How blockchain turns medical traceability to become more valuable
10. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 10 In France, it is the “CNIL” for “French Data Protection Authority” that delivers a seal for “organizations which guarantee a high level of data protection” 8 . Figure 2 : CNIL label. Source: CNIL 8 CNIL (2018) - Commission Nationale de l'Informatique et des Libertés - Privacy seals
70. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 70 Glossary A I: Artificial Intelligence BPR : Business process re - engineering GDPR : General Data Protection Regulation HADS : ”Hébergeur Agréé de Donnée de Santé”, Certified medical data host IoT : Intern et of Things TTP : Trusted Third Party
47. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 47 On another side, some initiatives emerged regarding the informed consent with a mobile application to collect them more efficient ly, and a new device, the “Point of care” 42 for better earlier diagnostics of allergies. The second on e is not directly involved in the clinical study process , but can give an idea how to enable faster data collection in the sites side. B oth are currently i n a testing phase . 42 Novartis (2018) - New Novartis point of care Niji™
1. How b lockchain turns medical traceability to become valuable ? Executive Specialized Master Strategic Management of Information and Technology Professional thesis written by Philippe Schweitzer Tutor Joseph NEHME Associate Professor, HEC Paris, Operations Management and Information Technology Department Jury Marie Helene Delmond Associate Professor, HEC Paris Scientific Co - director Executive Mastère MSIT Fabien Coelho Professor, MINES ParisTech, Scientific Co - director Executive Mastère MSIT Class of 2018
24. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 24 Software development traceability 26 Software development in medical field faces many challenges by the fact they are also considered, or being part, of medical devices. There are many sources of regulation, but unfortunately produced without so much concertation between countries/continents and have different exceptions. Indeed, ones focusses more on some aspects, and others to different ones. Software development must be compliant with medical devices regulation even if there are immaterial products. Therefore, the organization in charge of development process must show a clear linkage between the software and the maintenance lifecycle. This implies a strong traceability process fr om the origins and motivations of a requirement, to design, development, test and maintenance stages, including all request/change/problem managements and risks assessments. Like anywhere else, traceability aims to ensure a sufficient quality level for so ftware development. 26 Sriram T., and Kingshuk K. S. (2011), Medical device standards' requirements for traceability during the software development lifecycle a nd implementation of a traceability assessment model
15. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 15 Figure 3 : Medical devices classification examples. Sou r c e: L es disposi tifs médicaux - Véronique Belmas 15 Class I (hospital bed) Class IIa (contact lent) Class IIb (dialysis machine) Class III (implant) Coronary stent (stent coronarien) 15 Belmas V. (2016) - Les dispositifs médicaux
30. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 30 - Process optim ization, by moving some manual asynchronous processes from material “state”, to software - automated material “localization”, implying the automated sta t e change s . Following figure shows the result on human resources costs , please refer to their research for more explanation . Figure 7 : Comparison of scenarios cost. Source: Improving logistics processes of surgical instruments: case of RFID technology The study made abstraction of the initial costs for the RFID architecture implement ation (total costs of ownership), as well as for initial cost of tagging the entire set of material s , which they considered making part of organizations management scope. In this study we saw that a first investment was made towards digitalization, but the conclusion shows a significant potential difference remaining, which depend s on the level of investment.
4. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 4 Acknowledgements First of all, I would like to thank my family members and especially my two kids for their patie nce during the master period. It was not easy to always understand why their daddy was occupied for a so long time on homework and stay in Paris. Alongside, I also would like to thank my parents who have gave the best support they could during the same per iod. I would like to thank Marie - Hélène Delmond and Fabien Coelho, both co - directors of the Executive Specialized Master in Strategic Management of Information and Technology , for all the y job, commitments and guidance in the process . I thank my tutor, Jos eph Nehme, for the time he spent answering my questions and helping me to realize this work despite his busy agenda. I would like to express my great appreciation to all the persons who have agreed to participate in my fieldwork and have spent so much time answering my interview questions and exchanging ideas with me . Finally, I want to thank my company and my colleagues, and all other person how took part on this journey for their support as well .
56. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 56 4. Recommendations T he global trend for digitalization of the economy is pushing the economic actors to think beyond the business model th e y are actually running. Indeed, lots of examples shows how the Internet democratization, and usages evolution jeopardizes entire economic sectors, either by intermediation of disintermediation processes. The statement , at this time , is well visible for B2C models (hotel, taxies, e - commerce etc..) . For B2B, things are a bit different. Even though the persons are obviously the same, their beh avior are different when they are either in the personal or in the professional context. In the context of a consumer, the decision process is much simpler and faster. Eventually subject to non - rational behaviors as well, while in a professional context t he inertia is generally proportional to the size of the institution. Such inertia is beneficial to ensure the decisions are not prejudicial for the organization strategy. It also depends on the capital intensity stakes and the complexity of processes invol ved . However, by not looking far enough, implicitly in a constantly changing world, the risk of seeing disruptive business models raises and is often too late when new actors emerged and became more visible or main stream.
7. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 7 those could jeopardize the pharma industries sales revenues , reputation and therefore their future innovation capacity as well 4 . T here are various kind s of supply chains in the medical area, the ones related to drugs manufacturing processes, clini cal studies, one those for medical devices delivery. At the moment, and despite of the benefits for the quality of service and for better patients’ health, global efforts for achieving traceability compliance continue to be expensive and is perceived as pa inful, why not overkill, for the organizations. We will try to figure out in this thesis what are actually the main compliance issues, for both personal and non - personal data, how their cost can be reduced, and how they potentially could become a source o f better profitability . 4 Blackstone E.A., Fuhr J.P. and Pociask S. (2014) - The Health and Economic Effects of Counterfeit Drugs
26. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 26 Proper use traceability T he possibility to implant, without limitation any innovating active medical device, and/or those invoiced in addition, is autoregulated by the good usage and therapeutic indications. In France, there is a list of such devices reimbursed by the health insur ance. Codification and indication of the devices allow the qualitative and quantitative monitoring, by relevant regulatory organizations. This transfer of information is implemented by the digitalization of medicines circuit, the patients’ identification a nd chosen indication in compliance with therapeutic indications on the list . The compliance , with this proper use contract by the care facility , is a prerequisite for reimbursement by the health insurance. Objective is to enhance and secure drugs and medic al devices circuits, and keep the guarantee of 100% reimbursement by the health insurance . logistic traceability Logistic traceability is fundamental for obvious reasons of inventory management. Indeed, for acquiring the useful product at the best moment, for the good patient, and at the correct dosage. For a long period of time, disposable medical devices were promoted especially for sterilization concerns. However, for reaching a more sustainable development economy, the trend is moving to reusable devi ces, along with the traceability growing maturity process.
64. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 64 particular case is represented by a source code. And therefore, source code in not intelligible by every one... At the end, we can state that usage of smart contracts remains very sen sitive, especially on aspects involving human intervention s and commitments . Indeed, I would recommend having a balanced approach regarding their usage . They are safe for use to trigger automated action s directly linked to compliance exigence s for keeping traces , but I would keep current software engineering , design, methodologies and exploitation for the more complex management of situations to cover specific business cases . Finally , because smart contract s are more recent than b lockchains , more time would be required to better asses s their potential and benefits for the future .
16. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 16 2. Literature 2.1. Legal framework Legislation tends to become more a nd more exigent in medical field because human health is involved. Care facilities, laboratories, equipment manufacturers, pharmaceutical industry and any other player in medical field are subject to a growing regulation pressure. But in fact, regulation w ill remain the best guidance framework to ensure safety and efficiency in the medical field. During the last decade, substantial efforts were done to put the patient at the center of care decisions. Indeed, the l aw of the 4 th of March 2002 in France stren gthened the patients’ information duty , consent and traceability obligations. Moreover, i nformation transmission ne cessity between professionals has been reaffirmed, as well as the professional secret imperative. For instance, at the hospital, a n explicit consent of the patients must be collected by a doctor . The consent is supposed to take place after the doctor has communicated all related risks information to the patient. On the other side, the organization must guarantee that this process has been compl etely achieved before starting .
35. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 35 2.4. Medical potent ial use cases for b lockchain 2.4.1. Supply chain 35 The world Health organization estimated that up to $200 billion of counterfeit pharmaceutical products are sold every year, and half of drugs purchased online. This counterfeit is usually performed at a manufacturer site or by distributor who legitimate them into the supply chain as authentic units. Whereas some initiatives try to overcome such issues, the system s remain exposed to so iled data inser tion within, suggesting that the market place is suffering from a lack of technology to cover their need. Moreover, at the moment traceability level of granularity could neither satisfy the new regulation, especially in the US for the “Drug supply chain security Act”. A b lockchain appears to be the game changer able to answer that concerns. Figure 11 : Pharmaceutical supply chain. Source: When two chains combine, Supply chain meets blockchain 35 Deloitte (2017) - When two chains combine, Supply chain meets blockchain
36. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 36 Smart contracts combined with the use of additional IoT devices for tracking and measurements offers the capability for stakeholders to access, at any point in time, the full provenance of a unit, enhancing the audit trail production and management along the chain. Any deviation could be captured at all times and put into the b lockchain, thanks to the rules implemented in a smart contract. This could also trigger real time notifications indicating a potential immediate action to take (even automatized) for keeping the compliance l evel. This process improvement gives also the potential to reduce overall risk for end - consumers of drugs , to be in presence of harmful product effects even due to - involuntary - lack of attention. At the manufacturer side, this also could drive to substa ntial gains in productivity and profitability thanks to issues anticipation as well. Finally, a b lockchain also integrates on its own , enough reliability to eliminate the need of a n in - between certification process by disintermediating all external authori tative sources.
28. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 28 2.1.8. Evolutions – the Drug Supply Chain Security A ct We saw that direct data exploitation brings to immediate consequences on usages, on financial aspects for health insurance , or in legality. However, aren’t other way of making such data more valuable by introducing additional dimensions? Dimension that rely on technological advances either on top of the data themselves, or by changing the way they are managed. In the “Drug Supply Chain Security Act” 29 , the FDA pushes the industrial s for a better integration, to increase the interoperability with each othe r. Objective is to better track drug prescriptions, assessment on exposure to counterfeit, stolen, contaminated or other harmful situation with drugs. Figure 5 : Drug Supply Chain Security Act. Source: The Building Blocks of Pharmac eutical Traceability This Act requires pharmaceutical industry to implement the traceability of drugs in their entire supply chain by 2024. Stakeholders will be obliged to identify and report any illegitimate drug in the network within 24h. T his obligati on represent s a good opportunity to modernize internal organizations’ ecosystems and integration of IT. 29 Pharmaceutical Processing (2016) - The Building Blocks of Pharmaceutical Traceability
55. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 55 In terms of IT operations, usage of a b lockchain will also simplify the layers of auditing and supervision, just b ecause the documents (or data) are sealed by intrins ic data structure of a b lockchain, and that are hardly violable and alterable. It is almost impossible to get the sufficient computation power across the globe to alter the content of a single bloc in common public b lockchain s today. Nevertheless, the sys tem is not yet in production, but the orientation of using the b lockchain technology remains on the table . In fact, it is the mi ni str y’s employees who pushes for a change, in complementary to the French state objective, that drives the IT department to mov e on to this new o p p o rtunity offered by the technology. The main question that remain s open is the ingestion capacity of tens of millions of documents, and the number of transaction to manage for them over the time. But anyway, this kind of system is push ed by the dematerialization need, and stakeholders like the French government just can’t go through dematerialization without thinking of document conservation issues, their probing value and the information/metadata that is to manage. Indeed, these challe nge s must have been addressed first, as they are coming in support to other projects led by the government before going ahead. Especially in terms of archiving all produced information by the administrations, and from whatever support.
25. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 25 Sanitary traceability Sanitary traceability encompasses all aspects related to vigilance and risks prevention: - Medical device vigilance, under pharmacist responsibility with • Track of Ingoing/outgoing medical devices • Patients using a medical device from a batch - Biovigilance, related to biological material manipulation - Pharmacovigilance, related to ingoing/outgoing medicines - Hemovigilance, related to blood transfusion - Moves, related to patients’ localization There are many v igilanc e areas in medical field, but the objective remains to quickly identify patients exposed to risks from used medical devices or batches, and monitor the consequences. For instance, it can be useful in order to detect nosocomial disease, o r trigger medical d evice batches recall after any failure. Regarding biovigilance, the traceability allows to implement a monitoring system from organ removal, tissues or cells up to transplanted patients for better insurance. Financial traceability Financial traceability has mainly 2 objectives. The first is to track health expenditures by the population that are subject to reimbursement by health insurances, either public or private. Secondly for the monitoring of care facilities , in France, which are financ ed at 100% by the care tariffing . Indeed, care facilities budget are essentially based on nature and the volume of activities, and the spending is determined by the income. In terms of financial traceability, main objective is obviously to better control spending, but a lso to optimize the budget allocation repartition. Consequence of correct budget allocation guaranties the best equality of care between all insured persons, like for usage of most innovative active medical devices at any time.
41. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 41 practice . This to collect the information that will allow the medicine or treatment to be used in the most beneficial way by the patient. In phase IV: studies are conducted after market authorization has been granted and are used to obtain additional information on the risks, benefits or optimal use of the medicine. 3.2.2. The clinical study protocol Each clinical study is defined by a protocol. It is the reference document in order to assess if the stud y is carried out as inten ded, by defining th e kind o f trials performed during each phase . The protocol includes the objectives, design, methods and relevant scientific background. It must be compliant with the good medical practice framework, and is required by local ethics committees for some types of studies approv als like the “eknz” for Zurich S wiss region and Strasbourg in east of France . The protocol also defines who are the eligible patients that could participate. Conditions that allow people to participate are called inclusion criteria, whil e exclusion criteria prevent them for participating. These criteria are based on determinant factors for the study such as the type and stage of disease, the previous treatments, some medical conditions, age and gender. Then, a study population can be sele cted according to those criteria when they are met. Indeed, for a particular study, objective is to collect reliable results as well as protecting participants safety, as mentioned in the informed consent before enrollment. Figure 15 : C linical study inclusion/exclusion criteria. Source: Pharma compan y - Essential Information on Clinical Studies
23. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 23 2.1.7. Types of traceability and benefits During a care pathway, and particularly at the hospital, there are many items subjects to traceability, starting by the m e dical record, medical devices, drugs, samples, meal, dishware, laundry, etc... In this section, we will see today’s benefits of actually implemented traceability. Medical data Access modality to medical data and support are subject to recommendation s and b est practices emitted by the high health authority in France, and homologated by the health French minister. I t includes following aspect regarding data traceability: - Consent or non - opposition statement for storage and processing - Access tracking up to a si ngle data granularity (sharing context) - Transmission tracking, for involved data and recipients (exchange context) - Data modification rectification demands - Data processing - Access traces controls for intrusion detection All traces collected on these items mu st comply with the requirement of the ability to extracting a complete history of data accesses and usages on the patient’s demand. This rule encompasses all kinds of medical data and related storages, from simple consultation recording, passing through t he medical record, shared medical records and clinical data warehouses.
38. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 38 The data are indeed encrypt ed and stored at several places as well at a same time, in the cloud for outside communication, but the encryption/decryption keys and data signatures remain stored within the chain to guaranty their accessibility and authenticity. 2.4.3. Blockchain technology f or improving clinical research quality 37 Patient e n rolment, reproducibility, data transmission and privacy concerns are main challenges for contemporary clinical researches. Time stamping, inviolability and historicity of data prevents any posteriori recons truction analysis increasing the confidence level during the overall process . The b lockchain has the capacity to involve all medical research stakeholder in one common platform , and smart contract s could play a role in data status es changes as well. Figure 13 : Clinical trial data workflow. Source: Blockchain technology for improving clinical research quality The protocol, consents and all other kind of information can be stored in a bundled data structure before the trial starts, to guaranty a strong p roof of their existence . In the same manner, analytical scripts (source codes) for posteriori analysis are today usually stored inside a code repository, like git, which cannot prevent timestamp alteration attempts , while a b lockchain can actually . 37 Bencho ufi M. and Ravaud P (2017) - Blockchain technology for improving clinical research quality
31. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 31 2.3. The b lockchain technology The b lockchain technology principles is now existing for a long time, but became more mainstream with the emergence of cr ypto currencies, and especially with the bitcoin in 2009. We can find several definitions of what a b lockchain is , and this definition can also depend on the person’s point of view or interests regarding what the b lockchain can offer to him . Indeed, we can see it as a generic concept but theoretically applicable to many use cases. If we try to summarize the contribution of that technology in one word, we can say : “trust”. There are many b lockchain s implementations today, and each try to cover one field or b eing specialized in one area to provide more trust, from finance applications to supply chain, healthcare, assets management, and so on... At this moment, the technology is seen as one having the potential to disrupt many, many, business models. And was stil l at the peak of emerging technologies of the Gartner’s Hype Cycle in 2017 31 . Figure 8 : Blockchain hype cycle. Source: Gartner Hype Cycle for Emerging Technologies 31 Gartner (2017) – Gartner Hype Cycle for Emerging Technologies
29. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 29 2.2. Track of materials with RFID: logistics processes of surgical instruments 30 RFID is a wireless technology that provides a digital tagging, or unique identifier for physical items. It works in radio frequency and global solution architecture may include physical and software components. A p hysical item for the “tag” itself , directly put on materials or boxes . R eaders (scanners) of these tags put at serv als stages during the product lifecycle . N etworking and software solutions to implement the traceability and other compliance concerns. Figure 6 : RFID system. Source: Improving logistics processes of surgical instruments: case of R FID technology In this study , researchers have applied the BPR technique (Business Process Re - engineering). BPR is an approach which focuses on added value operations, to better answer needs of final customers. And though about the redesigning of that pa rticular process at hospital as well. They were answering the question :” What are the impacts of RFID technology vs Barcoding in order to improve the traceability processes performance of surg ic al instruments? ” . They resulted in costs differences related to h uman resources , and demonstrate d the gain in time over two dimensions: - Time saving for individual scanned material, indeed an RFID based detection is almost immediate, while a bar - code system requires a certain viewing angle for scanning. 30 Moatari - Kazerouni A. and Bendavid Y. (2016) - Improving logistics processes of surgical instruments: case of RFID technology
58. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 58 that are shared between all the stakeholders, with permissions, then to summit the proposal to the suppliers and customers. It would only be an industry leader who can take the lead and governa nce responsibility on this kin d of integration process. Aside from the implicit cost for this implementation at the first stages of the chain, this closer integration in a sector will also benefit for the smallest actors , which can act as a new protection against potentially new comers into the system as well. This would increase the barrier to entry in th eir market in addition to cost reduction on data transmission and relationship management with their partners. However, this would imply to create a mech anism able to both transfer traceability information on the merchandises , and a link with documents as well for larger data transmission . Indeed, the experience showed the limits of data encoding capacities of today to transfer the data directly on the box es/items. In addition, the experience demonstrated how the state change manner based on the geographical position must be preferred tha n direct data transmission for more efficiently. In fact, the data must already be available into the system at the time when the item arrives to its destination , otherwise manual handling and data manipulation won’t be suppressed definitively.
18. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 18 The principle of accountability has also been being extended, and must now be demonstrated. This implies a set of measure to follow: • Implement organizational and technical measures which demonstrates the conformity • Collect and retain records of detailed data processing activ ities • Nomination of a data protection officer • Default data protection measures: o Continual security improvements o Transparency o Data minimization o Pseudonymizing o Allow individuals to monitor data processing o Use impact analysis reg arding data protection if applicable o Codes of conducts and certifications The peoples’ rights were also strengthened for: • Explicit consent mechanisms • Right to oblivion • Data portability across different services • Profiling and automated decision • Non - complia nce notification • Data export
21. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 21 2.1.5. Certified data host (HADS) In addition to legal protect regarding the data, in France, some technical requirements must also be meet in the context o f medical data storage. This rule applies for information systems outside a care facility. In fact, it concerns all entities responsible for data storage as soon as they are not involved in medical care, like cloud services provide r s. The “medical data host” certification was created in order to guarantee physical data prote ction, manipulation, storage, confidentiality, integrity, availability and traceability of sensitive information which are medical data 23 . Numerous expectations must be met for getting the certification: - Strong authentication - Data encryption - Access traceability - Recovery plan A certified medical data host offers a s ervice comparable to a banking agency that makes available individual safes, but rather for their customers’ data storage. Indee d, service terms and hosting conditions must be defined within a contract between both stakeholders. And such contract must remain compliant with the actual legislation. For instance, any mobile health application is also supposed to store their data withi n such kind of certified data host or either inside their own , but certified , infrastructure as well . 23 Légifrance (2018) - Code de la santé publique - Information des usagers du système de santé et expression de leur volonté
39. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 39 3. Fie l d study 3.1. Methodology and proposition s The methodology for the field study relies principally on semi - directive interviews. This will cover a portion of the processes entering in the conception and manufacturing of medicines. Because a ll is about proofs of traceability, we will see how to make digitalized information more valuable by giving them a probing value , and by being managed in combination with a b lockchain . On a first section we will describe the generic model deployed by pha rmaceutical companies, for new molecules testing through clinical studies , and will enter more in details inside the several phase s . Then we will cover and try to expose other questions during the transport of raw materials for their production. At the end of the section we will make a parallel with another area equally concerned about compliance , and which tried to conduct new projects using the b lockchain technology. It is the French ministry of justice. All interview s have been conducted with a qualitati ve approach. Indeed, there was no predefined survey, because all have different scopes and made irrelevant any attempt to ask the same questions. The goal was effectively to collect information as much as possible regarding the implemented processes, benef its and challenges. Nevertheless, the willingness to cover the subject as much as possible encouraged to realize an Ishikawa diagram for not missing the target.
42. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 42 3.2.3. T he informed consent The informed consent is a mandatory process used by all entities which conduct clinical trial s such as pharmaceutical ind ustries or academic site, in order to test new medicines on human being with their agreement. It must be approved by local ethics comities and signed by the patient before starting 39 . It describes relevant information about the clinical study and goals, an d helps the potentials participants to decide whether or not they want to participate to the study. Indeed, the document must provide enough information to understand risks, potential benefits, and if there is another alternative to the study. In addition to the forma l document, the process m a y involve other recruitment material, instructions and measurement of participant understanding by questions and answer sessions. Nevertheless, once signed, the consent is not perpetual, because the patients always kee p the possibility to withdraw from the study at any time, even if is not over. To summarize, in European union, the clinical trial directive defines the informed consent as following ( s ection j) 40 : “decision, which must be written, dated and signed, to ta ke part in a clinical trial, taken freely after being duly informed of its nature, significance, implications and risks and appropriately documented, by any person capable of giving consent [...]” The information must be provided by a physician independen t of the pharmaceutical industry. Figure 16 : Clinical study patients consent . Source: European Parliament 39 International Council for Harmonization of Technical Requirements for Pharmaceuticals for Human (2016) - Guideline for good clinical practi ce E6 (R2) 40 European Parliament (2018) - Directive 2001/20/EC of the European Parliament and of the Council of 4 April 2001 on the approximation of the laws, regulations and administrative provisions of the Member States relating to the implementation of good clinical practice in the conduct of clinical trials on medicinal products for human use
67. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 67 5.1. Limits of that thesis The medical is a domain with a scope very large as soon as we start talking about data management. In this thesis we focused on traceability concerns of today and tomorrow, and the way these challen ges could be addressed as well. Therefore, and even though this was mentioned already , no particular attention was made regarding how these data might be exploited through big data/I.A. or any other kind of algorithm able to extract or deduct predictable patterns f r om them. We i ndeed stayed on manners how value creation could be achieved on top of the m , regarding the current situation and the way they are managed. All these ide a s could definitely take place as well from these genuine data, but only after one database or a b lockchain becomes large enough to host suffi ci en t data for making these kinds of processing relevant. Besides of that statement, there was also no mention regarding potential data quality checks , and/or data that might be missing because of any human failure. This was in fact things that must be addressed along the processes execution, and be part of the business cases implementation executed around the b lockchain, or even potentially thanks to smart contracts depending on the context. Fi nally, we did not enter into financial considerations , and have not made any total cost of ownership assessment. And the fact we have not dig into personal data because of their complexity to manage, would also hide some other potential benefits elsewhere.
40. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 40 3.2. I nterventional clinical study case 3.2.1. C linical study definition A clinical study is a rese arch project on persons that requires the participants to have an active role towards the study. Clinical studies could also be called as interventional, as soon as they aim to assess the effect on health - related intervention, using either medicinal produc ts, devices , irradiation or surgery on a medical condition. The clinical development of a medicine on a common disease in composed of 4 phases 38 : Figure 14 : Medicine development phases. Source: Pharma company - Essential Information on Cl inical Studies A clinical study starts when a molecule was sufficiently assessed in a pre - clinic stage, to start being tested on humans . In phase I: researchers study an experimental treatment for the first time on a small group of people (20 – 80) to eval uate how it is absorbed, distributed, transformed and eliminated by the body, in order to identify the optimal route of administration and dose. At this stage, the subjects of the study are usually healthy volunteers. In phase II: the experimental treatmen t is administered to a larger group of people (100 – 300) to check the efficacy and further evaluate the safety of use. From this phase onwards, the subjects of the study are patients who suffer from the disease for which the medication is being developed. I n phase III: the experimental treatment is administered to much larger groups of patients (1000 – 3000) to confirm its efficacy, monitor the side effects, and compare it to a comparator : the commonly - used treatments , or placebo if there is no available treat ment in clinical 38 Novartis (2017) - Essential Information on Clinical Studies
13. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 13 There is no particular process in order to merge all medical records in this centralized and shar ed one. In France, the initiative is still under assessment and available only on a subset of counties at the moment 12 . Clinical data warehouses Clinical data warehouses are the consequence of the medical data digitalization , with growing set of digitalized medical records within a care facility. These data coming from various sources, such as the laboratory management system, the radiology, pharmacy, etc, triggered the emergence of an innovative approach about medical data accesses. These sensitives heterog eneous data and multidomain b eca me so more and more massive and potentially accessible everywhere , tha t we start ed talking about big data here. With such data amount the care facilities could start making datamining and exploitation. It should be independe nt of the production system and represents the centralized place where the medical data lives. It integrates a set of tools for performing data mining, cross - reference queries over text and structured data. Filtering could be implemented on biological or c linical criteria, and it also provides the relevant visualization tools (timeline, clusters, geolocated, etc...). Clinical data warehouses are used in several areas: • Clinical research, feasibility study, eligible patients to a research protocol • Epidemiology, epidemiological cohort constitution • Vigilances • Working practices assessment • Macro - economic studies 12 Assurance maladie (2018) - Dossier médical partagé
22. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 22 2.1.6. Medical devices 24 Medical devices traceability is subject to an international standardization process: ISO 13485. This standard supersedes earlier docum ents such as EN 46001 and EN 46002, and EN 724 for care facilities and hospitals. ISO 13485 describes the Quality Management System that lists the requirements for regulatory purposes, development, implementation and maintenance of a quality management sys tem intended for use by medical device manufacturers and suppliers. The standard meets both customer requirements and regula tions in the European Union and major jurisdictions around the world . In some of them, like in Canad a, an organization must be certi fied to deliver products into the market. ISO 13485 is similar to ISO 9001 in scope , but in addition includes specific requirements to medical devices, and excludes some of them. In general, ISO 9001 certification is not considered as a suitable substitute for certification to the requirements of ISO 13485. Moreover, ISO 9001 doesn’t meet customer satisfaction requirements in that field 25 . Finally, f or a ny player working with a supplier, some other consideration s must also be considered according to his part icular context, like specific commitments about medical device vigilance, post - market surveillance and cooperation level in case of an incident. In case of non - compliance or danger, traceability is supposed to identify at any time, the patients, a device o r a process followed by a medical device. Most of tracked records must be kept 30 or 40 years. 24 International Organization for Standardization (2016) - ISO 13485 Quality management for medical devices 25 Quality magazine (2008) - Understanding ISO 13485
27. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 27 Supply chain / products recall 27 A medical supply chain is a highly regulated supply chain. It involves several stakeholders at several stages and of diverse kinds. T he most important regulator is the FDA whi c h ensure s the process of medical devices manufacturing remain s safe for the public. The FDA 28 , for US Food and Drug Administration ( federal agency of the United States Department of Health and Human Services ) provides a set of guidance, compli ance and regulatory information for especially drugs manufacturing (as well as for other areas). The agency is recognized as one of leading regulatory authority in the field, and generally biggest medical industries follow their recommendations even for pr ocesses executed outside the US. Figure 4 : Medical device supply chain. Source: Product Recalls in the Medical Device Industry: An Empirical Exploration of the Sources and Financial Consequences Medical devices recall happe ns fre quently, and the list is available within the FDA website. A medical manufacturer, and any involved institution, ha s as much to loose in terms of market share or in terms of reputation than the severity level of the problem . A product recall may involve a ll key participants in the supply chain, while the patients are generally the most impacted, by the mis - functioning material. The severity of the impact can vary from minor to majors - fatal - inconveniences. 27 Thirumalai S. and Si nha K. K. (2011) - Product Recalls in the Medical Device Industry: An Empirical Exploration of the Sources and Financial Consequences 28 U.S. Food and Drug Administration (2018)
5. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 5 Executive summary The medical field is one of most exig ent field in terms of regulation and compliance especially regarding today’s data processing, either for personal or non - personal data. All these process es aim to reach a better quality of care , with high confidentiality concerns , apparently without giving so much consideration to implied costs . Along this thesis we will to try to answer the question, beyond the requirement of traceability, how these generated data could bring to new added value opportunities? We will start to make a global health concerns description with regard to t raceability issues, both at the patient and the industry point of views. Then we will continue by m aking an exhaustive description of traceability and the origins of th e demand in that particular field, with some definitions and stakes around the personal data and data related to medical devices. Afterwards, we will summarize bibliographic researches trying to answer the question, what are the kind of gains currently available on top of the traceability generated data , followed b y fields studies for real case scenarios description. The fields studies cover cases in the medical field, on clinical studies and supply chain, but also enlarge to the French ministry of justice with an interesting example o n what a dematerialization pro cess can look like. Finally, we will propose some recommendations how to try to reach more efficiency in those data traceability concerns linked with new opportunities, and especially around the b lockchain technology .
37. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 37 2.4.2. Secure and Trustable Electronic Medical Records sharing 36 Electronic medical record are sensitive information which are frequently shared among various stakeholders, form the patients, to the hospital and insurance etc.. This raises the q uestion how to keep the history up - to - date, and in the meantime the access control with numerous consents. In many cases, the patients could be in a situation where their personal medical data must be transferred between many places, most of the time by t he post , rather than by e - mail for security /confidentiality reasons. This process remains very time consuming, even after the patient gave his consent . This raises the question of data availability which could sometimes le a d to repeat same tests at several places. In addition, having a distributed ledger that connects different healthcare players can optimize the resources allocations, as well as medication and cost management between patients and the insurances. Then, the pharmacies could also improve the logistic and procurements thanks to prescriptions information sharing as well. In a proposed solution, the choice has been made to delegate only the sensitives tasks related to data access authorizations, states and data integrity to the b lockchain. Figure 12 : System architecture of blockchain based data management and sharing. Source: Secure and Trustable Electronic Medical Records Sharing using Blockchain All the data lives in fact outside of the b lockchain, but thanks to smart contract s (logic) execution coupled with an external trustworthy authentication delegation (National Practitioner Data Bank) , the different persons involved in the process are able to grant or access data, and at several places. 36 Dubovitskaya A., Xu Z., Ryu S., Schumacher M. and Wang F. (2017) - Secure and Trustable Electronic Medical Records Sharing using Blockchain
60. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 60 Nevertheless, lawyers and advocates would be more prudent regarding those statement s, despite of the fact this decree aims to provide a legal framework for paper replace ment , even in the medical field. Because all these concerns are pretty recent, jurisprudence might be different depending on the context, and especially when if there is a litigation between stakeholders having a disproportioned power or dominant position s . For the most sensitive cases like personal medical data, or when an ethical case is involved, judges could tend to follow the low strictly speaking in case of any doubt , and could tend to move on to the side of the weaker party , like if the cas e require s to still use a physical paper support from the law. So, one recommendation would to start dematerializing for data that do not include any personal information, even less medical. This has also the advantage to start working without the need of using a certified storage like the “HADS” in France, as described in section 2.1.5 . Otherwise , I would suggest to first start making the proof with a running system, which took time to grow in maturity before entering in such problematics with regards to pers onal sensitive data . Again, be aware that regulation at this stage for probing document’s value is true for France, but is not the same abroad, even in EU. At the end, n otwithstanding the benefits of entering in a dematerialization process, the cost of legacy documents digitalization could be considerable . In some cases, and depending on the context , a balanced approach might be preferred , because it just would take more time to achieve the migration than the effort to keep them as they are actually.
46. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 46 The data accuracy can jump from 75 - 80% to more than 95% when this process turns to become digitalized. There was a 100% of adoption score in Asia when digitalization was proposed, while only 60% in average in EU zone . A higher score can be achieved as soon as the application is developed for mobile devices, rat her than web sites portals in EU . I t was also observed a stronger resistance on change especially in France and Germany. The situation is probably due to cultural legacy and awareness regarding data protection stakes and matte rs by the population. More ahe ad in the clinical study process, the pharmaceutical company must manage 2 distinct databases, one for patient and sites management, principally for consents information storage, and the another for the study/protocol supervision on top of the central labo ratories. Regularly , the central laborato ries return samples batches to the pharma ceutical company with corresponding results. All these data transfers lead to data reconciliation problems between the 2 databases of the pharmaceutical laboratory and the o ne of central labs , because these 3 databases have their own referen ce , and different reports data formatting. The software used in the pharmaceutical laboratory side is “LabVantage” for his laboratory operations, and central labs reports/data integration. It is the same software in use than the Integrated BioBank of Luxembourg 41 , a non - profit institute dedicated to supporting biomedical and academic researches. Moreover , the pharmaceutical laboratory is obviously interested to get the results of tests pract ices as soon as possible. But however, at the moment data transfer happens at the same time than physical transfer of samples, either between sites and central labs, or between central la b s and pharmaceutical laboratory. This situation is due to the logis tic rationalization, for physical samples transfers and corresponding data are currently not disassociated to that process. 41 The IBBL (Integrated BioBan k of Luxembourg) Institute (2018)
44. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 44 After that preparation, the study can start . Site or hospital - Physicians explain the trial to patients and ask them to sign the informed consent accordingly - Physicians enter in the sponsor database the informed consent signature confirmation and the corresponding coded patient id Figure 18 : Clinical study pr ogress. Source: Pharma company - Administer of the medicine to the patients - Collect samples and monitor patients - Ship samples by batches to the central labs and transfer corresponding data Cen tral laboratory - Collect , store and analy ze some samples - Transfer data results to the sponsor/site upon request - Ship to the pharmaceutical company or its partners, samples with the corresponding annotation which have to be analyzed Pharma laboratory - Colle ct and store the consents from patients ( coded ) - Monitor the samples collection - Store remaining samples at the end of the study (even externalized ) - Perform additional research on remaining samples if allowed by the informed consent scope
12. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 12 1.3.2. Medical data A medical data could not necessarily be digitalized, as it can also be archived in paper or in a handwritten form. For instance, we can quote the prescriptions and the medical certificates. Indeed, medical data in a general point of view encompasses all data storage in volving health status of a patient. Medical Record The medical record is a repository for collection and conservation of all kind of information related to a patient in a care facility. It includes administrative, medical and paramedical information. Administrative information comes from the administrative file. It authenticates the patient and includes sociodemographic information. Medical and paramedical information combine those collected by the h ealthcare professionals. It insures the traceability of all undertaken actions. It is a tool for information, communication and coordination between care players and the patient. It allows to follow the care pathway within an institution, and reflect added value provided by the healthcare professionals, protection, food or health improvement. The medical record enables higher coordination in a context of care organization evolution as a result of staying length shortening, care complexification and multi - di sciplinary players. It also has the role of patient and healthcare professionals’ memory over the time for: • Information availability at any time • Act and care traceability • Continuity of care • Therapeutic decision aide • Place for enlightened patient consent co llecting, risks/benefits analysis and decision traceability • Quality of care and record keeping assessment • Education and research • Economical extraction for activities budgeting assessment • Legal role in case of responsibility research Shared medical rec ord Whereas the medical record only applies in a care facility scope, the shared medical record aims to enlarge data accessibility outside them. Indeed, it brings access on personal medical information history to authorized healthcare professional. While the patient keeps the possibility to control the data disclosure, involved health professional s are supposed to have access to the content of the information.
49. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 49 W hat to do when a product is supposed to be shipped while the batch manufacturing has not c ompleted already, or if the batch must be delivered at 2 various places? This kind of situation implies growin g transactions to manage and related costs they incur . On the other side , such traceability is supposed to offer several benefits, and most of the time s in the case of a product recall when a quality alert occurs. This guaranties a higher level of security in device usage, in addition to the complete historical event ledger , especially for getting quicker and more accurate in reporting and analyzing impacts of advert events. 3.3.1. Pain and potential gains T he recall process still faces several challenges . Even th ough all is well tracked by each individual stakeholder within the process, the lack of digital integration between them results in extra costs required for asynchronous and manual investigation performed at each level of the supply chain. At this stage, n one in th is particular sector tak es benefits for the traceability effort achieved along the process , and this is still seen as a major pain to get compliant. Nevertheless, s ome initiatives emerged already, to speed - up the shipment and receiving process. I ndeed, they are currently thinking how to avoid as much as possible the pain of filling manually data on the tracking/quality software. Analyze Analy ze Quality Certificate UDI
61. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 61 4.3. Blockchain The literature is currently fast growing with publications about the b lockchain benefits for the medical field . Majority is about to exploit the patient s ’ data in order to provide better care or to preserve the level of confidence during inform ation sharing or in telemedicine contexts. 4.3.1. The distributed and secured ledger utility In a general point of view , a b lockchain is a data structure . Therefore, it is designed to store data and finds its place at the database layer of a system. In despite of the positive momentum around this technology, it is true that the b lockchain could cover many use cases, but we must be aware on which occasions this technology delivers its potential, even some times disruptive. Figure 22 : Do you need a Blockchain ? 48 Source: Do you need a Blockchain? The b lockchain and its derivatives are now commonly recognized as having a true potential in the field. However, and unfortunately, it is still hard to find a true productive system for the moment , a nd w e must consider such technolog ies as emerging by keeping in mind some limitation s that could still characterize them. As described already , the personal data manipulation is a complex area , even more in the medical field , and is subject to regulation changes with the European GDPR. 48 Karl Wüst K. and Gervais A. (2017) - Do you need a Blockchain?
11. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 11 1.3. Definitions 1.3.1. Traceability The traceability is one of the key processes in the medical field. The traceability level and expectations is the consequence of treating data and devices related to the human health. In English, a “trace”, is a “sign that something has happened or existed” 9 . “Traceability”, is “the ability to find or follow something” 10 . We can fin d various definitions for “traceability”, but the most popular and precise would maybe the follo wing: “Requirements traceability refers to the ability to describe and follow the life of a requirement, in both a forwards and backwards direction (i.e., from its origins through its development and specification to its subsequent deployment and use, and through all periods of on - going refinement and iteration in any of these phases)” 11 I n information technology field, we can define the term of traceability by the ability to follow up and recover, any products’ or services’ data from their early conception up to their final valorization, plus the deactivation and/or disposal regarding medical devices. In medical field , at hospital in on the one hand, traceability is either for identifying a product , a manufacturing batch or a service, in order to withdraw t hem quickly with a maximum of security in case of non - compliance or danger. On the other hand, traceability also serves for care takers to manage their own responsibilities within th at global process, implying to track the care acts, the instrument s and th e involved groups or persons. 9 Cambridge dictionary (201 8) - "Trace" definition 10 Cambridge dictionary (2018) - "Traceability" definition 11 Orlena C. Z. Gote l and Anthony C. W. Finkelstein (2011) - An analysis of the requirements traceability problem
43. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 43 3.2.4. Phase s implementation The second phase of a clinical study aims to assess the efficiency of a new medicine on patients who suffer from diseases for which the new medicine is developed. Indeed, along this process , samples are regularly collected and analyzed. During that phase, t here are 3 kinds of institutions involved in the process: - The pharmaceutical company/biotech , which produces the medicine (ie. Roche or Novartis) - Clinical “ s ites” where medics are administrated and tested (ie hospitals) - Central laboratories , intermediates, which are responsible of the logistics (ie. Covance or Q2 Solutions) All three could also be invol ved in sample analysis, but most of the work is generally done by the central labs. Figure 17 : Clinical study preparation . Source: Pharma company Pharma company - Defines the protocol, inclusion and exclusion criteria - Writes the consen t forms for main and optional actions (like using sample for other r esearch projects, or performing DNA extraction) Central laboratory - Receive the protocol from pharma company , and “translate” it to comply with its own referential - Progressively produce kits for samples collection which will be distributed to clinical sites . K it s are box es which contain all tubes required for a specific visit with a requisition form (paper document) used to capture sample annotation (patient ID, visit ID, ...)
57. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 57 4.1. The traceability process impr ovement Today’s traceability obligations in the medical field are essentially pushed by the government s in order to satisfy the minimal level of exigence the people have regarding the health system. The compliance in these traceability requirements are imp lemented to both give the industrials legitimacy to enter the market , and for the insured to get reimbursed for their care. I voluntarily make abstraction of the differences that might have between the countries for the care reimbursement system. Though, t he work required to fulfill all traceability requirements represent s a big effort behind the scene for all stakeholders , and the data are today not so much exploited. Some initiatives emerged from the collected statistics in combination with artificial int elligence to produce predictive models for early diagnostics or correlation analysis. These kinds of initiatives are subject to personal data regulations compliance, which is the most sensitive aspect in the medical field. It is the most sensitive in the e yes of the patients for privacy concerns , as well as the most complicated to cover technically , at least for giving or maintaining a multi - layered access rules to the data or scoped consents. On the other side, major regulatory authorities are pushing for getting more accurate and faster regarding data management for drugs, especially for illegitimate drug detection within 24 hours. This expectation would become possible only with a strong engagement of the stakeholders. Indeed, todays data regarding clinic al researches and drug supply chains are not integrated at all. Experience demonstrated that major pains appear by the necessity of perpetual manual manipulations that drives to asynchronous data delivery , and later , for investigation s as well during poste riori quality alerts root causes analysis. Both these data transfer in such un structured manner prevents for doing predictive analysis, and represents a nightmare and a huge cost at reconciliation time, when a work is needed based on them. In the current digital era , the situation will obviously evolve to extract more added value from those stored data, and for getting compliant with coming regulations in the meantime . In fact, the data produced for each step are not shared instantaneously but follows the same rhythm that the physical items or r a w materials. This data sharing raises the question how to streamline the flow of data. But be careful. Not all ideas of digitalization implicitly offer the high return on investment expected. Indeed, this kind of in tegration requires to first deeply think on the nature of data
66. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 66 Because the current integration between actors inside the medical supply chain is at a low maturity level, a lot of issues are handled manually or within asynchronous processe s. As a consequence, the situation continues to increase the cos ts for those data explo ration retrospectively , like a during a product recall after a quality alert. The b lockchain technology seems to be able to provide this new level of confidence. A b lockchain, with its intrinsic data immutability mechanism could hel p in establishing the chain of custody in a much faster way than with currents tools and methodologies. This put in perspective in terms of required investment with the coming regulation, maybe the time arrived to think about the opportunity for exploring more actively, the capacities offered by such new structure of data. There are several domains where a b lockchain could provide higher data exploitation : - The supply chain, with stakes around counterfeit drugs detection , and monitoring the provenance of th eir pharmaceutical active ingredients - Clinical studies by implementing a cross - sites sharing and a trustful multi - entities collaboration platform either for regulatory reporting, end - to - end tracking or sample data storage by implementing an immutable low - cost audit trail. - Consent management system to keep track of patients consent history and scope , by providing the proof of their existence There are many other potential areas in the medical field that could also benefit from the data integration. Obviou sly, this integration could be leveraged on top of an other tech nical solution, but it seems that the b lockchain looks like the most suitable solution, even in the eyes of other areas as exposed to the same compliance level with regard to information sharin g and data storage requirements .
50. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 50 Figure 20 : QR code example: Source: inslideshow application - www.in - slideshow.com The chosen method is to encode as much data as possible inside a QR code stuck directly on the box es . However, this requires more manipulation at the shipping side to produce it . Moreover, this also still impl ies an extra manipulation step, for scanning on the rece iving site. But in the best - case scenario, it is true that it could save some time at this stage. This method still raises some questioning about its feasibility. Although some data can be transferred in this manner, it implies that the data become s readab le by anyone in contact with the box. Indeed, today’s documents are sealed inside a special plastic shell that can protect against a first level of spying, by proving an infringement in the case the s h ell is broken or altered. Moreover, a QR code, because it is encoded, and it occupies some space on the box, is limited in terms of data it can contain. Otherwise the size or the resolution it could reach can make it unreadable, or unusable at some point. Finally, because it is a piece of paper by the way, the re is also no guarantee it arrives in a sufficient undamaged shape to still be readable either. At the end, yes it can provide some enhancements in the process, but on the other hand it intrinsically has limitations that could jeopardize its usage for such case, plus the effort for data normalization required between all the stakeholders of th e sector to implement that solution . That last point regarding the data normalization would be the most expensive for using that solution, but without apparently enoug h returns on investments. Indeed, it requires to adapt all involved software to either produce or read the data encoded inside the QR code, plus the reader physical integration to the software in one , or in another way. But h owever at the end , that data no rmalization effort remains absolutely necessary , and can become a real good opportunity, in the case a deeper integration between the stakeholders takes place in order to really benefits form the ir data sharing . Like for being compliant with the FDA’s comi ng regulation.
19. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 19 2.1.2. Medical data Despite of its precise framing over the personal data described in the 2.1.1 “ Personal data ” section, the General Data Protection Regulation (GDPR) still lets a numerous set of measur es to national interpretation depending on their culture, interests and control authorities’ priorities. The regulation provides margins of maneuver to specify their own rules regarding special and sensitive processing like for medical data. It is the case in France as they are subject to a particular legislation updated recently 18 . Indeed, on top of standard data protection, and because of the criticality they represent, deontological and more privacy rules became much relevant. Is considered as a medical data , everything related to me n tal or physical health of an individual , or any medical service delivery to him . The regulation here settles all aspect s of data sharing between the variety of stakeholders and contexts. Form sharing between people from the same car e team up to sharing outside the care facility. In any case the patient keeps the right of being informed and to express his opposition. Condition of data access for a professional is to directly be involved in any medical act like the diagnostic, therapy, handicap compensation, pain relief or any action needed for coordination purpose. Professional only access the data they need for their particular scope, and assessment of the kind of data they need to access is supposed to be done before starting their mission 19 . Notion of sharing implies to make available such data to several professionals . As soon as several professional s are part of a same care team, the information becomes available for the entire team in the patient’s interest. Outside the car e team, sharing is again conditioned to the patient’s information and consent. Notion of information exchange implies a physical transfer of the information to identified recipients. Although professionals can make part of the same care team or not, data exchange remains possible as long as the patient is informed and gave his consent. Notion of data exchange an d sharing is separate than the access to the information system. Concerning the data p rocessing for research purposes, usage of such personal dat a is subordinated to the patients’ consents for each processing, and the local control authority authorization. This, again to protect the data, confidentiality, etc.. but above all to assess the 18 Légifrance (2018) - LOI n° 2016 - 41 du 26 janvier 2016 de modernisation de notre système de santé 19 Légifrance (2018) - Code de la santé publique - Droits des personnes malades et des usagers du système de santé
6. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 6 1. Introduction W ith the today’s ongoing and accelerating technological revolution, digitalization of the economy became one of the core aspects for new emerging business models. Health care and more widely every medical related field s are also impacted by the current evolution. Data, an d the way they are managed, is one of the most critical process es in the medical area. Indeed, there are many stakes to consider around this topic, and many ensuing consequences to manage . Along this thesis, a particular attention will be put on the Frenc h context mainly regarding the health insurance system, but will many times be enlarged to EU , US or Swiss area as well for data management and compliance framework . Traceability concerns in the medical field aims at first sight to bring the necessary trus t and confidence level r equired between the patient s and services/treatments provided. Nevertheless, there are many other places where the trust between stakeholders is also important: the supply chain. According to many papers, thousands of human beings d ie per year because of counterfeit drugs 1 , and this observation can rise up to one million lifes depending on the source 2 . Another problem comes with substandard ( non - counterfeit ) products, but which failed passing all the quality measurement tests 3 . Figur e 1 : Counterfeit drugs. Source: H uffington P ost There are other aspects that are impacted by this observations on the economic side of the industry. Indeed, a big part of the current business model relies on i ntellectual property , and 1 BBC (2016) - Counterfeit drugs: 'People are dying every day' 2 InSight Crime (2013) - Counterfeit Drugs Kill 1 Mn People Annually: Interpol 3 Sammons HM and Choonara I. (2017) - Substandard medicines: a greater p roblem than counterfeit medicines?
54. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 54 In this structure, the data signatures (Hashes) are not joint to the next portion of data for the chaining implementation . It is o rganized in a hierarchical structure where the signatures are joint together by pairs to produce other signatures, and thus in a recursive way , up to a single root signature. With t his data structure , the main constrain is physical performance, due to comp utation capacities needed for getting the proof of the traces ensuring the preservation of their authenticity. Indeed, such implementation follows an expansional function for each new transaction inserted inside the tree . Therefore it imposes to split the continuous flow of data in to several chains for long - term sustainability , and impl ies notions of freeze/stop/start of the chaining mechanisms . 3.4.3. Changes , concerns and potential benefits Today the French ministry of justice struggles under the huge amount of paper it has to manage. All these are stored inside boxes in a safe and secure area for optimal paper conservation. They either come from judgments, lawyers or every aspect of the institution life. Dematerialization effort aims to gain in productivity, to make space saving, improve usage and so on. Biggest gains would probably be made with full search capability inside the digitalized documents. The other gain will take place inside internal processes. Indeed, looking for a document requires today a const raining logistical process to deliver . Dedicated teams are mandated to search and physically move these documents across the buildings. Moreover, they have to also manag e some traces of these moves, in order to recover the original place where the document s were stored initially. The choice of a b lockchain - based solution emerged and is seen as the natural evolution of IT technology regarding transaction history management, and is pushed by the increasing computation capacity of today. Before emergence of t his technology, while you had having digitalized documents, we had to certify the process of their management, and be able to explain /prove the way it has been done. This in order to certify the fact, the processing applied was actually the true at the mom ent the information of traceability was generated. Thanks to the b lockchain, it would be simpler to prove the authenticity, because the data are sealed numerically. You no longer need to certify the way it has been done, because it is proven by its own, ma thematically. All i s now about to clarify the processes happening outside the b lockchain .
51. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 51 3.4. French ministry of justice - Dematerializing the archiving process Justice is one of the 3 fundamental powers of modern democracies which stabilizes the balance with the 2 others, the executive and legislative powers. Its role is to monit or the implementation of the law and punishes the non - compliance. For some time now, the French government started a transformation plan for dematerializing processes as far they can within all ministries and departments. The target for justice is year 202 0. That change management is going to be tough to achieve, because at the moment p aper is still predominant a n d processes are not prepared/adapted for that. The transformation will take place at several levels, starting from the individuals’ web portal , t o current common administrative processes, for civil department and up to prisons management. Objective is to make these processes digitalized and providing a quicker online accessibility. Some of the processes are already partially or fully digitalized, for data exchange between department, as well as for document numeration. Nevertheless, th ese tools have been implemented by IT department principally for internal communication, and not so much more. 3.4.1. Evidential value of digitalized documents Now the next objective, would be to give an evidential value to the digitalized documents, in order to make them usable within a legal procedure. No difference is made regarding the nature of data, whether they are processing traces or documents themselves. And such co uld also spread outside that minister in particular as well for other topics , as critical for maintaining the level of sovereignty and power of the state. It is all a matter of proving that digitalized information is effectively the original, and not simpl y a working copy. From creation up to usage, they need to implement a system which proves the probity of all kind of data/ documents . Indeed, archiving is at the core of the systems for data conservation. There are 3 stakes to care on regarding documents ma nagement: - Document conservation, to make them always available - Sustainability /readability , for a long - time conservation, sometimes more than 50 years - Traceability Source of documents could either be from a document scanning process or created within a so ftware . B ut both must have a provable origin (traceability) , and their readability must be guarantee d . A special attention has been put to preserve the durability of the format over the time, which must allow further transformation possibilities later on.
53. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 53 Tamper - proof sensitive data with write once, read many (WORM) and encryption based on U.S. National Security Agency standards ” 43 As explained, this technology ke eps track of document contents with electronic signatures when they are written to the disk. A software ensures th e chaining of these , as additional data to the original files in order to prevent further alteration of the document on the disk. Well, it is not supposed to prevent changes on the document, but rather to keep track of all the changes at physical level. It uses the “worm” chaining method as explained in the 2.3 “ B lockchain technology ” section. On the other side, they also want to track all changes in documents’ lifecycle. For that achievement, they decided to trust the b lockchain as well , not only because of the hype moment of this technology, but because they think it is the perfect suitable technology for playing th is role. They assessed a s olution called “ V itam ” 44 , initially build by the army , and the ministr ies of culture and foreign affairs . This solution aims to archive document s at their final stage and was designed to cover the storage of national archives and civil registry among others . The documents metadata are stored as a proper document joint to the original one and physically stored in the same way. The chaining method, however, differs from what we seen so far. Indeed, it use a “Merkle Tree” for sealin g that transactions journal with time stamping . Figure 21 : Merkle tree overview. Source: Wikipedia 43 Hitachi Vantara webside (2018) 44 Vitam project website (2018)
14. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 14 1.3.3. Medical device s and classification 13 By the French law, a product used for medical purpose that is not a drug, nor a biological product , is considered as a medical device 14 . This includes all equipment , instrument s software or materia l, used alone or in association, including accessory products which are used for human medical purpose , at all stages like during diagnostics and therapy. Medical devices may be required for: - Prevention, diagnose, monitor or threating a disease - Attenuation and compensation of an injury or handicap - Modification or replacement of the anatomy - Assisted conception Implantable medical devices are aimed to be partially or totally be implanted inside the human body, or to replace one surface, and to stay in place more than 30 days. Active implantable medical devices are the same as the Implantable medical devices, but dependent on an external power supply. Medical devices are classifi ed in 4 categories, corresponding to their increasing risk potential: - I class: low risk potential - IIa class: moderate risk potential - IIb class: high risk potential - III class: critical risk potential Active implantable medical devices are categorized in cla ss III. Classification is made from a set of devices attributes: - Lifetime - Sterile - Reusability - Invasiveness - Dependency to power supply - Body part in contact - etc... 13 European Commission (2018) - Medical devices regulatory framework 14 Légifrance ( 2018) - Régime juridique des dispositifs médicaux
34. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 34 - Speed : traditional contracts usually take a significant amount of time to materialize, with multiples stakeholders , and go ing back and forth between involved people. This , while pre - recorded smart contracts inside a chain excels in time saving thanks to their intrins ic automatization - Savings : because it no longer requires a n y intermediate to implement the trust, like lawyers of legal professionals - Precision : O nce all the details are well recorded , execution of a smart contract would be achieved in a more accurate way. Indeed, in a traditional contract case, the more persons are involved, the higher interpretation risk raises for the expected terms execution We have seen the smart contracts are able to transfers value representation or a service , in a transparent and secure way. Ne v ertheless, they still must be being transcoded correctly. There are already some existing technical solutions. However, there are few at the moment making th e proof of being « Turing - complete », so meaning that are able to execute all consecutive logical i nstruction s : the « Ethereum » and “Hyperledger” technolog ies .
48. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 48 3.3. S upply chain challenges Pharma comp anies can also provide technologies in life science and medical equipment , some examples a r e : - medical imaging devices for diagnostics - medical devices for treatment - reactive products for scanner biomarkers and treatment in oncology - industrial equipment involved in medicine manufacturing process - r a w materials for medicines T hese r a w materials are delivered to the pharmaceuticals industries for their own production (like Mer c k, Sanofi, etc..) . For all these fields, requirements in terms of traceability are pretty much the same, except for the r a w materials supp ly chain. In such case, once a process has been qualified, changing one provider in the chain becomes harder to achieve. Indeed, any new comer entering the process must be qualified again by an auditing process. F or every shipment, the provider must deliv er a proof certificate, guarantying the level of material quality. For material transfer between 2 sites, the process follows the common vision we can have regarding any shipment. It starts with the order processing, to preparation, packaging, joining of r elated documents in the box, and shipment. Depending on the level of integration between the 2 participants, this process is more or less integrated and digitalized. In the receiving site, a sequence of event s is also triggered f r om the material receipt to the document processing, and unpackaging before usage. At this stage most of the workload i s handling and for manual processing/fill - in of the data within the supply chain and quality management software. These steps are very time consuming and can drive to issues in terms of quality of data inserted into the software as well . On top of that , an other process could happen for some kinds of products, depending on their category and importance. Indeed, an additional document, a quality certificate, can also b e transmitted in the meantime containing the data about the quality grade given to the product. Once it is the case, on the receiving site a second round of assessment occurs to validate the product quality again in a second time. The most important elemen t, able to recognize a product is its UDI, for Unique Device Identifier. This UDI is built based on a company’s ID, product ID, batch ID and /or serial numbers. Management of this UDI significantly complexifies the supply chain management. Figure 19 : Supply chain : Source: GE
8. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 8 1.1. Ethics , privacy and security Today ’s business model of the new digital economy relies on data collection, processing and valorization. And with higher and higher storage, networking and computing capacities, we more and more are a ble to combine data from various databases sources. Because this evolution is quite recent, regulation and data platforms maturity and processes can bring u s to some questionings : Does the user have enough means to control usage of his own personal medica l records? Does he exactly know for which purpose he is engaging? The reality is that more insight and information could be derived from patients’ data and activities. But is this always for his own benefit? A study commissioned by the financial times, in 2013, revealed that top 20 fitness apps transmitted information to third party companies, which could end up in pharmaceutical or insurance companies 5 . Fortunately, since then, Apple told developers that they no longer can sell such data without users ’ co nsent. There is a great temp tation for those insurances companies. Indeed, with actual situation, some institutions already propose to modulate subscription fee s and reimbursement level s according to physical activity. With such evidences, they can impleme nt a bonus - malus system like we can see an example in Switzerland 6 . Would we, one day, be suspected for refusing to use a connected solution, like if we would have something to hide? What would happen if we are subject to digital divide for whatever reason , like geographical location, economic cleavage or social position? Should our personal interest predominate to our collective interests? Besides of regulation to protecting the privacy of data, Internet and Big Data turn to become blur areas in which item s that w ere traditionally perceived as disjointed , tend to become more and more reconciled. With the raise of social media, the difficulty for discerning between what should remain private and what is supposed to be public, follows this trend wher e people , for the data they produce, become subject for research es even if they were not aware for being such objects. 5 Dembosky A. and Steel E. - The financial times (Sept 2, 2013, 17) - Health apps run into privacy snags 6 CSS insurance (2017) - Information Sheet - myStep
17. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 17 2.1.1. Personal data - the General Data Protection Regulation France was pioneer in terms of personal data protection. The first low about personal data protection was promulgated in 1976. Since then several updates were conduct ed, and the European union adopted a first directive 95/46/CE in 1995 16 . This directive aimed to reconcile fundamental protection of individuals with regard s to the processing of personal data , and on the free movement of such data . Despite of this fact, n ot all European Union state s have systematically applied this directive regarding data protection, and therefore substantial differences appeared between the national lows and the regulations. These differences complicated multinational organization works to remain in compliances w ith all these different rules, and introduced uncertainty for the people. With technological evolution and digitalization, a review of that situation has been conducted by the European Commission. The goal was to produce a new reg ulation to provide same level of protection and obligation across the entire Union: the General Data Protection Regulation (or GDPR) 17 . The difference between a directive and a regulation is that a regulation applies directly to all states members while a d irective must be first transcribed in national laws. This new regulation will be fully implemented on the 25 th of May 2018 and applies on data related to every EU citizen, even if the data is stored outside union border s . I n fact this new regulation has th e ambition to become one of the worldwide standards because it forces other countries to also follow the same rules as soon as an European person is directly or indirectly involved in a database. For instance, an IP address, a device ID or a credit card nu mber can all be considered an individual identification information. Pseudonymized information could also be considered as personal information depending on the difficulty level of the re - identification process, otherwise, their management falls outside of the regulation. The new regulation also extends the scope of responsibilities for the data processing activity. Indeed, subcontractor s are supposed to foll ow the same level of regulation and be in compliance with their customers’ requirements and accounta bilities. 16 European Parliament (2018) - Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data 17 European Parliament (2018) - REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
65. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 65 5. Conclusion A long this thes is we have seen where traceability concerns are in the medical field , and w e have g o t an overview of the stakes that are involved within several processes . The regulation in the medical field is so vast, that we only brought the essential information to know , and have transcribed them in a summarized form for a good understanding of the rest of the thesis. Indeed, we covered both the personal and non - person al data related to medical devices . After this first level of research, we then entered in the inventory of the benefits which the currently implemented traceability can deliver for all stakeholders. Then , another research took place in order to find out w here new potential benefits could be found in a theoretical point of view, and in conjunction with coming new regulations. It appeared that first level of benefits resides in the capacity of digitalization and dematerialization of the processes. In the im age of many other areas that were not impacted already by the digital trend, the medical area still relies on many processes that are implement ed using paper form ats , thanks to their better genuine proofs. However, continuing implementing so complex inform ation exchanges in paper forms would obviously lead to jeopardize lots of benefits , in comparison to the potential offered by a digitalized information system . At least in terms of space saving o r faster full - text search capabilities inside the contents . T he way to reconcile those 2 antinomic statements, would to ensure giving the same level of probing value to digitalized documents as if they were still in a paper form. The thing is not only to copy/store some conte n t, but really to replace the paper forma t and keep the digitalized version as being the original one. T he simple fa c t o f using a digitalized information instead of a paper format, will allow many other ways for their valorization. F r om faster information exchange between 2 systems with less risk s of data quality loss, to large scale data analysis or data mining for building new generation predictive models. Therefore, a new digital paradigm must emerge to guaranty an additional level of confidence o n top of already implemented data securing mecha nisms. Indeed, today’s security mechanisms help to implement some security in data storage or during network transfer s . B ut , not ye t o nto the data authenticity and immutability over the time , in a shared common repository owned and ruled equitably by sever al stakeholders.
20. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 20 relevance of the manipulation. However, a nonymized data proc essing remains outside of these regulations. 2.1.3. Medical record The medical record is considered as the primary element for patients care quality. It records and keeps track of all taken actions, and is usable by all care team members within a care facility. R oles and responsibilities must be known by each involved person, as i t materializes the link be tween them and establishes evidences in case of litigation. Medical record follows a defined regulation. It is supposed to be stored in a place guarantying its a ccessibility, integrity and confidentially , but is subject to medical secret. The medical record and its storage cannot be uncoupled, as quality on each impacts quality of the other. The medical record is created at the first contact between a patient and a care facility for inpatient to outpatient clinics, and progressively enriches from intervention traces produced by healthcare professionals. In France, the medical Record is ruled in the code of public health 20 . Moreover, as soon as administrative data is joined to the medical and paramedical information, the entire record falls under medical data regulation described in the 2.1.2 “ Medical data ” section. 2.1.4. Shared medical record The shared medical record must be crated under the e xpress con sent of a person, or his legal representative, and is available for each French health insurance beneficiaries. In order to get access on shared medical records, health care professionals must agree with national conventions regarding relationshi ps between health insurance institutions and healthcare professionals 21 . Consultation and update permissions are given under patient’s responsibility and take over by a professional. In France, the share d medical record has been ruled in 2016, in the code o f public health 22 . As it is a digitalized and a nominative file, the shared medical record falls under the medical data regulation described in the 2.1.2 “ Medical data ” section, and must be stored in a certified data host for me dical data like describe d in 2.1.5 “ Certified Data host (HADS) ” section. 20 Légifrance (2018) - Code de la santé publique - Personnes accueillies dans les établissements de santé 21 Légifrance (2018) - Code de la sécurité sociale - Dispositions relatives aux relations conventionnelles 22 Légifrance (2018) - Code de la santé publique - Dossier médical partagé et dossier pharmaceutique
72. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 72 Bibliography Assurance maladie (2018) - Dossier médical partagé BBC (2016) - Counterfeit drugs: 'People are dying every day' Belmas V. (2016) - Les dispositifs médicaux Benchoufi M. and Ravaud P (2017) - Blockchain technology for improving clinical research quality Bitglass (2017) - Healthcare Breach Report 2017 Blackstone E.A., Fuhr J.P. and Pociask S. (2014) - The Health and Economic Effects of Counterfeit Drugs Cambridge dictionary (2018) - "Trace" definition Cambridge dictionary (2018) - "Traceability" definition CNIL (2018) - Commission Nationale de l'Informatique et des Libertés - Privacy seals CSS insurance (2017) - Information Sheet - myStep Deloitte (2017) - When two chains combine, Supply chain meets blockchain Dembosky A. and Steel E. - The financial times (Sept 2, 2013, 17) - Health apps run into privacy snags Dubovitskaya A., Xu Z., Ryu S., Schumacher M. and Wang F. (2017) - Secure and Trustable Electronic Medical Records Sha ring using Blockchain European Commission (2018) - Medical devices regulatory framework European Parliament (2014) - REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, of 23 July 2014, on electronic identification and trust services for electronic transactions in the internal market and repealin g Directive 1999/93/EC European Parliament (2018) - Directive 2001/20/EC of the European Parliament and of the Council of 4 April 2001 on the approximation o f the laws, regulations and administrative provisions of the Member States relating to the implementation of good clinical practice in the conduct of clinical trials on medicinal products for human use European Parliament (2018) - Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free mo vement of such data European Parliament (2018) - REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, of 27 April 2016, on the protection o f natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) Gartner (2017) – Gartner Hype Cycle for Emerging Technologies Hays D. (2017) - Blockchain Technology : ‘Proof - Of - Work’ Versus ‘Proof - Of - Stake’ Hitachi Vantara webside (2018) InSight Crime (2013) - Counterfeit Drugs Kill 1 Mn People Annually: Interpol Integrated BioBank of Luxembourg ( IBBL) Institute (2018)
62. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 62 To take an example, the GDPR raise s the question of the right to oblivion. Indeed, a b lockchain is designed to store and keep data authenticity. So how to remove one content? I fear that it would not be easily possible witho ut breaking internal mechanism s of the chain. Otherwise, it would take ages to rebuild (compute) all the blocs that have been inserted after the block (or transaction) we would like to alter/delete at one point in time , and this without thinking on the phy sical network congestion it could engender to permanently re synchronizes all the no d es together in the network. Another workaround would to n ot store the data directly in the b lockchain, but to anonymize and only keep a digital signature of the informatio n inside (hash). T hen to store th e whole content in an encrypted form outside of the ledger . On a first side, anonymization doe s not prevent to still cover the personal data management process responsibility, and indeed makes it just shift ing to another pl ace or person. But o n the other side, k eeping the less information inside the b lockchain will have a benefit anyway, b ecause another concern is about the performance f or its long - term sustainability . Indeed, the more the chain is long, the more time it ta kes to validate the sequence of blocs. And this whatever the chosen consensus algorithm , and selected autoblocking mechanism which are either the “ W orm” or the “Merkle Tree”. One of the major stakes today is to think how to segment the information for kee ping the chains as short as possible , in a worldwide use case context with high throughput requirement s . For instance, one recommendation for documents management, would be to build one dedicated b lockchain for each individual document, just because we kn ow there will be a starting and an ending point in their lifecycle . 4.3.2. Benefits for traceability concerns Thinking on building a system able to manage efficiently personal data, in today’s medical field will be tough to achieve and highly risky considering th e uncertainties around both the technology and regulation maturity. On an other side, l ooking from the traceability perspective, usage of a b lockchain, with its capacity of keeping traces authentic, can provide a solution for data sharing, access requests a nd level of permission management in the context of a private b lockchain using a “pr o of of stake” consensus mechanism .
59. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 59 4.2. Dematerialization and replacement of paper One remaining problematic is the written - physical - form that some information must have in order to comply with actual agreement s , o r regulations. This can be seen as a major drawback for any process of digitalization attempt. However, the trend is irremediably pushing for more dematerialization, and we can say with absolute certainty, that the different countries will update their legislations to follow the movement, even for their proper needs. There are currently some norms that oversees the movement, which at least are the French NF Z42 - 026 for total paper dematerialization process es and the ISO 14641 - 1 ( NF Z42 - 013 ) for electronic documents archiving. Let’s have a look to the Art. 1379 of French civil code 45 , the corresponding decree of the 5 th of December 2016 46 and the EU regulation 47 : “ Is assumed reliable until there is evidence to t he contrary any copy resulting of an identical reproduction of the form and of the act content, and which integrity is guaranteed over the time by a process compl iant with requirements set by decree ” “ Integrity resulting from a reproduction process by e lectronic means is testified by an electronic footprint which guarantees that every subsequent modification of the copy it is attached is detectable ” “ T his condition is assumed fulfilled by usage of a qualified timestamp, qualified electronic postmark or qualified electronic signature within the exigencies of the regulation (EU) No 910/2014 of the European Parliament and of the council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and re pealing Directive 1999/93/EC ” If we start from the assumption that : something might be authorized as long as it not prohibited, and even though not yet explicitly written that is authorized , then a digitalized document can acquire a probing value thanks t o a b lockchain by complying to those norms , low and decree. 45 Légifrance (2018) - Code civil - Article 1379 46 Lég ifrance (2018) - Décret n° 2016 - 1673 du 5 décembre 2016 relatif à la fiabilité des copies et pris pour l'application de l'article 1379 du code civil 47 European Parliament (2014) - REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, of 23 July 2014, on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC
63. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 63 Coming regulation will push the industrial s in drug manufacturing sector to closely integrate themselves with better data exchanges. It represents a good opportunity to start assessing the b lockchain, as this new compliance rule would imply significant changes , and possibly up to radical evolutions in their internal software architectures by the way . A “consortium” b lockchain (semi - private ) shared between a pre - definite number of members would be a good approach in this context. This in order to share more efficiently the data in a trusted leger, but in a cost - effective manner. Indeed, the b lockchain with its intrinsic data authenticity and distribution, could guarantee a high level of confidence without the need of any third party or so much additional layers of auditing at the physical storage level. Even though the technology is not yet sufficiently mature to have an absolute certainty about its role in the future, the fact the regulation will only apply in 2024 gives enough time to qualify and adjust the usage made by a potential b lockchain between all the actors . One recommended approach for starting with the b lockchain would to ensur e being track - and - trace and serialization regulatory read y , as a prerequisite , before then continue by thinking on integration with third party software like the ERPs of other stakeholders. But after all, one last question will remain with actual regulatio ns. For any process or operation in the medical field, at least one stakeholder must assume the role of accountability for running the platform and to ensure its governance. There are two possibilities, either they find an agreement with each other to crea te a public interest group to autoregulate themselves, or the state within current regulation authorities must play a new role of neutral observer inside the b lock chain network. 4.3.3. Smart contracts 49 Smart contact s are pieces of software that are hosted inside a b lockchain, and also benefit from immutability capability for their execution. At first sight , smart contracts have attractive arguments in comparison with legacy software creation and exploitation. However, the rigidity in their execution also raises s ome concerns. Imagine there is a n unexpected bug in a smart contract, how would we make the correction? Again, the risk is also high when actions triggered in smart contracts depend on declarative contents, which are subject to interpretation and further r ollback/correction s as well . We are entering here in the same issue than the previously explained about data deletion /alteration in side the chain... In a legal point of view, usage of smart contracts also raises some questionings. A contract in a juridical p oint of view must be understood by the stakeholders , while this one in that 49 Philipp e S . (2018) - L'internet des objets et la data: l'IA comme rupture stratégique, Dunod
68. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 68 5.2. Limits about b lockchain The b lockchain technology starts having more and more credibility with the public. It started with the emergence of cryptocurrencies, but it could remain difficult to convince new p e rsons for many reasons . First, trying to e xplai n how a b lockchain works is not simple . It requires some pedagogy efforts and some patience on each side as well . Indeed, the technology relies on mathematical theories and cryptographic mechanisms. In this thesis we only have seen a first level of their f unctioning. And the more the time passes, the more literatures appears, and the more it becomes harder to not get confused between all the concept s . Secondly , t he b lockchain ecosystem evolves very fast due to its popularity and other new concepts could eme rge regularly as well . When it is well summarized, the b lockchain technology sounds to be the ultimate technology for information sharing. We can have heard pretty often that data are actually safe, which is true , but also encrypted in the meantime and ins erted in an anonymized format. These 2 lasts statements are not necessarily true. Moreover, not all the internal mechanisms are easily accessible to perform the data storage, and would impl y to deeply know the internal functioning of the chosen b lockchain implementation to cover a particular need. Please be aware that intensive usage of cryptographic mechanisms does not necessarily mean encrypted information, and do not confuse between those concepts of encoding of data (hiding them) , versus the digital s ignature which make s the data to stay authentic. There are today a lot of b lockchains implementations with regular new comers , each with their own benefits and constrains. At the moment we are in a stage where it remains difficult to clearly assess which ones are more adapted in comparison to other s . We do have some clues obviously due to their internal architecture, but we do not have enough data to validate them by the reality of production system s . It is still an ongoing process for this technology to gain in maturity. Along the thesis we also have mentioned the power of b lockchain for being distributed and being simultaneously a centralized place for sharing data. It could also raise some confusions in terms of understanding. In these con sideration s , we actually are not talking at the same level. Indeed , at the infrastructure level ( for physical layer), yes, the b lockchain is distributed meaning that it is hosted at several places in the meantime (servers) . But in a logical point of view, it implements
52. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 52 For instance, they have chosen the PDF/A format, suitable for long conservation and readable by all PDF readers to anticipate transformation in another format if required. This compliance is guaranteed by a “conservative of heritage” person , who guaranti es the compliance with several norms such as the French NF Z42 - 026 and NF Z42 - 013 ( ISO 14641 - 1 ) , that specifies the conditions in whi c h documents are supposed to be digitalized to provide trustworthy equivalence with the original one. The goal of that norm is to no longe r use paper anymore and provid e a process to keep the opposability characteristics of the documents. The key aspect is to maintain sufficient level of confidence regarding traceability of changes , and how to manage their reversibility. Ther e are 2 levels where traceability has to be implemented : - At physical/ file storage level, to track any change on files - Changes d uring documents’ lifecycle However, t here are critical periods of time , like the moment when the document s are scanned before bei ng inserted inside the system , and still live outside the system . Another example is when it is transferred between one system to another as well. Either for transfer between systems, or due to technological change (or migration for instance) , the ministr y remains aware on durability of the documents, as well as for the traces produced along their lifecycle. Indeed, the transfer mechanism between the source (or producer) and destination systems must include all insurance to ensure transfer of data traceabi lity, and thus from the very beginning of the documents creation. The retention time of these traces must be the same than the document retention time, including the traces of the documents destruction (date) . Persons in charge of this project still are qu estioning about the role and po si tion this will have in the ecosystem towards dematerialization, but they feel being precursors on some questions, like the prof of origin and traceability of digitalized documents . 3.4.2. The physical storage and “V itam ” solutions The ministry of Justice decided to explore the immutability properties of a b lockchain to cover their digitalized documents needs . At the first level of traceability for physical file storage, the ministry decided to use a n already available product in t he market: the “Hitachi Content Platform (HCP)” solution: “ Secure Data with Built - In Encryption
69. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 69 one single repository, thanks to the internal mechanisms that perform the abstraction for h id ing that functioning . However, the fact of mastering the physical layer of a b lockchain is as critical a s the logical one , in order to limit the risk of inserting compromised data as well . The b lockchain becoming more mainstream, there is also a growing literature that demonstrates potential hacking techniques as well from this side . L ike in the case i f a computing power majority (51%) is held by one single stakeho lder in a public b lockchain. On another hand, the thesis also not mention ed the cryptographic mechanisms that must be provided in the case of an y private key compromising, able to disclose encrypted data supposed to stay confidential . These are remaining c onsiderations to anticipate and cover during a use case specification. To conclude , the technology by its disruptive potential for implementation of trust, will also require a new governance model to make it sustainable over the time. This would require f or the m edical to encourage a healthcare consortium emergence too, led by the leaders of the sector , like i t was made already in the financial field . W ith the objective to promote a better coordinated approach, a strong collaboration framework would be th e prerequisite to define the standards , and interoperability schemes for getting solutions available faster. Indeed, for saving time, but also preventing risks of conflicts because of each other relative position and solutions , to continu e working in the g eneral and patients interests as well . As you will have understood, b lockchain is a theoretical potential game changer for the industry, but this won’t prevent having enough expertise in that technology to indeed guaranty that trusting level. Otherwise , i t would just make no sense at all anyway...
73. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 73 International Council for Harmonization of Technical Requirements for Pharmaceuticals for Human (2016) - Guideline for good clinical practice E6 (R2) International Organization for Standardization (2016) - ISO 13485 Quality management for medical devices Karl Wü st K. and Gervais A. (2017) - Do you need a Blockchain? Légifrance (2018) - Code civil - Article 1379 Légifrance (2018) - Code de la santé publique - Dossier médical partagé et dossier pharmaceutique Légifrance (2018) - Code de la santé publique - Droits des personnes malades et des usagers du système de santé Légifrance (2018) - Cod e de la santé publique - Information des usagers du système de santé et expression de leur volonté Légifrance (2 018) - Code de la santé publique - Personnes accueillies dans les établissements de santé Légifr ance (2018) - Code de la sécurité sociale - Dispositions relatives aux relations conventionnelles Légifrance (2018) - Décret n° 2016 - 1673 du 5 déc embre 2016 relatif à la fiabilité des copies et pris pour l'application de l'article 1379 du code civil Légifrance (2018) - LOI n° 2016 - 41 du 26 j anvier 2016 de modernisation de notre système de santé Légifrance (2018) - Régime juridique des dispositifs médicaux Moatari - Kazerouni A. and Bendavid Y. (2016) - Improving logistics processes of surgical instruments: case of RFID technology Novartis (2017) - Essential Information on Clinical Studies Novartis (2018) - New Nov artis point of care Niji™ Orlena C. Z. Gotel and Anthony C. W. Finkelstein (2011) - An analysis of the requirements traceability problem Pharmaceutical Processing (2016) - The Building Blocks of Pharmaceutical Traceability Philippe S. (2018) - L'internet des objets et la data: l'IA comme rupture stratégique, Dunod Quality magazine (2008) - Understanding ISO 13485 Regan G., Mc Caffery F., Mc Daid K. and Flood D. (2013) - Medical device standards' requirements for traceability during the software development lifecycle and implementation of a traceab ility assessment model Sammons HM and Choonara I. (2017) - Substandard medicines: a greater problem than counterfeit medicines? Thirumalai S. and Sinha K. K. (2011) - Product Recalls in the Medical Device Industry: An Empirical Exploration of the Sources and Financial Consequences U.S. Food and Drug Administration (2018) Vitam project website (2018) Zhang P., White J., Schmidt D. C. and Lenz G. (2017) - Applying Software Patterns to Address Interoperab ility in Blockchain - based Healthcare Apps
45. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 45 3.2.5. Issues and poss ible improvements The very first issue depends on the clinical study duration. Indeed, for storage space saving purpose, the hospitals cannot receive and store the entire number of samples/tubes needed for the study. For this reason, they are sent periodic all y , that implies some logistical issues managed by central laboratories . During the study period, a particular attention is given during sample data reconciliation by the pharma company to check if physical samples are matching with their corresponding a nnotation (i.e: samples are at the right place at the expected time). It is monitored with regular reports provided by central laboratories. Another issue is related to the informed consent forms and compliance rules. Indeed, sites could b e located anywher e in the world. Then, the consent forms should remain understandable by the local population and also comply with local regulations. Fortunately, most of the times, regulations remain compatible with US, EU and Swiss standards. However, the consent form it self must be translated in to all languages spoken inside the countries covered by the study area. Therefore, inherent issues with some languages subtleties may appear during the translation process , that the company must care on particularly . The informed consent is still a paper form managed by the doctors at the sites. Moreover, optional consents could also be suggested in add ition for other study cases, that the doctors must reflect into the pharma company portal as well . But at the end, for whatever cas e, the pharmaceutical company remains accountable to physically dispose/dest r oy all data and samples from a patient at any time, if he decides to withdraw his consent. Because coding is performed and managed locally by the physicians , the patient must fir st inform him. Then, the physician will inform the pharmaceutical company . This situation raises the question on how this correspondence between a patient and his ID is locally managed. On the pharmaceutical company side, the coding can also raise some ga ps as soon as cross - referring data allows possible identification of a patient relatively easily, in case of rare d iseases or related to patient ages. Along the study, there are also issues regarding the data quality and transfer frequency. Indeed, there is always a deviation between real situation effectiveness in sites with data consolidated by the central laboratories , especially when the information is transferred in paper format and handwritten.
9. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 9 At the end, for these reasons and many other s, we easily understand the importance of this kin d of information and how valuable they are, a nd con sequently how the data warehouse s must be protected as well . 1.2. Confidence, and the exigence of traceability In 1974, the first hospitalized patient charter is released in France . Then more and more documents were produced in order to define patients’ rights and obligations. Objectives is to follow the society evolutions : - By a progressive shifting from patients’ expectations to a consumers - like exigence - Facing new modern forms of diseases and propagation pathways - To define rules for facing technical progress and threats from digitalized applications - Continue h aving the wil lingness to eradicate risks The main question s people is asking when somebody else attempt s to use medial data are: - Where the y go to? - By whom are they used? - F or what purpose ? - Are they in a secure place? Data sharing bring s benefits at individual and societal levels. In that sense, organizations and the various institutions may continue to promote that with appropriate technical measures to mitigate privacy risks. A t this moment, many init iatives are undertaken either at the regulation stage or in the technical side. Most of concerns turn s around the traceability at every level. It is indeed, obvious and understandable, that everybody wants to have a minimum level of guarantee that their pe rsonal medical records are tracked. This, in order to recover any source of failure faster and with certainty. This statement therefore induces some legal and moral obligations of keeping usage and data exploitation in a responsible and secure way . This t rend would also continue to grow in importance for the people, because unauthorized disclosure became the first leak reason of medical data in 2017 7 . Other aspect for tra c eability in the medical field is to guarantee a best level of compliance regarding me dical d evices for consumers protection, enhance quality, service s and global efficiency. 7 Bitglass (2017) - Healthcare Bre ach Report 2017
32. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 32 However, j ust by evoking the term of “hype”, automatically it rais es questionings whether it is only a trendy “buzzword” or effectively something able to deliver on its promises . 2.3.1. A Secured ledger In my point of view , what makes a b lockchain so interesting, is its capability for guarantying the integrity of a transaction s history sequence . By using “autoblocking” cryptograph ic mechanisms ( H ash fun c tions ) between “blocks” of data , t h e data becom e s sealed and c ould no longer be altered without breaking the “chain” 32 , like we can see following: Figure 9 : Blockchain structure - Applying Software Patterns to Address Interoperability in Blockchain - based Healthcare Apps The figure shows how the calculated hash of individual blocks are chained together, making each other signature (hash) an integral part o f the next block of data, and so on... . However, this data structure is not sufficient to provide confidence in a multi - tier architecture. Indeed, this only guaranty already inserted data authenticity, but not the trust about the mechanism in use for a new b lock insertion. Figure 10 : Blockchain as a distributed ledger. Source: The Wall Street journal - What is blockchain ? A b lockchain is also a distributed ledger, in the contrary to current centralized models . And this must be coup led with a “consensus mechanism”, also called “mining” process, which is agreed and trusted by all the stakeholders ( or clients of the chain ), to provide the necessary confidence in the way a block is inserted and accepted by the others. This mechanism is in fact materialized by an algorithm accepted by all members acceding to the chain. There are mostly two distinct types 33 : - The proof of work : used in the bitcoin b lockchain, by resolving a mathematical equation, which is resource intensive 32 Zhang P. , White J., Schmidt D. C. and Lenz G. (2017) - Applying Software Patterns to Address Interoperability in Blockchain - based Healthcare Apps 33 Hays D. (2017) - Blockchain Technology: ‘Proof - Of - Work’ Versus ‘Proof - Of - Stake’
3. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 3 3.2.3. The infor med consent ................................ ................................ ...................... 42 3.2.4. Phases implementation ................................ ................................ .................... 43 3.2.5. Issues and possible improvements ................................ ................................ .. 45 3.3. Supply chain challenges ................................ ................................ ........................... 48 3.3.1. Pain and potential gains ................................ ................................ ................... 49 3.4. French ministry of justice - Dematerializing the archiving process ......................... 51 3.4.1. Evidential value of digitalized documents ................................ ........................ 51 3.4.2. The physical storage and “Vitam” solutions ................................ .................... 52 3.4.3. Changes, concerns and potential benefits ................................ ....................... 54 4. Recommendations ................................ ................................ .................. 56 4.1. The traceability proce ss improvement ................................ ................................ .... 57 4.2. Dematerialization and replacement of paper ................................ .......................... 59 4.3. Blockchain ................................ ................................ ................................ ................ 61 4.3.1. The distributed and secured ledger utility ................................ ....................... 61 4 .3.2. Benefits for traceability concerns ................................ ................................ .... 62 4.3.3. Smart contracts ................................ ................................ ................................ 63 5. Conclusion ................................ ................................ .............................. 65 5.1. Limits of that thesis ................................ ................................ ................................ .. 67 5.2. Limits about bl ockchain ................................ ................................ ............................ 68 Glossary ................................ ................................ ................................ ........ 70 Table of illustrations ................................ ................................ ..................... 71 Bibliography ................................ ................................ ................................ .. 72
71. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 71 Table of illustrations Figure 1: Counterfeit drugs. Source: Huffington Post ................................ ................................ 6 Figure 2: CNIL label. Source: CNIL ................................ ................................ ............................ 10 Figure 3: Medical d evices classification examples. Source: Les dispositifs médicaux - Véronique Belmas ................................ ................................ ................................ ................................ ...... 15 Figure 4: Medical device supply chain. Sour ce: Product Recalls in the Medical Device Industry: An Empirical Exploration of the Sources and Financial Consequences ................................ ... 27 Figure 5: Drug Supply Chain Security Act. Source: The Building Blocks of Pharmaceutical Traceability ................................ ................................ ................................ ............................... 28 Figure 6: RFID system. Source: Im proving logistics processes of surgical instruments: case of RFID technology ................................ ................................ ................................ ....................... 29 Figure 7: Comparison of scenarios cost. Source: I mproving logistics processes of surgical instruments: case of RFID technology ................................ ................................ ...................... 30 Figure 8: Blockchain hype cycle. Source: Gartner Hype Cycle for Emerging Technologies ..... 31 Figure 9: Blockchain structure - Applying Software Patterns to Address Interoperability i n Blockchain - based Healthcare Apps ................................ ................................ .......................... 32 Figure 10 : Blockchain as a distributed ledger. Source: The Wall Street journal - What is blockchain ? ................................ ................................ ................................ .............................. 32 Figure 11: Pharmaceutical supply chain. Source: When two chains combine, Supply chain meets blockchain ................................ ................................ ................................ ...................... 35 Figure 12: System architecture of blockchain based data m anagement and sharing. Source: Secure and Trustable Electronic Medical Records Sharing using Blockchain .......................... 37 Figure 13: Clinical tri al data workflow. Source: Blockchain technology for improving clinical research quality ................................ ................................ ................................ ........................ 38 Figure 14: Medicine development phases. Source: Pharma company - Essential Information on Clinical Studies ................................ ................................ ................................ ..................... 40 Figure 15: Clinical study inclusion/exclusion criteria. Source: Pharma company - Essential Information on Clinical Studies ................................ ................................ ................................ 41 Figure 16: Clinical study patients consent. Source: European Parliament .............................. 42 Figure 17: Clinical study preparation. Source: Pharma company ................................ ............ 43 Figure 18: Clinical study progress. Source: Pharm a company ................................ ................. 44 Figure 19: Supply chain: Source: GE ................................ ................................ ......................... 48 Figure 20: QR code example: Source: inslideshow application - www.in - slideshow.com ...... 50 Figure 21: Merkle tree overview. Source: Wikipedia ................................ ............................... 53 Figure 22: Do you need a Blockchain? Source: D o you need a Blockchain? ........................... 61
33. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 33 - The proof of sta ke : wh ere stakeholders accept to trust some of them , for doing the job of insertion on the behalf of all Beware that there are others consensus mechanisms and s uch definitions are quite simplified . O ther stakes could also come into play , as well as possibl e malicious attacks but these are mostly out of scope of this thesis. Star t ing from that statements, we can now define a b lockchain as a new data structure being at once: decentralized , immutable and providing enough secured /verifiable mechanisms to buil d a trustful network for information sharing, and from various data sources. 2.3.2. Smart contacts 34 There is another concept linked to the b lockchains that go es further, provid ing a framework able to execute other kinds of applications. Smart contracts are pieces of code stored inside the chain, but which are defining a process accepted by all stakeholders beforehand , for automated action s execution , which result will also be stored in side the chain. Indeed, in a n environment where concerns and stakes linked to da ta access are becoming more and more prominent , smart contract s have the advantage to provide a high level of compliance with a lot of regulations. Then, here are 7 good reasons which tend to promote emergence of smart contracts in general : - Autonomy : anyo ne (person or organization) can accept to enter in a smart contract term s if it is accessible via a public b lockchain. It no longer require s third parties support for its execution - Confidence : once engaged, it would not be possible for a stakeholder to ex empt himself from a contract clause. Indeed, the contract is encrypted and stored on the chain, that will give it a long - term integrity over the time - Multiple backups : a smart contract will never be lost . B ecause of the native distributed architecture o f b lock chain, copies will remain stored by all members acceding to that same chain - Safety : the chain being itself secured by cryptographic mechanisms, it would quite be impossible to change any term of a contract once recorded 34 Philippe S. (2018) - L'internet des objets e t la data: l'IA comme rupture stratégique, Dunod
2. Philippe Schweitzer - © 2018 HEC Paris - Executive Specialized Master in Strategic Management of Information and Technology 2 Table of contents Acknowledgements ................................ ................................ ........................ 4 Executive summary ................................ ................................ ........................ 5 1. Introduction ................................ ................................ ............................ 6 1.1. Ethics, privacy and security ................................ ................................ ........................ 8 1.2. Confidence, and the exigence of traceability ................................ ............................. 9 1.3. Definitions ................................ ................................ ................................ ................ 11 1.3.1. Traceability ................................ ................................ ................................ ....... 11 1.3.2. Medical data ................................ ................................ ................................ ..... 12 1.3.3. Medical devices and classification ................................ ................................ ... 14 2. Literature ................................ ................................ ................................ 16 2.1. Legal framework ................................ ................................ ................................ ....... 16 2.1.1. Personal data - the General Data Protection Regulation ................................ . 17 2.1.2. Medical data ................................ ................................ ................................ ..... 19 2.1.3. Medical record ................................ ................................ ................................ . 20 2.1.4. Shared medical record ................................ ................................ ..................... 20 2.1.5. Certified data host (HADS) ................................ ................................ ............... 21 2.1.6. Medical devices ................................ ................................ ................................ 22 2.1.7. Types of traceability and benefits ................................ ................................ .... 23 2.1.8. Evolutions – the Drug Supply Chain Security Act ................................ ............. 28 2.2. Track of materials with RFID: logistics processes of surgical instruments ............... 29 2.3. The blockchain technology ................................ ................................ ....................... 31 2.3.1. A Secured ledger ................................ ................................ .............................. 32 2.3.2. Smart contacts ................................ ................................ ................................ .. 33 2.4. Medical potential use cases for blockchain ................................ ............................. 35 2.4.1. Supply chain ................................ ................................ ................................ ..... 35 2.4.2. Secure and Trustable Electronic Medical Records sharing .............................. 37 2.4.3. Blockchain technology for improving clinical research quality ........................ 38 3. Field study ................................ ................................ .............................. 39 3.1. Methodology and propositio ns ................................ ................................ ................ 3 9 3.2. Interventional clinical study case ................................ ................................ ............. 40 3.2.1. Clinical study definition ................................ ................................ .................... 40 3.2.2. The clinical study protocol ................................ ................................ ............... 41
- 209 Total Views
- 135 Website Views
- 74 Embedded Views
- Social Shares
- 0 Likes
- 0 Dislikes
- 0 Comments
- 0 Facebook
- 0 Twitter
- 0 Google+
- 2 recordins.com
- 1 220.127.116.11
- 1 in-slideshow.com
- 2 www.in-slideshow.com
- 2 in-teractive.com
- 1 redirect.in-slideshow.com