www.mwe.com
Boston Brussels Chicago Düsseldorf Frankfurt Houston London Los Angeles Miami Milan Munich New York Orange County Paris Rome Seoul Silicon Valley Washington, D.C. Strategic alliance with MWE China Law Offices (Shanghai)
© 2014 McDermott Will & Emery. The following legal entities are collectively referred to as "McDermott Will & Emery," "McDermott" or "the Firm": McDermott Will & Emery LLP, McDermott Will & Emery AARPI, McDermott Will & Emery Belgium LLP, McDermott Will & Emery Rechtsanwälte Steuerberater LLP, McDermott Will & Emery Studio Legale Associato and McDermott Will & Emery UK LLP. These entities coordinate their activities through service agreements. McDermott has a strategic alliance with MWE China Law Offices, a separate law firm. This communication may be considered attorney advertising. Prior results do not guarantee a similar outcome.
Big Data Part I: Data-Driven Life Sciences Innovation,
Personalized Medicine and Research
2
Faculty
Matthew Hawryluk, Ph.D., Senior Director, Corporate & Business
Development, Foundation Medicine Inc.
Jennifer C. King, Ph.D., Director of Data Governance for CancerLinQ,
American Society of Clinical Oncology
Terence Hogan, Head of Law & Compliance, Digital Health, Amgen
Amy Hooper Kearbey, Partner, McDermott Will & Emery LLP
Moderator
3
Big Data Part I: Data-Driven Life Sciences Innovation,
Personalized Medicine and Research
Matthew Hawryluk, Ph.D.
Senior Director, Corporate & Business Development
Foundation Medicine Inc.
4
5
From Discovery To Clinic In ~1 Year
From Test
(2/2012)…
… To Treatment
(3/2014)
Matching the correct targeted therapy to the correct patient is diagnostically challenging
as the number of “clinically relevant” genomic alterations increases
6
Diagnostic Challenge: The Number Of Clinically
Relevant Cancer Genes Across Solid Tumors Is High
Clinically relevant genes in non-small cell lung cancer
Base Substitution:
ALK, AKT1, AKT2, AKT3, ATM, BRAF, BRCA1, BRCA2,
CDKN2A, EGFR, ERBB2, FGFR1, FGFR2, GNA11, GNAS, KRAS, MAP2K1,
MAP2K2, MET, NF1, NOTCH1, NRAS, PIK3CA, PIK3R1, PIK3R2, PTCH, PTEN,
STK11, TSC1, TSC2
Short Insertion/Deletion:
ATM, BRCA1, BRCA2, CDKN2A, EGFR, ERBB2, MET,
NF1, NOTCH1, PIK3R1, PIK3R2, PTCH, PTEN, STK11, TSC1, TSC2
Focal Amplification:
AKT1, AKT2, AKT3, CDK4, CCND1, CCND2, CCNE1, EGFR,
ERBB2, FGFR1, FGFR2, KRAS, MDM2, MET
Homozygous Deletion: BRCA1, BRCA2, CDKN2A, NF1, NOTCH1, PIK3R1,
PIK3R2, PTCH, PTEN, STK11, TSC1, TSC2
7
Diagnostic Challenge: Low tumor purity in many clinical
specimens requires diagnostic tests with high accuracy
0 5 10 15 20 25 30 35 40
N
um
be
r o
f M
ut
ati
ons
Mutant Allele Frequency
Capillary sequencing
would have missed
over half the mutations
in this study as 20%
allele frequency is the
lower limit of detection
*Purity = relative proportion of extracted DNA originating from tumor cells
N=107 clinically relevant somatic mutations in FFPE non-small cell lung cancer specimens
Mutant Allele frequency spectrum of known mutations found in a series of clinical samples
Fraction of mutations <5% Fraction of mutations <10% Fraction of mutations <20% Fraction of mutations <25% Fraction of mutations <50% Fraction of mutations <100% 11% 32% 55% 67% 93% 100%
8
Diagnostic Challenge: Many clinical cancer specimens
are small needle biopsies, FNAs and cell blocks
Sample preparation needs be optimized to maximize accuracy and isolate sufficient
material for diagnostic testing from tiny specimens
Percutaneous needle biopsy of lung
nodules under CT fluoroscopic guidance
Formalin fixation and subsequent
9
Number Of Targeted Therapeutics Rising
Target Markers
FBXW7 ROS1 KRAS RET VEGF/VEGFR AURKA CDK4 CCND1 ERBB3 DDR2 DNMT3A GNAQ BRCA1 BRAFCDK6 AKT1 TSC1/2 MET NOTCH1 TSC2 PIK3CA NF1 FLT3 CDKN2A PTEN HER2 KDR GATA3 RAF1 IGF1R ALK TNF STK11 IGF/IGFR FGFR1 MAP2K1
Years
2005
2012
2015
2020
Coming Soon
~700 compounds hitting
~150 targets in
development
2025
IDH1/210
FMI Solution: FoundationOne & FoundationOne Heme
Laboratory
developed tests
Work in routine,
real-world setting
Require small
amounts of routine
tissue
Turnaround time of
~12-14 days for
FoundationOne and
~15-18 days for
FoundationOne Heme
Results delivered
through our Interactive
Cancer Explorer™
>99% sensitivity and
specificity to call mutant
alleles at 5-10%
frequency
for each test
>99% sensitivity and
>95% specificity to
detect gene fusions at
20% frequency for
FoundationOne Heme
Ordered by Oncologist
Sent by Pathologist/Hematologist
Launched Updated Version August 2014: 314 genes, all 4 classes of alterations:
• Base substitutions
• Insertions and deletions
• Copy number alterations
• Rearrangements
Launched December 2013 with genes relevant to target hematologic malignancies:
• 405 genes for DNA Seq
• 265 genes for RNA Seq
• Same DNA performance
• Enhanced fusion detection
Breakthrough Breadth and Sensitivity
Less Time, Cost and Tissue
11
FMI Value Thesis: Three Significant Opportunities
Molecular Information Platform
Every Dataset Adds to Value
• Sticky experience for physicians/pharma
• User interface to translate vast amount of data
BioPharma
• >20 partnerships • >100 clinical trials in
2014
• Value delivered through testing and molecular information delivery
Clinical
• Ordered by physicians across more than 40 countries
Medical Literature
External Clinical Data
Data
Future opportunities in
cancer management
12
ICE: Creating and Maintaining Network Effect
Interactive Cancer Explorer - the FMI physician portal developed in
consultation with Google Ventures
–
Delivers FoundationOne results, including click-throughs to associated scientific
references and clinical trials
–
Enables physicians to integrate our solutions into routine clinical practice
Developing expanding functionality to enable sharing of treatment
and clinical outcomes data
–
Provides additional valuable information to inform physician decision making
–
Promotes physician interaction and creates a community of oncologists
Building dedicated Product Development team
Interactive Cancer Explorer creates a dynamic network effect,
affording optimal care decisions while fostering a collaborative
peer environment
13
Big Data Part I: Data-Driven Life Sciences Innovation,
Personalized Medicine and Research
Jennifer S. King, Ph.D.
Director, Data Governance and Data Services for CancerLinQ
American Society of Clinical Oncology
14
Only
3
%
enroll in
clinical trials.
3%
1.7
people diagnosed with
cancer in the US
MM
15
1.7
people diagnosed with
cancer in the US
MM
97%
of patient data
locked away
in unconnected
files and servers
16
less diverse…
healthier…
younger…
and less diverse…
…than most of the patients oncologists care for every day.
17
1986
One disease
2014
7 molecular drivers
…and more to be
discovered
18 Credit: Dan Masys
Information Overload
In 2013, Medline added 734,052 citations
Assume just 1% of that new literature is relevant to a
doctor's practice
If a doctor reads 2 articles per night….
19
will unlock a universe of practical insights
to improve the care of every patient with cancer.
20
Quality Improvement System:
21
Improving Quality for All Stakeholders
The primary purpose of CancerLinQ is to improve the QUALITY of care
and to enhance outcomes; additional benefits include:
For Patients:
Improved outcomes
Clinical Trial matching
Safety Monitoring
Real time side effect
management
Patient Reported Outcomes
For Providers:
Real time “second
opinions”
Observational and
guideline-driven Clinical
Decision Support
Real time access to
resources at the point of
care
Quality reporting and
benchmarking
For Research/Public
Health:
Mining “big data” for
correlations
Comparative Effectiveness
Research
Hypothesis generating
exploration of data
Identifying early signals for
adverse events and
effectiveness in “off label”
use
22
HIPAA & Healthcare Operations
The HIPAA definition of healthcare operations
includes “quality assessment and improvement
activities”
This is only when NOT “obtaining generalizable
knowledge” as a primary purpose
Business Associate Agreement required, the
23
Example: QI Report from CancerLinQ Prototype
Can drill down by patients, see parameters
Can view scores
by provider
to determine
an intervention
24
Example: ESA Usage in 8,300 Breast Cancer
Cases (using de-identified data)
25
Data Integrity
Using the data appropriately is critical
Different use cases have different data quality
needs and need to be addressed differently
–
Clinical Quality Reports: specific field attributes need to
be as clean and complete as possible
–
Generation/Research: “big data” view, if you have a
huge amount of data, not everything has to be correct
This is a challenge but needs to be carefully
26
Protecting Privacy
Physicians and
practices will be able
to access PHI from
their patients only
Learning, trend-analysis, research, and
guideline development will only be done on
redacted data sets
27
Data Stewardship
There are multiple other stewardship
considerations to take into account in this type of
system
–
Physician Privacy
–
Practice-level data – identifying competitors
–
Proper usage of Quality Improvement reports
–
Patients who see multiple providers at different
locations
28
Big Data Part I: Data-Driven Life Sciences Innovation,
Personalized Medicine and Research
Terence Hogan
Head of Law and Compliance, Digital Health
Amgen
30
What Exactly is Privacy?
Right to control what and how personal
information is processed
–
Includes collection, use, sharing, storage and
destruction
31
What is “Personal Information?”
Personal
Information
Any information relating to an individual whose identity is apparent, or can be
ascertained from the information, by direct or indirect means.
Here are some examples:
Name
Government
Identification
Information
Bank account
information
Email Address
Home or
Business
Address
Telephone
numbers
32
Foundation of Privacy: Fair Information Practices
Eight Fundamental Principles for the Collection of Personal Information (PI)
1.
Collection Limitation
2.
Data Quality
3.
Purpose Specification
4.
Use Limitation
5.
Security Safeguards
6.
Openness
7.
Individual Participation
8.
Accountability
33
34
35
Big Data Part I: Data-Driven Life Sciences Innovation,
Personalized Medicine and Research
Amy Hooper Kearbey
Partner
McDermott Will & Emery LLP
36 36 www.mwe.com
54950815v1
Federal Regulation of Research
Research
Common Rule (OHRP)
FDA
HIPAA (OCR)
NIH
Federal Privacy Act
37
Definition of “Research”
Common Rule:
“Research” means a
systematic investigation,
including research
development, testing
and evaluation,
designed to develop or
contribute
to generalizable
knowledge
HIPAA:
“Research” means a
systematic investigation,
including research
development, testing,
and evaluation,
designed to develop or
contribute to
generalizable
knowledge
38
“Research” under the Common Rule
Common Rule applies to “
research
involving
human
subjects
”
“
Research
” means a systematic investigation, including research
development, testing and evaluation, designed to develop or
contribute to generalizable knowledge
“
Human Subject
” means a living individual about whom an
investigator (whether professional or student) conducting
research obtains (1) data through intervention or interaction with
the individual, or (2) identifiable private information
“
Private Information
” is
identifiable
if the identity of the subject is
or may readily be ascertained by the investigator or associated
with the information
39
“Research” Under HIPAA
HIPAA recognizes “research” but provides special
pathways for:
–
Activities “preparatory to research”
–
Activities that are quality improvement, not
research
40
“Research” Under HIPAA
Special Pathway: Prep to Research
–
No patient authorization is required for a review of PHI by a
researcher if the review is “necessary to prepare a research
protocol or for similar purposes
preparatory to research
”
–
Requires Covered Entity to obtain representations from the
researcher that the review is for activities that are preparatory
to research, no PHI will be removed from the Covered Entity,
and the PHI is necessary for the research purposes
41
“Research” Under HIPAA
Special Pathway:
Quality Improvement Activities
–
Defined as “health care operations” when primary purpose is
not obtaining generalizable knowledge
–
Permits a Covered Entity to use/disclose PHI for quality
improvement activities without patient authorization
–
Business Associate can be engaged by Covered Entity to
support these activities by engaging in a compliant Business
Associate Agreement
42
“Research” Under HIPAA
Special Pathway:
Limited Data Sets
–
HIPAA permits research using a Limited Data Set
without patient authorization
–
Requires compliant Data Use Agreement
–
Limited Data Set must exclude the following identifiers
Names
Postal Street Address
Telephone/Fax numbers
E-mail addresses
SSN
Medical record number
Health plan number
Account number
Certificate/license #
Vehicle identifier/serial #
Device identifier/serial #
URL
IP address
Biometric identifiers (finger/voice prints)
Photos
43
Consent and Authorization for Future Use
Common Rule
–
Consent for future, unspecified uses permitted
HIPAA
–
Requirement
: valid authorization must establish the purpose
for any use or disclosure of PHI
Prior to 2013, OCR interpreted “purpose” to require that authorizations
be study-specific
As of 2013, OCR modified interpretation to permit authorization for
future research uses
–
Application
: Authorization for future research purposes must
adequately describe such purposes such that it would be
reasonable for the individual to expect that his/her PHI could
be used/disclosed for future research.
44 44
Strategy: Finding the Right Balance
SPECIFICITY AS TO FUTURE USES
RE
S
E
A
RCH P
A
R
T
ICIP
A
NT
’S
W
ILLING
NE
S
S
T
O
A
UT
HO
RIZ
E
Balance Point
45
Deceased Persons
Common Rule does not apply to deceased
persons
–
“Human subject” is defined as a living individual
HIPAA regulates use and disclosure of PHI
belonging to a deceased person
–
Information is PHI until 50 years after person’s death
–
Covered Entity must obtain from researcher
Representation that use/disclosure is sought solely for research
on PHI of decedents and that the PHI is necessary for research
purposes
46
Example: Research Repositories
Step 3:
Withdrawal for Research
Step 2:
Manage the Repository
Step 1:
Create the Repository
Key Research Moments
•Use and disclosure of data to
create a repository for future
research studies
Key Research Moments
•Querying the repository to
determine whether there is
sufficient data to support a
particular research study
•Using data to create data sets
for specific research study
Key Research Moments
•Disclosure of data set from
repository to the researcher
Consent/Authorization needed
(or waiver) if fully-identifiable
Can cover future, unspecified
uses (i.e. Step 3)
Under HIPAA, these activities
may qualify as “prep to research”
or health care operations
Under Common Rule, would
likely be considered research
activities
Under both HIPAA and the
Common Rule, this
may
be
research – depends on the
47
Prep to Research
Covered Entity may disclose PHI to a researcher without an
Authorization or Waiver for a review of PHI “necessary to prepare
a research protocol or for similar purposes preparatory to
research” if the Covered Entity obtains certain representations
from researcher:
–
Use of PHI is sought solely for prep to research activities
–
PHI sought is necessary for the research purposes
–
PHI will not be removed from the Covered Entity during or
after the review
48
Prep to Research in a Digital Environment
49
Consumer-Generated Health Information
What is it?
–
Data generated by a consumer’s use of a mobile app,
website, or another digital service that relates to his/her
health.
How is it regulated?
–
Typically not HIPAA
50
Consumer-Generated Health Information
Section 5 of FTC Act: FTC has broad power to
enjoin unfair and deceptive business practices
–
FTC has used this power to bring actions against
businesses operating digital services that were not
transparent
about how and what information is
collected from consumers and how the collected
information is
used
,
shared
, and
secured
.
51
Future of De-Identification: Common Rule
Advance Notice of Proposed Rulemaking
published June 26, 2011 by OHRP
–
Proposal
: Research involving biospecimens requires
written informed consent, even if de-identified
–
Rationale
: Advances in genetics may undermine the
concept
of
“de-identification”
as
it
relates
to
biospecimens
52
Future of De-Identification: HIPAA
Two methods for De-Identification under HIPAA
–
Statistical Method: Statistician determines risk is very
small that information could be used, alone or in
combination
with
other
reasonable
available
information, to identify an individual
53
Future of De-Identification: HIPAA
18 Identifiers Removed Under Safe Harbor Method
Names
Geographic subdivisions smaller
than a state (address, zip code)
Elements of dates except year
(birth date, service date) directly
related to individual
Telephone/Fax numbers
E-mail addresses
SSN
Medical record number
Health plan number
Account number
Certificate/license #
Vehicle identifier/serial #
Device identifier/serial #
URL
IP address
Biometric identifiers
Photos
54
Future of De-Identification: FDA
Regulation does not turn on identifiability
–
De-identified biological specimens used in
FDA-regulated research are still considered “human
subjects”
Exception:
–
FDA exercises enforcement discretion for
informed consent for in vitro diagnostic device
studies involving de-identified human specimens,
but still requires IRB oversight and other
55
Future of De-Identification
Consumer-Generated Health Information
–
Is true “anonymization” possible?
–
White House “Big Data” report (May 2014):
“Anonymization of a data record might seem easy to
implement. Unfortunately, it is increasingly easy to defeat
anonymization by the very techniques that are being developed
for many legitimate applications of big data. In general, as the
size and diversity of available data grows, the likelihood of
being able to re
‐
identify individuals (that is, re
‐
associate their
records with their names) grows substantially.”
56
57
Digital Health: The New Dynamics
Save the Date
Big Data Part 2: Data-Driven Changes to Payment
Models
, January 13, 2015
Mobile Health & Telehealth: Mobile and Telehealth
Technology Create New Business Opportunities
,
58
59
Speaker Biography: Matthew Hawryluk, Ph.D.
Dr. Matthew Hawryluk contributes to the Foundation Medicine team as the Senior Director of Corporate & Business Development. In this role, Dr. Hawryluk negotiates strategic corporate & business development transactions, manages the operational partnerships with pharmaceutical companies and academic medical centers, co-leads the companion diagnostic and regulated products strategy and also leads the molecular information strategy. Matthew has been with Foundation Medicine for almost 4 years.
Dr. Hawryluk completed his undergraduate training in biochemistry at the University of Notre Dame. As a doctoral researcher, Dr. Hawryluk studied Cell Biology and Protein Biochemistry and earned his Ph.D. from the University of Pittsburgh School of Medicine. He completed his M.B.A. at Carnegie Mellon University’s Tepper School of Business, as a Swartz Entrepreneurial Fellow with academic concentrations in finance, marketing, strategy, and organizational behavior. Senior Director, Corporate & Business
Development
Foundation Medicine Inc.
60
Speaker Biography: Jennifer C. King, Ph.D.
Jennifer C. King, PhD, is the Director of Data Governance and Data Services for CancerLinQ, at the American Society of Clinical Oncology (ASCO). Jennifer leads the data governance programs for CancerLinQ, a learning health care system for oncology, and she is establishing the direction and managing the implementation of the CancerLinQ’s data request and utilization process.
Jennifer has a Ph.D. in Molecular Biology from Massachusetts Institute of Technology and a Bachelor of Science degree in Biology from Duke University. She spent five years as a postdoctoral research fellow in translational cancer research studying targeted therapeutics and mouse models of cancer, at both University of California, Los Angeles, and Memorial Sloan-Kettering Cancer Center. After that, Jennifer spent five years at the Conquer Cancer Foundation of ASCO, acting as the Associate Director and Scientific Reviewer for the Grants and Awards Division. She is a member of ASCO, AACR, and AAAS, and serves as an Officer of the Board for a nonprofit childcare center.
Director, Data Governance and Data Services for CancerLinQ
American Society of Clinical Oncology E: [email protected]
61
Speaker Biography: Terence Hogan
Terence Hogan is the Head of Law and Compliance for Amgen’s Digital Health business unit. In this role, he advises his clients on matters of US FDA regulatory concepts in the medical devices, digital applications and Human Factors, as well as counsel on market research and appropriate online interactions with HCPs and/or patients.
In addition, he helps the team develop sound privacy and data protection strategies for projects utilizing large-scope medical or personal data. Over the course of his career, he has helped several multi-national company develop strong health-care compliance programs and policies, Part 11 compliance programs and has assisted in developing programs to protect electronic clinical data.
Terence has a Juris Doctorate from Seton Hall University School of Law and a Masters of Science in Biotechnology from Johns Hopkins.
Head of Law and Compliance, Digital Health
Amgen
62
Speaker Biography: Amy Hooper Kearbey
Amy Kearbey is a partner in the law firm of McDermott Will & Emery LLP and is based in the Firm’s Washington, D.C. office. She focuses her practice on complex regulatory counseling to health care organizations including providers, manufacturers, suppliers, and professional societies. Amy’s regulatory practice covers a range of health care topics, including fraud and abuse laws, Medicare reimbursement, and data privacy.
Amy counsels clients on compliance with Federal health care program requirements, including the Stark Law and the Anti-Kickback Statute. Her work includes prospective counseling in connection with proposed transactions and arrangements as well as defending clients in enforcement actions, including False Claims Act litigation. Amy also counsels providers and pharmaceutical, biotechnology and device manufacturers and suppliers on Medicare coverage, coding, and reimbursement issues. She has experience advising on compliance issues as well as developing and implementing strategies to address specific issues in administrative rulemaking processes, including legal challenges to administrative actions through litigation. She has also represented clients in Provider Reimbursement Review Board proceedings.
Amy also has extensive experience advising clients on data privacy issues, with a particular emphasis on issues associated with data registries. She counsels clients on all aspects of the development and operation of data registries, including requirements under federal and state privacy laws and data governance policies and procedures. Amy has experience with a range of federal and state privacy laws, including the Health Insurance Portability and Accountability Act (HIPAA) and the Patient Safety Act. Partner
McDermott Will & Emery LLP T: +1 202 756 8069
63
Speaker Biography: Jennifer S. Geetter
Jennifer S. Geetter is a partner in the law firm of McDermott Will & Emery LLP and is based in Firm’s Washington, D.C., office. She has been ranked by Chambers USA as a leader in her field. Jennifer is a frequent speaker and author on areas within her practice, including life sciences and biomedical innovation, financial relationships and aggregate spend, data sharing strategies and data privacy and security.
Jennifer routinely advises global life sciences and health care clients on legal issues attendant to biomedical innovation. Her clients include a broad range of pharmaceutical, device, health plan, institutional health care provider, and others. Her work on behalf of these clients focuses her practice on emerging biotechnology and safety issues, research design and compliance, research program structure and operational and compliance infrastructure, personalized medicine, formulary compliance, scientific review and research misconduct proceedings, and emerging issues in the future, unspecified use of biospecimens and data.
Jennifer advises companies on global privacy and data security laws. She regularly advises health care companies regarding compliance with HIPAA, the Privacy Act of 1974, and other federal and state health information privacy laws. She prepares enterprise-wide privacy and data security programs and policies for multinational businesses, including businesses with portfolio companies spanning multi-regulatory environments, and regularly counsels businesses regarding the collection, use, retention, disclosure, transfer and disposal of personal information. Jennifer helps companies proactively protect private information and, in the event of a breach, she helps clients respond and remediate.
Partner
McDermott Will & Emery LLP T: +1 202 756 8205