Imagine being the planner of an upcoming advisory-board meeting who, in an effort to prepare the participating physicians for the discussion, sends them a proprietary document to read in advance. Then, at the meeting, one physician mentions that he saved some time by running the document through a public artificial-intelligence platform to summarize its contents.
Admit it: You might think to simply turn in your employee badge right there and go home to search for a new job.
That’s just one of the potential data-protection predicaments that life-science event planners could find themselves in these days. In a session at the recent Pharma Forum conference titled “Best Practices to Collaborate with Compliance, Procurement, and Finance,” four longtime medical-meeting practitioners addressed that scenario plus others that planners must protect against.
New Rules and NDAs
Simply put, “mobile phones in sessions are a compliance threat,” said Mike Ruocco, CMM, CEO of Innovia Productions, who works on many pharma and medical-device meetings. The reason: Participants could take photos of content that’s presented or record the in-room conversations.
To prevent these situations along with pre-event A.I. usage on proprietary information, planners could have doctors sign non-disclosure agreements that forbid using technology on data and information except to read it. Alternatively, Andrew Hoag, MMP, HMCC, procurement category manager—commercial meetings and events for Biogen, said that “you can make the content you send out ahead of time password-protected and ‘view only.’ This can be done in PowerPoint and other applications.”
And during the meeting, if physicians’ phones are not needed in a session, a planner might ask physicians to relinquish them while in the room or place them out of easy reach—perhaps in a pouch that you supply. One way to get buy-in for these tactics: Make sessions shorter and breaks more frequent.
Even beyond the meeting room, content leaks are possible. For instance, many event apps are not set up to automatically dispose of their session information and other content after a meeting. “I have at least a dozen event apps on my phone from meetings in the past two years” and some of them still show content, Hoag noted.
Kari Loeser, vice president and chief compliance officer for Cytokinetics, advised planners to “make sure that all content on an event app is retired after 30 days and that all user searches after that go to an ‘error’ message.”
From a broader perspective, “planners should establish a regular rapport with their compliance teams,” said Hoag. “Don’t interact with them only when you have a problem,” as their ongoing training in data protection could help to prevent future breaches around events.
Update Your MSAs
With event-tech vendors, it’s critical to make sure they handle sensitive data and content as diligently as your organization does. However, “the master service agreements with some of your regular vendors could be eight or 10 years old,” Hoag said. “You have to re-examine those to make sure they reflect the latest technologies and situations around data and content.” In addition, “onboarding new vendors means you need to get assurances and proof that they can protect data in their systems.”
Mike Ruocco from Innovia added that “your MSAs should say that you want all event data and content wiped from a vendor’s system as soon as the conference ends. Many times, though, vendors are left on their own to do that.” It’s wise, then, for planners to follow up with all tech vendors in the days after an event to ensure your data is cleared from their systems.
Lastly, A.I. brings new complications to data protection that must be considered. Loeser recalled a situation where a vendor used a free beta version of an A.I. platform for a project, but a glitch allowed it to temporarily take over the vendor’s email, calendar, and SharePoint systems.
So, when working with outside agencies for marketing or other elements of meetings, “your MSA should have a clause requiring your advance permission for them to use A.I.,” Loeser said. Also, “you should require that for anything they’ve used A.I. to help create, the final version had human revision and approval.”
Above: Jennifer Bechan, Kari Loeser, Andrew Hoag, and Mike Ruocco share a laugh during their panel discussion at Pharma Forum 2024.