Issue:June 2025

DRUG ADMINISTRATION - Protecting Patient Data in Cell & Gene Therapy: The Role of Tech Platforms


SAFEGUARDING PATIENT DATA IN THE CGT LANDSCAPE

Cell and gene therapies (CGTs) hold immense promise for treating previously incurable diseases, but their development and commercialization present unique challenges, particularly in safe­guarding patient data. The sensitive nature of data used in CGTs, often involving personalized treatments and handling of genetic information, requires heightened attention to patient privacy and data security.

Protecting patient data is obligatory, and unique challenges are associated with managing sensitive information related to CGTs, including patient identification, chain of custody and iden­tity, and the longitudinal nature of the patient journey. This jour­ney encompasses various touchpoints, from diagnosis and starting material collection to manufacturing, treatment adminis­tration, and long-term follow-up.

Technology platforms are pivotal to the modern era of healthcare for safeguarding patient data and ensuring compli­ance with evolving regulations. This is essential given the diverse range of stakeholders involved in the CGT supply chain, from healthcare professionals, approved treatment centers (ATCs), and manufacturers to couriers and technology specialists, all of whom have a role to play in ensuring data security. However, the grow­ing number of CGT products and their associated IT systems has led to healthcare providers experiencing “portal fatigue,” with multiple platforms and logins creating confusion and inefficiency.

The following provides expert insights into the evolving land­scape of patient data protection in CGT. It explores the need for robust and adaptable solutions to address the unique challenges of this field, emphasizing the importance of collaboration, stan­dardization, and user-centric design in ensuring patient privacy and security throughout the CGT journey.

 THE DATA-DRIVEN PATIENT JOURNEY

The patient journey in CGTs is a complex, data-intensive process, spanning from diagnosis and treatment selection to long-term follow-up. Each stage generates a wealth of data crucial for patient care, treatment efficacy, and regulatory compliance.

 KEY TOUCHPOINTS IN THE CGT PATIENT JOURNEY

Diagnosis & treatment selection: Patient medical history, genetic information, and diagnostic tests are gathered to determine eli­gibility for CGT.

Sample collection: Data are captured regarding the collection, labelling, and transport of patient samples (e.g., blood or tissue) to the manufacturing facility.

Manufacturing: The manufacturing process generates data on cell processing, quality control, and batch records, ensuring the final product meets stringent quality standards.

Logistics & delivery: Data are tracked throughout the transport and delivery of the CGT product, including temperature monitor­ing, chain-of-custody records, and delivery confirmation.

Treatment administration: Data are cap­tured regarding the date, time, dosage, and any adverse events associated with the administration of the CGT product.

Post-treatment monitoring: Long-term fol­low-up data are collected to assess treat­ment efficacy, monitor for any long-term side effects, and contribute to ongoing re­search and development efforts.

The longitudinal nature of the CGT patient journey, often spanning months or even years, necessitates continuous data tracking and monitoring. However, the use of disparate systems and processes across different stakeholders can lead to data fragmentation and siloed systems. This fragmentation hinders efficient data man­agement, making it difficult to gain a ho­listic view of the patient’s and the drug product’s journey and potentially compro­mising patient safety and treatment out­comes.

Orchestration platforms offer a solu­tion to these challenges by providing a centralized system for managing data across the entire patient journey. These platforms can integrate with various sys­tems and stakeholders, streamlining data flow and ensuring data integrity. By unify­ing data management, orchestration plat­forms enable real-time visibility into the patient’s progress, facilitate better deci­sion-making, and ultimately contribute to improved patient outcomes.

 ENSURING CHAIN OF CUSTODY & IDENTITY FOR CGTS

Accurate patient identification is es­sential to the inherent personalized and time-sensitive nature of CGTs. The chain of custody and identity are vital throughout the complex CGT supply chain, and any errors or misidentifications can have a devastating impact on patient safety and treatment outcomes.

This CGT supply chain involves a vast network of stakeholders, from healthcare providers and manufacturers to couriers and testing laboratories. This intricate net­work presents a challenge in maintaining a secure chain of custody and identity, with a high risk of errors or misidentification. Such errors can lead to incorrect patient treatment, product contamination, or reg­ulatory non-compliance.

To mitigate these risks, technology platforms, especially orchestration plat­forms, are critical for ensuring accuracy throughout the CGT supply chain. These platforms can leverage unique identifiers, such as ICCBBA’s Chain of Identity (CoI) Identifier and other tools to track the CGT product at every step, from sample collec­tion to treatment administration. For in­stance, a unique identifier can be assigned to each patient given therapy, allowing it to be tracked as it moves through the manufacturing process, quality control checks, and final delivery to the patient. This ensures that the right product is ad­ministered to the right patient at the right time.

Technological integration has also been key in replacing paper-based sys­tems that are not sufficient for a compliant chain of identity or custody when commer­cially supplying CGTs. Electronic systems utilizing orchestration platforms offer a more secure and reliable method for tracking and managing patient data, mit­igating the risk of errors, and ensuring compliance with regulatory standards.

These orchestration platforms offer numerous advantages in maintaining the chain of custody and identity:

Centralized data management: These platforms provide a centralized system for managing patient and product data, en­suring that all stakeholders have access to the necessary accurate information.

Real-time tracking: Orchestration plat­forms allow for real-time tracking of the CGT product throughout the supply chain, providing complete visibility into its loca­tion and status.

Click image to enlarge

Reduced risk of errors: By automating data capture and tracking, these platforms minimize the risk of human error and en­sure data accuracy.

Improved compliance: Orchestration platforms help ensure compliance with regulatory requirements by providing au­ditable records of the chain of custody and identity.

PATIENT DATA PROTECTION & SECURITY: SAFEGUARDING SENSITIVE INFORMATION

The generation of data surrounding genetic information, medical history, and other personally identifiable data high­lights the need for patient data protection and security in CGTs. The regulatory land­scape surrounding patient data protection is constantly evolving, fuelled by the ad­vancement of technologies and an in­creasing number of ways to collect and apply these data. Regulations such as the General Data Protection Regulation (GDPR) and the Health Insurance Portabil­ity and Accountability Act (HIPAA) set strin­gent standards for data privacy and security. For example, GDPR mandates the pseudonymization or anonymization of personal data whenever possible, which can be particularly challenging in CGTs where treatments are often tailored to in­dividual patients. HIPAA, on the other hand, requires the implementation of safe­guards to ensure the confidentiality, in­tegrity, and availability of electronic protected health information (ePHI), which includes CGT patient data.

The healthcare sector is a prime tar­get for cyberattacks and data breaches, which can have severe consequences for patients, including identity theft, financial loss, and reputational damage. To miti­gate these risks, technology platforms handling CGT patient data must imple­ment robust security measures:

Data encryption & anonymization: En­crypting data at rest and in transit helps protect it from unauthorized access, while anonymization techniques can help de-identify sensitive information.

Access controls & user authentication: Implementing strong access controls and multi-factor authentication helps ensure that only authorized personnel can access patient data.

Regular security audits & vulnerability as­sessments: Conducting regular security audits and vulnerability assessments helps identify and address potential security risks.

Disaster recovery & business continuity plans: Having comprehensive disaster re­covery and business continuity plans in place ensures that patient data can be re­covered and operations can continue in the event of a cyberattack or other disrup­tion.

Single sign-on (SSO): Implementing SSO can improve security by reducing the num­ber of passwords users need to remember, making it less likely that they will use weak or easily guessed passwords. It can also make it easier for users to access multiple applications, which can improve efficiency and productivity.

In addition to these technical meas­ures, appropriate policies and procedures are essential to ensure that patient data is handled responsibly and ethically. This in­cludes training staff on data privacy and security best practices, establishing clear procedures for data access and disclosure, and regularly reviewing and updating these policies to reflect the evolving regu­latory landscape, threat landscape and best practices in data protection.

THE ROLE OF ORCHESTRATION PLATFORMS IN PROTECTING PATIENT DATA

Orchestration platforms can play a crucial role in safeguarding patient data throughout the CGT journey. These plat­forms act as a central hub for managing data from various sources and stakehold­ers, streamlining the data management process and enhancing security.

Key features and functionalities of or­chestration platforms that contribute to data protection and security include:

Robust chain of custody & identity track­ing: Orchestration platforms can track the chain of custody and identity of patient samples and CGT products at every stage, from sample collection to treatment ad­ministration. This helps prevent errors and ensures that the right patient receives the right treatment. Orchestration platform design should incorporate a full risk as­sessment of proposed new features to en­sure that these do not introduce a risk of data breaches.

Secure data storage & access controls: These platforms provide secure data stor­age and access controls, ensuring that sensitive patient data is protected from unauthorized access. They can also help organizations comply with data privacy regulations such as GDPR and HIPAA. For example, systems should employ role-based data access to ensure that person­ally identifiable information is only visible to personnel who need to see it.

Real-time monitoring & alerts for poten­tial data breaches: Orchestration plat­forms can monitor data in real-time and generate alerts if any suspicious activity is detected, helping to prevent and mitigate data breaches.

By centralizing and streamlining data management, orchestration platforms can help CGT providers improve patient safety, treatment outcomes, and compliance with data privacy regulations. This not only benefits patients but also helps build trust and confidence in the CGT industry.

A COLLABORATIVE APPROACH TO CGT DATA PROTECTION

Protecting patient data is vital and obligatory in the rapidly evolving CGT landscape. As therapies become more personalized and complex, the need for robust data management and security measures intensifies. Technology, espe­cially orchestration platforms, plays a vital role in addressing the unique challenges of CGT data management, including chain of custody, identity verification, and secure data transfer.

However, technology alone is not enough. Ensuring patient privacy and se­curity requires ongoing vigilance and col­laboration among all stakeholders in the CGT ecosystem. This includes healthcare providers, manufacturers, technology de­velopers, regulators, and, most impor­tantly, patients. Open communication and collaboration are crucial to staying ahead of the curve in this dynamic landscape. By sharing best practices, challenges, and so­lutions, stakeholders can collectively con­tribute to a more secure and efficient CGT environment.

We encourage further exploration of data protection best practices and the use of orchestration platforms in CGT. By working together, we can ensure that these life-changing therapies reach patients safely and effectively while safeguarding their sensitive data.

Dr. Matthew Lakelin is Head of Consultancy Services & Co-Founder of TrakCel. He earned his PhD in Pharmacology and has over 20 years of experience working in the pharmaceutical and biotechnology industry. He has led the deployment of TrakCel’s software to a wide range of advanced therapies (including CAR-T, TILs, personalized immunotherapies, neoantigen cancer vaccines) and in his role as Head of Consultancy Services is a key spokesperson and responsible for ensuring that TrakCel solutions continue to evolve to meet industry needs.