In part 1 of this series, we explained how blockchain technology can be leveraged to enhance data integrity, auditability, and traceability in clinical trials. In this article, we dive into other unique opportunities offered by blockchain, focusing specifically on digital identity management.
This article is the second in a three-part series on blockchain in clinical trials, and was adapted from the Triall whitepaper (which you can download by following this link). Triall’s mission is to enable a future of smarter, safer and more-efficient clinical trials by delivering blockchain-enabled solutions for clinical trial professionals.
Blockchain has become famous with the rise of cryptocurrencies such as Bitcoin, but the technology can be implemented in many more ways, centering around processes and activities that involve a multitude of different stakeholders, data flows, and contractual arrangements. Lately, blockchain is also being praised as a revolutionary tool for digital identity management, offering to streamline authentication processes and shift data ownership rights. Before we address this particular use case, let’s first have another look at the learning points from the previous article.
Key learning points from the previous article
- Clinical trials require efficient communication of sensitive information among many different specialty stakeholders.
- Over the past decade, trials have become increasingly complex, digitalized and data-heavy, with data coming from a growing number of different sources, such as sensors, wearables, and mobile devices.
- Blockchain technology offers a means to promote data integrity, auditability, and traceability in clinical trial recordkeeping and data management.
- To fully reap the benefits of this technology, blockchain should be implemented in conjunction with ‘traditional’, time-proven technologies, while following industry best practices and quality guidelines.
The first clinical trial on the blockchain
Did you know Triall is the world’s first organization to apply blockchain technology in a live and running clinical trial? Read about it here.
What’s the fuss about digital identity management?
As the world’s interactions are increasingly taking place in the digital realm, how can we ensure that sending and receiving parties are who they say they are? And how can we ensure that the data content of their interactions is not intentionally or unintentionally manipulated in transit?
Until recently, paper documents and manual signatures were the gold standard to prevent inaccuracies in clinical trial processes. Paper-based processes are slow and inefficient, however, and documents can go missing during storage or transit. More and more stakeholders are therefore seen to make the switch to electronic records. Yet, adopting a paperless operating environment comes with its fears and challenges.
As explained in an earlier article, clinical trials involve many sites and require close interactions between a manifold of specialty stakeholders. These stakeholders tend to be reluctant in sharing data and information across organizational boundaries in fear of privacy and security issues. As a consequence, clinical trials suffer from information silos, in turn resulting in a lack of oversight for those that are in charge of keeping track of the clinical trial’s processes and activities – a crucial job from a regulatory, patient safety, and commercial perspective.
A tamper-proof and regulatory compliant infrastructure for digital identity and access management is required for secure, trustworthy, and therefore efficient digital interactions between clinical trial stakeholders. As discussed below, blockchain technology offers effective mechanisms to enable such an infrastructure.
Decentralized Identifiers: the next generation of digital identity
A digital identity is a digitally-stored set of attributes relating to an entity, e.g. a person, document, asset, device, or organization. This information is usually stored in a centralized repository. Uniquely, with a Decentralized Identifier (DID), this information is stored on a blockchain ledger, hence the term ‘decentralized’. The DID is called an ‘identifier’ because it points (similar to a URL) to the digital identity, i.e., the information stored in a so-called ‘DID document’.
DIDs form the basis for the future of digital identity management. They can be assigned to any type of entity (the ‘DID subject’) and can be used in activities such as the signing of documents, web authentication, access control, and voting. DIDs are used to achieve security and privacy-protection guarantees, form the basis for verifiable claims and may ultimately realize a state where individuals have the sole ownership of their digital identities as well as control over how their personal data is shared and used (something which is absent in today’s society where identities are often not in control of the rightful owner).
DIDs in clinical trials
DIDs are particularly interesting for clinical trials, because of the high number of segregated stakeholders and sensitive information involved. They can facilitate private, peer-to-peer communication and data exchange not only between individuals, but also between devices, systems, and organizations. So how exactly is this relevant in the clinical trial space?
Cryptographic access control—Integrating applications and devices in complete confidentiality
Lack of integration and interoperability within the eClinical space
In the past decade, numerous clinical trial IT solutions have emerged, aiming to smoothen trial operations and data management. These are collectively referred to as eClinical solutions and aim to replace the manual, ad hoc and paper-driven procedures of clinical trial operations. According to recent estimates, stakeholders involved in clinical trials use on average six different eClinical solutions side by side. These function-specific solutions are used for activities such as recording clinical data, tracking clinical trial progress and performance, and managing trial-related documents.
Ironically, the majority of eClinical solutions are unable to communicate with each other, and indeed, a recent industry-wide survey concluded that virtually all clinical researchers report the need to integrate the siloed eClinical solutions currently offered on the market. Nevertheless, integration is not an easy task as clinical trials involve large amounts of sensitive data, with international trial regulations stipulating that clinical data must be restricted to authorized individuals only (EU Clinical Trial Directive, FDA 21 CFR part 11).
DID-enabled access control
Through a cryptographically secured system of identity and access management, blockchain technology can rule out unauthorized access to data. A DID-enabled access control manager enables peer-to-peer communication in complete confidentiality, in which the provider of an eClinical solution may authorize any other party in the network to read designated metrics. Such a solution enables eClinical providers to: (1) choose which data points they want to share, (2) authorize the eClinical solutions of other providers to read these data points, and (3) define how they can access this data (service discovery).
In technical terms, this means all data is stored behind service endpoints that are under the control of the DID subject (the eClinical provider), where DIDs can facilitate a privacy architecture in which data may be exchanged on a private, peer-to-peer basis using communication channels identified and secured by the public key descriptions associated with the DIDs. This fully complies with the GDPR’s right to be forgotten, as no sensitive and/or personally-identifiable information (PII) is stored on the blockchain ledger. Authorization permissions can be defined in smart contracts and restricted to specific public keys, amendable by the sharing party, and viewable to both the sharing and receiving party.
This approach allows for near real-time and specific integration of different eClinical solutions and realizes a situation in which function-specific and previously isolated eClinical solutions may start to act in concert. This DID-enabled approach to integration is powerful, as decisions to authorize access remain fully with the data-providing party instead of with a centralized administrator. Therefore, an eClinical provider can rest assured that its data remains confidential and can only be read by those parties it authorized to do so.
Data ownership—Patients taking control of their data
DIDs allow for several other unique use cases since they enable individuals to take ownership of their own personal data. They therefore offer a technical solution to patients who want to have more control on how their data is used for future research purposes. Using a DID-enabled solution, patients have full ownership of their data and therefore can be compensated accordingly. This becomes increasingly relevant as clinical research moves from centralized hospitals towards the patient homes, where patients are monitored using mobile devices, sensors, and wearables.
Wrapping it all together
Blockchain can function as a valuable tool in supporting data sharing and management in clinical trials. The technology can act as a gatekeeper in connecting currently siloed data repositories and ultimately will help clinical researchers to make faster and better-informed decisions regarding trial management, monitoring, and resource allocation. Consolidating different data sets will also lead to a more complete and higher-quality dataset that can be used for advanced (AI-enabled) data analytics, facilitating a more ‘risk-based’ and preventative decision-making model as well as the development of new insights into the quality, safety, and efficiency of clinical trial operations.