Drug development today requires more computing resources than ever, especially for targeted and information intensive therapies that amass unprecedented volumes of patient data. In theory, these resources can be provisioned and managed internally—yet one only has to look at the beleaguered healthcare industry to see how this is working out in practice. Many high profile breaches in healthcare over the past years have been the result of internal mistakes within the organization or one of its business associates. The pharmaceutical industry cannot afford such breaches any more than providers can. Nor can the industry continue to attempt to develop 21st century drug therapies with outdated and cumbersome technologies. Imagine, for instance, having to halt drug development at a critical juncture in order to deal with the fallout from a surprise cyber attack, or even just to wait for new servers to arrive.

The good news is that another parallel development negates the need for pharmaceutical companies to spend a small fortune on replacing inadequate IT infrastructure with nimble, secure hardware and software applications. It’s called “infrastructure-as-a-service,” the hosting of data and applications on cloud-based servers. Available on a monthly, pay-as-you-go basis with third party vendors, these services are turning what used to be a capital investment into an affordable operating expense.

Cloudsourcing IT tasks

Drug development is highly collaborative, most notably during the clinical research phase. To that end, collecting and hosting data from multiple parties and locations are among the first “infrastructure as a service” offerings pharma companies should consider. A cloud managed services vendor with a healthcare-exclusive focus will know how to aggregate this data into a cloud environment for hosting, without putting it at risk of security breaches. Specifically, the vendor will be highly knowledgeable about applying FDA and HIPAA security and privacy requirements, including strong access controls, while the data is in transit and at rest. On a related note, a cloud partner can also facilitate data aggregation between pharma companies, contract research organizations (CROs) and providers as they collaborate with each other or acquire vertical entities that have access to patient audiences.

Pharma companies must also have established plans for protecting data that would be difficult—more likely, impossible—to acquire again in the event of a natural or deliberately-caused disaster. Real-time data replication, backup and disaster recovery services should be on the “must” list when choosing services from a cloud data vendor’s portfolio. And it should go without saying that comprehensive security is both a regulatory and business imperative. As hackers frequently change up the kinds of attempts they make to steal protected health information, there must be multiple layers of defense in place. A cloud managed services partner should be able to take on the bulk or all of the work involved here, with a broad portfolio of managed services for security at the network, server, application, data, device, physical environment and other layers.

Some top tier cloud vendors even offer “analytics-as-a-service.” This includes data standardization, presentation and visualization services that help pharma companies, CROs and other partner organizations integrate, share and analyze data from clinical trials. Like other managed services in the cloud, these are also typically available on a pay-as-you-go model.

A nimble IT architecture at hand

In summary, a third party vendor can offer all of the services the pharma industry needs to keep pace with today’s innovations in drug therapies and development. These include:

  • Data migration and aggregation—pulling data from disparate sources into a single cloud-based repository for collaborative use
  • Curation of data—using a clean-once/use-many process that is repeatable and transferable
  • Data analytics—providing data visualization tools, including dashboards and reports
  • Security that meets and exceeds FDA and HIPAA requirements—includes stripping the data of patient identifiable information; maintaining audit trails of who accessed what and when; applying continuous and breach-resistant security at multiple levels; and backup and disaster security.

Drug development is changing. Accordingly, the pharma industry must change the technology methods surrounding drug development to one that is nimble and efficient, as outlined above. Those companies that opt to harness this outsourced, cloud services model will be the ones that sprint ahead.

About the author

Scott Whyte, Advisor & Former Chief Strategy Officer at ClearDATA, is a veteran health IT leader, with more than 25 years of experience serving some of the nation’s largest providers and payers. At ClearDATA, he is responsible for driving innovation, growth, and strategic partnerships. Previously, he was vice president of IT at Dignity Health and vice president and CIO at Phoenix Children’s Hospital.

Originally published by Outsourced Pharma on February 23, 2016.