Issue:June 2025
DRUG ADMINISTRATION - Protecting Patient Data in Cell & Gene Therapy: The Role of Tech Platforms
SAFEGUARDING PATIENT DATA IN THE CGT LANDSCAPE
Cell and gene therapies (CGTs) hold immense promise for treating previously incurable diseases, but their development and commercialization present unique challenges, particularly in safeguarding patient data. The sensitive nature of data used in CGTs, often involving personalized treatments and handling of genetic information, requires heightened attention to patient privacy and data security.
Protecting patient data is obligatory, and unique challenges are associated with managing sensitive information related to CGTs, including patient identification, chain of custody and identity, and the longitudinal nature of the patient journey. This journey encompasses various touchpoints, from diagnosis and starting material collection to manufacturing, treatment administration, and long-term follow-up.
Technology platforms are pivotal to the modern era of healthcare for safeguarding patient data and ensuring compliance with evolving regulations. This is essential given the diverse range of stakeholders involved in the CGT supply chain, from healthcare professionals, approved treatment centers (ATCs), and manufacturers to couriers and technology specialists, all of whom have a role to play in ensuring data security. However, the growing number of CGT products and their associated IT systems has led to healthcare providers experiencing “portal fatigue,” with multiple platforms and logins creating confusion and inefficiency.
The following provides expert insights into the evolving landscape of patient data protection in CGT. It explores the need for robust and adaptable solutions to address the unique challenges of this field, emphasizing the importance of collaboration, standardization, and user-centric design in ensuring patient privacy and security throughout the CGT journey.
THE DATA-DRIVEN PATIENT JOURNEY
The patient journey in CGTs is a complex, data-intensive process, spanning from diagnosis and treatment selection to long-term follow-up. Each stage generates a wealth of data crucial for patient care, treatment efficacy, and regulatory compliance.
KEY TOUCHPOINTS IN THE CGT PATIENT JOURNEY
Diagnosis & treatment selection: Patient medical history, genetic information, and diagnostic tests are gathered to determine eligibility for CGT.
Sample collection: Data are captured regarding the collection, labelling, and transport of patient samples (e.g., blood or tissue) to the manufacturing facility.
Manufacturing: The manufacturing process generates data on cell processing, quality control, and batch records, ensuring the final product meets stringent quality standards.
Logistics & delivery: Data are tracked throughout the transport and delivery of the CGT product, including temperature monitoring, chain-of-custody records, and delivery confirmation.
Treatment administration: Data are captured regarding the date, time, dosage, and any adverse events associated with the administration of the CGT product.
Post-treatment monitoring: Long-term follow-up data are collected to assess treatment efficacy, monitor for any long-term side effects, and contribute to ongoing research and development efforts.
The longitudinal nature of the CGT patient journey, often spanning months or even years, necessitates continuous data tracking and monitoring. However, the use of disparate systems and processes across different stakeholders can lead to data fragmentation and siloed systems. This fragmentation hinders efficient data management, making it difficult to gain a holistic view of the patient’s and the drug product’s journey and potentially compromising patient safety and treatment outcomes.
Orchestration platforms offer a solution to these challenges by providing a centralized system for managing data across the entire patient journey. These platforms can integrate with various systems and stakeholders, streamlining data flow and ensuring data integrity. By unifying data management, orchestration platforms enable real-time visibility into the patient’s progress, facilitate better decision-making, and ultimately contribute to improved patient outcomes.
ENSURING CHAIN OF CUSTODY & IDENTITY FOR CGTS
Accurate patient identification is essential to the inherent personalized and time-sensitive nature of CGTs. The chain of custody and identity are vital throughout the complex CGT supply chain, and any errors or misidentifications can have a devastating impact on patient safety and treatment outcomes.
This CGT supply chain involves a vast network of stakeholders, from healthcare providers and manufacturers to couriers and testing laboratories. This intricate network presents a challenge in maintaining a secure chain of custody and identity, with a high risk of errors or misidentification. Such errors can lead to incorrect patient treatment, product contamination, or regulatory non-compliance.
To mitigate these risks, technology platforms, especially orchestration platforms, are critical for ensuring accuracy throughout the CGT supply chain. These platforms can leverage unique identifiers, such as ICCBBA’s Chain of Identity (CoI) Identifier and other tools to track the CGT product at every step, from sample collection to treatment administration. For instance, a unique identifier can be assigned to each patient given therapy, allowing it to be tracked as it moves through the manufacturing process, quality control checks, and final delivery to the patient. This ensures that the right product is administered to the right patient at the right time.
Technological integration has also been key in replacing paper-based systems that are not sufficient for a compliant chain of identity or custody when commercially supplying CGTs. Electronic systems utilizing orchestration platforms offer a more secure and reliable method for tracking and managing patient data, mitigating the risk of errors, and ensuring compliance with regulatory standards.
These orchestration platforms offer numerous advantages in maintaining the chain of custody and identity:
Centralized data management: These platforms provide a centralized system for managing patient and product data, ensuring that all stakeholders have access to the necessary accurate information.
Real-time tracking: Orchestration platforms allow for real-time tracking of the CGT product throughout the supply chain, providing complete visibility into its location and status.
Reduced risk of errors: By automating data capture and tracking, these platforms minimize the risk of human error and ensure data accuracy.
Improved compliance: Orchestration platforms help ensure compliance with regulatory requirements by providing auditable records of the chain of custody and identity.
PATIENT DATA PROTECTION & SECURITY: SAFEGUARDING SENSITIVE INFORMATION
The generation of data surrounding genetic information, medical history, and other personally identifiable data highlights the need for patient data protection and security in CGTs. The regulatory landscape surrounding patient data protection is constantly evolving, fuelled by the advancement of technologies and an increasing number of ways to collect and apply these data. Regulations such as the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA) set stringent standards for data privacy and security. For example, GDPR mandates the pseudonymization or anonymization of personal data whenever possible, which can be particularly challenging in CGTs where treatments are often tailored to individual patients. HIPAA, on the other hand, requires the implementation of safeguards to ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI), which includes CGT patient data.
The healthcare sector is a prime target for cyberattacks and data breaches, which can have severe consequences for patients, including identity theft, financial loss, and reputational damage. To mitigate these risks, technology platforms handling CGT patient data must implement robust security measures:
Data encryption & anonymization: Encrypting data at rest and in transit helps protect it from unauthorized access, while anonymization techniques can help de-identify sensitive information.
Access controls & user authentication: Implementing strong access controls and multi-factor authentication helps ensure that only authorized personnel can access patient data.
Regular security audits & vulnerability assessments: Conducting regular security audits and vulnerability assessments helps identify and address potential security risks.
Disaster recovery & business continuity plans: Having comprehensive disaster recovery and business continuity plans in place ensures that patient data can be recovered and operations can continue in the event of a cyberattack or other disruption.
Single sign-on (SSO): Implementing SSO can improve security by reducing the number of passwords users need to remember, making it less likely that they will use weak or easily guessed passwords. It can also make it easier for users to access multiple applications, which can improve efficiency and productivity.
In addition to these technical measures, appropriate policies and procedures are essential to ensure that patient data is handled responsibly and ethically. This includes training staff on data privacy and security best practices, establishing clear procedures for data access and disclosure, and regularly reviewing and updating these policies to reflect the evolving regulatory landscape, threat landscape and best practices in data protection.
THE ROLE OF ORCHESTRATION PLATFORMS IN PROTECTING PATIENT DATA
Orchestration platforms can play a crucial role in safeguarding patient data throughout the CGT journey. These platforms act as a central hub for managing data from various sources and stakeholders, streamlining the data management process and enhancing security.
Key features and functionalities of orchestration platforms that contribute to data protection and security include:
Robust chain of custody & identity tracking: Orchestration platforms can track the chain of custody and identity of patient samples and CGT products at every stage, from sample collection to treatment administration. This helps prevent errors and ensures that the right patient receives the right treatment. Orchestration platform design should incorporate a full risk assessment of proposed new features to ensure that these do not introduce a risk of data breaches.
Secure data storage & access controls: These platforms provide secure data storage and access controls, ensuring that sensitive patient data is protected from unauthorized access. They can also help organizations comply with data privacy regulations such as GDPR and HIPAA. For example, systems should employ role-based data access to ensure that personally identifiable information is only visible to personnel who need to see it.
Real-time monitoring & alerts for potential data breaches: Orchestration platforms can monitor data in real-time and generate alerts if any suspicious activity is detected, helping to prevent and mitigate data breaches.
By centralizing and streamlining data management, orchestration platforms can help CGT providers improve patient safety, treatment outcomes, and compliance with data privacy regulations. This not only benefits patients but also helps build trust and confidence in the CGT industry.
A COLLABORATIVE APPROACH TO CGT DATA PROTECTION
Protecting patient data is vital and obligatory in the rapidly evolving CGT landscape. As therapies become more personalized and complex, the need for robust data management and security measures intensifies. Technology, especially orchestration platforms, plays a vital role in addressing the unique challenges of CGT data management, including chain of custody, identity verification, and secure data transfer.
However, technology alone is not enough. Ensuring patient privacy and security requires ongoing vigilance and collaboration among all stakeholders in the CGT ecosystem. This includes healthcare providers, manufacturers, technology developers, regulators, and, most importantly, patients. Open communication and collaboration are crucial to staying ahead of the curve in this dynamic landscape. By sharing best practices, challenges, and solutions, stakeholders can collectively contribute to a more secure and efficient CGT environment.
We encourage further exploration of data protection best practices and the use of orchestration platforms in CGT. By working together, we can ensure that these life-changing therapies reach patients safely and effectively while safeguarding their sensitive data.

Dr. Matthew Lakelin is Head of Consultancy Services & Co-Founder of TrakCel. He earned his PhD in Pharmacology and has over 20 years of experience working in the pharmaceutical and biotechnology industry. He has led the deployment of TrakCel’s software to a wide range of advanced therapies (including CAR-T, TILs, personalized immunotherapies, neoantigen cancer vaccines) and in his role as Head of Consultancy Services is a key spokesperson and responsible for ensuring that TrakCel solutions continue to evolve to meet industry needs.
Total Page Views: 276