Pharma Companies, UK Universities Failing to Protect Data | Digital Guardian

The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Pharma Companies, UK Universities Failing to Protect Data

by Chris Brook on Tuesday May 17, 2022

Contact Us
Free Demo
Chat

The findings come courtesy a new investigation via The British Medical Journal (BMJ).

In healthcare, specifically the pharmaceutical industry, sharing sensitive information like clinical trial data, has become the norm over the years. It helps doctors and companies alike make better decisions and helps benefit science's greater good.

While there are by the books standards in place for a lot of these data exchanges, recent findings suggest that in the UK, they're being broken on a regular basis.

That's at least the case for pharmaceutical companies, National Health Service commissioners, and universities, entities that according to the British Medical Journal (BMJ) have continuously breached agreements around sharing patient data, something that's led to hundreds of patient data breaches.

As part of a study which examined audits carried out by NHS Digital over the last seven years, BMJ warned that many organizations are handling information outside of prescribed data contracts and may be failing to protect the confidentiality of patients.

33 organizations were audited in the last 12 months; each one breached data sharing agreements according to the BMJ.

Organizations like GlaxoSmithKline, Virgin Care - acquired by Twenty20 Capital in December 2021 - and universities like Imperial College London and the University of Cambridge are named in the study although each was found to be at different levels of risk when it comes to compliance.

The pharmaceutical company for instance was found to be in high risk to “compliance, duty of care, confidentiality, and integrity" of its data for example in December of last year. It breached the terms of its data sharing agreement with NHS Digital 10 ways, according to the BMJ, but has since been downgraded to “low risk.”

BMJ's study frames the findings with the fact that none of the entities had their access to NHS Digital's data curtailed in light of the breaches – something that would suspend the provision of data and almost certainly could be detrimental to patient care.

Suspending data sharing would "need to be balanced against any negative impact to patient care,” a NHS spokesperson told the peer-reviewed medical trade journal.

Tags: Healthcare, Data Breaches

Recommended Resources


  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.