Data transfer rules don’t have to hamper biotech innovation, BIO says

Proposed federal rules on exchange of medical data with China and five other “countries of concern” can protect Americans without obstructing the global flow of information that enables biotech innovation, according to comments from the Biotechnology Innovation Organization (BIO).

BIO submitted 14 pages of comments on Nov. 29 to recommend practical changes that would enhance the workability of new rules proposed by the Department of Justice (DOJ).

“BIO believes that together and with appropriate consultation, the U.S. Government can develop effective national security measures that strengthen the legitimate protections of U.S. individuals’ privacy rights and health-related data, while also safeguarding the responsible use of this data to accelerate and drive biomedical research in the United States,” say BIO’s comments, written by Justin Pine, BIO Sr. Director, Health Policy.

The comments underscore the importance of biotechnology as a strategic asset for protecting public health and responding to future pandemics or bioterrorism. They also explain the need to share data to encourage the biotech innovation that enables U.S. leadership in the field.

“Medicine is increasingly a collaboration between data science and clinical science realms. Harnessing health data offers biopharmaceutical companies deeper understanding of disease pathways and ultimately helps develop targeted treatments with improved efficacy and safety,” Pine explains. “As a result, cellular therapies, gene therapies and genome editing with the potential to cure once incurable diseases are a reality today.”

The proposed rules were developed under President Biden’s Feb. 28 executive order, calling for DOJ regulations to prevent large-scale transfer of data on American citizens to countries of concern.

The information regulated would include genomic data, biometric data, personal health data, geolocation data, financial data, and certain kinds of personal identifiers. The countries of concern are China, including Hong Kong and Macau; Cuba; Iran; North Korea; Russia; and Venezuela.

DOJ outlined its plans for the rule in March. Based on initial concerns, DOJ made some alterations to the formal proposal released Oct. 29. For example, the current proposal raises the threshold restricting sharing of biometric data from 100 people to 1,000. It also includes an exemption for clinical-trial data and data that must be submitted for regulatory approval in a country of concern.

But according to BIO, more needs to be done.

BIO’s comments on data transfer rules

Many of BIO’s comments call for changes and clarifications to ensure the exemptions proposed by DOJ can actually be used. Some examples:

• An exemption would allow U.S. drug makers to share data with foreign regulators for the opportunity to make drugs available in a foreign country. But the exemption does not allow sharing data with a foreign company for that purpose, though such an arrangement would be necessary under the regulatory rules in China.
• An exemption would allow data exchanges that are “ordinarily incident to and part of clinical investigations regulated by the U.S. FDA” and transactions “ordinarily incident to and part of the collection or processing of clinical care data indicating real-world performance or safety of products.” BIO explains the need for a clear and sufficiently broad definition of the phrase “ordinarily incident to and part of,” to make this exemption useable.
• An exemption would allow data exchanges that are part of federally funded research or official business of the U.S. government. BIO asks for the rationale for limiting the funding to federally funded research. “It should follow that a similar exemption for scientific research, conducted in accordance with all relevant laws, regulations, and appropriate ethical oversight, should be conferred to all researchers, regardless of whether the source of the funding is from the private sector or the federal government,” BIO’s comments say.

Other requirements that BIO explains must be refined, clarified or changed, so that they make sense within the ordinary workings of drug development, include:

• transfers of data between companies and their overseas affiliates;
• an onerous requirement that companies comply with highly sophisticated Cybersecurity and Infrastructure Security Agency (CISA) data security standards;
• clarification on the difference between allowable vendor agreements and prohibited data brokerages;
• transfers to third-party collaborators for regulatory purposes;
• requirements for special licenses;
• and treating data the same whether it is personally identifiable information, anonymized, pseudonymized, de-identified, or encrypted.

BIO’s comments note the importance of safeguarding Americans’ health data, but add that the rules must also recognize biotech’s contributions to the economy, national security, and public health.

“The proposals in this NPRM present challenges for the U.S.-based innovative biotechnology sector that if not remedied have the potential to significantly disrupt clinical research programs, affecting the speed and efficiency by which we are able to drive innovation and advance science,” BIO’s comments say. “This has consequences for our companies that operate globally, for sustained U.S. leadership in the life sciences, and for those patients and their families around the world who depend on our industry’s innovations that save and greatly improve quality of life.”

DOJ is now reviewing comments from BIO and others. The final proposed rule is expected to take effect early next year and is not likely to be extensively impacted by the change of administration, according to Pine.