Meeting data security requirements for US FDA, HIPAA, and IPSE GxP compliance

Our client, a fast-growing medical research company based in London, was collaborating with a US-based pharmaceutical company on a non-interventional clinical study. They were engaged to provide qualitative and quantitative data collection and analysis. To meet the stringent acceptance criteria set by the US Food and Drug Administration (FDA), they needed to showcase adherence to strict data control guidelines mandated by the Health Insurance Portability and Accountability Act (HIPAA) and IPSE Good Practices (GxP). These guidelines ensure the secure handling of patient health information, aligning with best practices in the healthcare and pharmaceutical industries.

Although our client was compliant with UK and US data privacy regulations, they had limited exposure to the collation and management of clinical trial data and budgetary constraints preventing them from investing in a pre-validated technology stack for this project.

Challenges faced:

  • Limited familiarity with clinical trial data security requirements.

  • Limited budget constraints for acquiring pre-validated technology.

  • Need for compliance with US FDA, HIPAA, and IPSE GxP standards.

HIPPA - Health Insurance Portability & Accountability Act

RightCue’s approach to data security for international pharmaceutical trials

RightCue undertook a Computer Security Validation (CSV) to assess the client’s existing processes and systems. Our team provided advisory support to bridge identified gaps and ensure compliance with US data security standards. The objective was to validate their current processes and systems without the need for a significant financial investment.

Our comprehensive approach involved the following steps:

  • Comprehensive review: We examined the client’s existing policies, procedures, project proposal, and process documents.

  • Stakeholder interviews: In-depth interviews with the project team were conducted to gauge the effectiveness of implemented controls.

  • Regulatory alignment: The identified gaps were analysed against applicable HIPAA Security elements, GxP requirements, and 21 CFR standards.

  • Policy and documentation update: We assisted the client in updating their policies and documentation to address the legal requirements of the project.

  • CSV validation: A formal Computer Security Validation (CSV) was executed to ensure compliance with GxP and 21 CFR standards, and the findings were meticulously documented in a comprehensive report.

Reinforced trust: Establishing medical research data security

Our client can now confidently engage with any US-based client and demonstrate full compliance with US data security and protection standards within their sector. The formal report, detailing the validation processes and compliance measures, was shared with the project sponsor, ultimately contributing to the successful demonstration of legal compliance by the project team. As a result, they secured the prestigious project and reinforced their position as a trusted partner in the medical research domain.

This case study highlights RightCue‘s expertise in navigating complex regulatory landscapes and providing effective solutions to ensure legal compliance for clients in the healthcare and pharmaceutical industries.

Healthcare compliance consultancy

Our team can guide you through the intricacies of data security and protection standards, ensuring your organisation meets the highest standards of compliance.

Find out more

Related articles & guides