Appendix RFor-Profit, Primarily Private Funding Example: First Genetic Trust
First Genetic Trust (FGT) is a business that develops information technology (IT) solutions to
address data, privacy, confidentiality, and ethical challenges in genomics and proteomics. It has
created an IT platform with three goals: First, to enable large-scale genomic research and
eventually clinical genomic research; second, to work with pharmaceutical companies to speed
the development and use of new drugs; and third, to enable clinical adoption of genomics.
FGT is focused on supporting genetic research as a trusted third party, by providing a highly
secure, Web-based IT infrastructure for genetic banking, as a cornerstone of an integrated
research solution for patient recruitment and informed consent, and medical and genetic data
acquisition, transfer, storage, and analysis. The patient, physician, investigators, administrators,
and laboratory personnel can dynamically interface via the Web for patient education,
information regarding the scope of the proposed research, and the consent process. The physician
has similar access to aggregating phenotypical clinical data and obtaining clinical samples.
To address privacy and confidentiality protection, FGT has developed the enTRUST Genetic
Banking System, using Web-based architecture and a highly secure, distributed genetic banking
system. The FGT enTRUST Genetic Banking System consists of:
- An integrated genetic banking system designed for recruiting large-scale cohorts and
developing and managing biospecimen and data resources on a worldwide basis
- A scalable, secure IT infrastructure, which includes encrypted data transfer and encrypted
identity, phenotypic and genotypic databases, and high security access control
- A system compliant with legal, ethical, and regulatory aspects of collecting samples and
data in the United States and Europe. FGT has designed its system to be fully compliant
with the Health Insurance Portability and Accountability Act (HIPAA) in the United
States and the Data Protection Act and Data Protection Authority of the European
Commission.1
- Regulatory compliance of computer systems (21 Code of Federal Regulations, part 11)
and clinical trials (cGXP)2 and quality assurance standards. As
the trusted third party,
FGT and enTRUST have been successfully audited for cGXP compliance by two major
pharmaceutical companies, and they have been reviewed and approved for research use
by 20-plus institutional review boards (IRBs).
This system uses “Virtual Vault,” Hewlett Packard’s military-grade operating system, which
leverages standard security technology for encryption and intrusion detection and exceeds both
HIPAA and European Directive requirements for data collection, consent, data accuracy, and
adequate data security. Patients are assigned an encrypted electronic identifier, which serves as a
virtual private identity and is stored in one dataset; phenotypic or clinical information is stored in
a second dataset; and genotypic data are stored in a third dataset. The three datasets are linked
through the patient’s virtual private identity. Information is accessed through role-based access
control mechanisms. Role-based access authorizes individuals to view specific information based
on their role (e.g., research associate, Principal Investigator, statistician, IRB member) and is
controlled via login identification.
FGT aggregates data via a Web-based architecture that interfaces with existing datasets. Data are
accumulated, cleaned, aggregated, and stored in a repository. A common architecture in the
system provides for distributed, centralized sample banking. There are four basic classes of
access:
- Patients or study participants have access to an electronic record of their consents.
- Physicians and investigators have access to phenotypic and clinical data.
- Research assistants who are characterizing the data can enter data online.
- Sponsors/collaborators have access to the data they need to manage the study.
The FGT research management tools are all Web based. They include consent and reconsent
modules (including information feedback to the patient, such as genetic counseling), clinical and
genomic data capture, the ability to configure specific studies, sample logistics and banking,
remote clinical data capture, study contract storage, and bioinformatics. Data representation
standards support data exchange and mining, including aggregation of complex studies.
Multiple privacy categorization of tissues is possible, and FGT consent forms should be
examined as possible models. The dynamic consent and reconsent mechanism allows for sharing
of patient resources and permits information to be tailored to a particular study. The consent
process uses an e-signature with a proxy option. This method also enables acquisition of current
data for longitudinal studies.
FGT is involved in numerous sponsored research studies and biobanking/translational genomics
initiatives with both academic and commercial entities. For example, it is working on a large
pharmaceutical protocol in the United States and Europe, which received favorable review from
19 IRBs. Patient enrollment and sample data aggregation across multiple sites and countries are
nearly complete. A second example is a breast and ovarian cancer research program at Memorial
Sloan-Kettering Cancer Center that enrolled its first patient in early 2003. The company is
working with a series of major academic institutions (e.g., Howard University), Pfizer, and the
International Genomics Consortium on complex cohort and banking projects covering most of
the functionality specified in this document.
Since FGT is a trusted third-party banking technology provider, data access rights and policies
are determined by the sponsor of the banking initiative. Public and “managed data access”
models both can be accommodated. Histopathological image data are not currently available, but
it is technologically feasible to provide them. The design protocol can be written to automatically
aggregate clinical updates and secular outcomes.
|