• United States
by Salvatore Salamone

Life sciences firms face an array of regulatory requirements

Feb 24, 20032 mins
Data CenterHIPAARegulation

While the sheer volume of data in life sciences companies represents a storage management challenge, perhaps a bigger challenge is the length of time data must be retained.

Regular businesses usually keep financial records for seven years, but life science companies often have to keep data for at least two to four times as long.

Today, it takes about 15 years for a new drug to go from the initial research stage to approval by the FDA. That means pharmaceutical companies must keep any data generated in the research and development stage for at least that long when developing a new drug. And if the company gets a patent for a new drug, it would want to keep the data for another 20 years to be able to defend against any patent challenges.

Similar long-term data requirements exist in the clinical and diagnostic segments of the life sciences market. Doctors naturally want to keep patient records for the lifetime of the patient.Virtually all life science companies must comply with the Health Insurance Portability and Accountability Act (HIPAA), which requires confidentiality of all patient records. This usually requires access controls be in place and often makes use of data encryption technology.

Medical images like X-rays, MRIs and mammographies are driving storage requirements here. For instance, a single mammogram can be up to 80 MB in size. Last year, more than 15 million mammograms were taken in the U.S. This is why it is quite common to see life science storage systems with multiple terabytes of capacity.

Additionally, any company that electronically collects and stores data related to drug development must also comply with Title 21 Code of Federal Regulations Part 11, which is commonly referred to as CFR Part 11. CFR Part 11 requires more robust security and data handling processes than HIPAA. For instance, systems that meet CFR Part 11 requirements often support digital signatures, audit trails, and nonrepudiation features.

In the last quarter of 2002, many storage management vendors jumped on the HIPAA and CFR Part 11 bandwagon offering to handle this aspect of the managing data for life science companies.

Back to main feature: “Data deluge”