingly common.⁵ Clinical trial stakeholders should therefore consider what additional security measures can be taken to protect patient data and prevent data breaches, in and outside of the clinic.

Privacy is however not only about data security, but also about control. In Europe, GDPR set the stage for providing users with more control over their personal data and thereby enabling a harmonized level of personal data protection. Sponsors that process patient data within the EU and EEA need to comply with the GDPR’s core principles, such as clearly defining the purpose of data collection and limiting data collection to the scope of that specific purpose only. Paradoxically, this incentivizes sponsors to include broad consent clauses in their ICF to ensure their full control over patient data in and outside the context of the study. By including a “wide enough” research purpose for processing patient data, sponsors are not required to ask patients to re-consent in the case of data reuse since the purpose for doing so was covered in the initial ICF. This is a double-edged sword—it provides the sponsor with freedom to reuse and repurpose clinical trial data without involving the patient, but significantly lowers patient autonomy, ownership, and control. Moreover, it begs the question: should the sponsor be the only one to decide what happens with patient data once it’s collected?

The case for patient data ownership

The areas of empowerment and privacy leave significant room for improvement as patients are often left in the dark about what happens to their data. It’s this particular angle that offers a new cornerstone for patient-centricity, a next phase for patient-centric clinical research—patient data ownership.

Patient data ownership moves away from today’s traditional model with the sponsor as the sole owner of clinical trial data. Distributing ownership requires us to rethink how we generate and store study data and redefine how we view the roles of sponsors, sites, and patients in the clinical trial arena. Providing patients with partial (or full) ownership over their data can offer a novel angle to promoting patient engagement and thereby boosting patient recruitment and retention.⁶

Moreover, patient data ownership may also promote the reuse of clinical trial data beyond the context of a single study. Clinical trial data reuse is essential for improving healthcare and reducing drug development costs. Unfortunately, secondary use of patient-level clinical trial is still uncommon, although attitudes surrounding this topic are shifting and the number of industry and policy initiatives in this domain have rapidly increased in recent years.⁷

Building an ecosystem for patient data ownership

To unlock data from its siloed repositories, we need an open, secure, and interoperable ecosystem where sponsors can exchange and discover data.With data being more liquid than ever and with data coming from a growing variety of sources, such an ecosystem is more relevant than ever, but how do we get there?

Several steps have already been taken in the right direction. Industry-wide standardization has been accelerated by organizations such as CDISC, which aims to ensure the interoperability of data across organizational boundaries. The FAIR data principles, introduced by the GO FAIR initiative, take this a step further by advocating for Findable, Accessible, Interoperable, and Reusable data points—thus being mindful of the reuse of data from the moment it is generated.

However, data standardization is only part of the equation. Building an ecosystem that allows for patient data ownership and promotes data reuse will require novel approaches to coordinate identity and access management. Firstly, we need a secure and privacy-preserving way to link each patient to their own corresponding data, regardless of where that data may be stored over time. Secondly, we need an interoperable way to put patients in control of that data, for instance by providing a mobile interface that allows them to selectively disclose data with clinical trial sponsors. Thirdly, we need a tamper-resistant way to keep track of data transactions and underlying terms and conditions across organizational boundaries and systems, so that patients can be informed and, where applicable, be compensated.

Toward SSI

A novel approach to digital identity and access management that meets all of the aforementioned criteria is SSI. As the name suggests, SSI puts users in control of their data. It builds on emerging standards for web interoperability and is considered a cornerstone of the next generation internet—often referred to as ‘Web3’. In practice, patients can use an SSI-enabled mobile app to identify themselves, sign digital documents, and selectively disclose data with other entities over the internet. What’s unique about SSI is that it eliminates the need for a third-party intermediary in any of these processes, meaning patients and external stakeholders can interact in a peer-to-peer and decentralized fashion.

From the perspective of patient-centric clinical research, SSI bring several things to the table. Firstly, SSI excels in empowerment since patients are empowered with their self-owned identity, which they can use to navigate across systems and use to selectively disclose data with authorized individuals. Secondly, SSI excels in privacy, since third-party companies are eliminated from data processing activities such as tracking user activity and/or storing user data in a centralized repository that might be prone to hacking. Lastly, SSI excels in convenience, as SSI can offer patients a single-point access solution that leverages the built-in security and privacy protection features of today’s smartphones such as facial recognition, data encryption, and single sign-on.Now that we’ve covered the relevance of SSI for patient-centric clinical research, let’s touch upon some concrete examples and case studies.

SSI and dynamic consent

As part of a government-supported R&D program, our company Triall is currently building an SSI-enabled mobile app and infrastructure, where we’ve decided to specifically focus on the informed consent process.⁸ Uniquely, the application allows patients to use their self-owned identity to provide, update, and revoke consent—throughout a study as well as post-study for future research purposes. In this way, we aim to facilitate a more dynamic consent where patients can also decide what happens with their data after study completion.

The application leverages open standards for identity and access management (decentralized identifiers and verifiable credentials) to enable an SSI environment that provides patients with more control over their data.Moreover, the underlying infrastructure is integrated with blockchain—a decentralized database that functions as an immutable and system-independent audit trail. This audit trail provides an indisputable record of all consent-related documents, data points, and activities (what’s stored on the blockchain cannot be altered, hence ‘immutable’). It also remains available regardless of where the original data is located (hence ‘system-independent’), which is stored off-chain for privacy purposes. Due to these two features, blockchain-based audit trails offer unique benefits over traditional system audit trails, which tend to become prone to tampering once the eClinical system of choice is retired and data is exported out of the system. They de-risk the changes of data manipulation and promote the reuse of data across organizational boundaries by promoting stakeholder trust.

At Triall, we’ve been implementing blockchain-based audit trails in clinical trials since our successful pilot in 2019 (which marked the world’s first implementation of blockchain in a live and running clinical trial)—a feature that was recently adopted in a multi-center clinical study led by Mayo Clinic.⁹

Looking ahead, an SSI-enabled solution for dynamic consent can also be used in the context of patient recruitment. In this particular use case, patients can use their self-owned identity to manage and maintain a privacy-preserving patient profile with features for selectively disclosing screening data and/or willingness to participate in future studies. Due to the peer-to-peer nature of SSI, patients directly interact with an authorized investigator (or other authorized individual) without involving a third-party intermediary for any type of data processing.

However, the most disruptive potential for SSI lies in enabling novel approaches to clinical trial data management and thereby facilitating patient data ownership. To illustrate, data generated during a study can be directly linked to the patient’s self-owned identity. This could be health or fitness data generated by a wearable, but also data stored in an EDC system. Put simply, SSI enables connecting patient identities to patient-level clinical trial data in a privacy-preserving fashion, even as that data moves across different systems over time. Here, blockchain can serve as an underlying interoperability layer, logging all data transactions in an immutable and system-independent audit trail.

Going forward: moving towards new data ownership models

By combining SSI and blockchain with traditional eClinical technologies, we can thus facilitate new ownership models for clinical trial data. It’s good to underline that this does not by default have to mean that patients have full control over every data point and transaction. We can, for instance, distribute ownership between sponsor, site, and patient, where all stakeholders benefit from future data reuse. This would allow us to work towards a fair power balance between sponsor and patient.

The good news is that we don’t need to completely reinvent the wheel.While we still have a long road ahead towards industry-wide adoption, SSI and blockchain technologies have been in development for over a decade. Many of the enterprise-oriented SSI and blockchain solutions under development today are based on open standards for web interoperability. With interoperability as a cornerstone principle, these solutions are designed to work with traditional systems and infrastructure. Nevertheless, from a process and regulatory perspective, these emerging technologies and standards are likely to have a profound effect on how we conduct and manage clinical research. Success will therefore be determined by buy-in from all relevant stakeholder groups and adoption will require new regulatory frameworks and guidance.

Hadil Es-Sbai, CEO at Triall

References

1. Veeva Systems (2021, December 8). Veeva digital clinical trials survey report. Retrieved January 27, 2023, from https://www.veeva.com/resources/veeva-digital-clinical-trials-survey-report/
2. TransCelerate BioPharma (2022, December 14). Patient Protocol Engagement Toolkit. Retrieved January 27, 2023, from https://www.transceleratebiopharmainc.com/ppet/planning-for-patient-engagement/
3. TransCelerate BioPharma. (2022, December 14). Study Participant Feedback Questionnaire Toolkit. Retrieved January 27, 2023, from https://www.transceleratebiopharmainc.com/assets/patientexperience/study-participant-feedback-questionnaire/
4. Stergiopoulos, S., Michaels, D. L., Kunz, B. L., & Getz, K. A. (2020). Measuring the impact of patient engagement and patient centricity in clinical research and development. Therapeutic innovation & regulatory science, 54, 103-116.
5. Nir, S. M., Otterman, S., & Goldstein, J. (2022, December 12). Cyberattack Hits Brooklyn Hospitals That Serve Poor New Yorkers. Retrieved January 27, 2023, from https://www.nytimes.com/2022/12/12/nyregion/brooklyn-hospital-cyberattack.html?utm_content=161913562&utm_medium=social&utm_source=linkedin&hss_channel=lcp-33200710.
6. Terry, S. F., & Terry, P. F. (2011). Power to the people: participant ownership of clinical trial data. Science Translational Medicine, 3(69), 69cm3-69cm3.
7. Ohmann, C., Banzi, R., Canham, S., Battaglia, S., Matei, M., Ariyo, C., ... & Demotes-Mainard, J. (2017). Sharing and reuse of individual participant data from clinical trials: principles and recommendations. BMJ open, 7(12), e018647.
8. Triall (2022, February 3). Triall awarded R&D grant for blockchain-based eConsent. Retrieved February 1, 2023, from https://www.triall.io/articles/triall-awarded-r-d-grant-for-blockchain-based-econsent
9. Shapiro, L. (2022, September 2). Mayo Clinic to Use Blockchain Technology to Protect Data in Trial. Retrieved January 27, 2023, from https://pulmonaryhypertensionnews.com/news/mayo-clinic-triall-data-integrity-platform-upcoming-pah-trial/.