The need for high-quality, annotated biospecimens has significantly increased in the recent past. This has accelerated the need for biobanks to securely store samples. All modern biobanks, including commercial, third-party, and in-house biobanks, face a complex patchwork of regulatory and ethical challenges. Biobanks face compliance challenges from ethics committees, Institutional Review Boards (IRBs), scientific boards, and regulatory agencies. Biobanks need to be legally and ethically competent and comply with the regulatory guidelines and standards.
Importance of Regulatory Compliance for Biobanks
Biobanks manage a large number of patient samples and associated metadata. This brings along multiple challenges such as risk to patient privacy and data security apprehensions. Biobanks are responsible for storing and disseminating high-quality samples without compromising patient privacy. Regulatory compliance is essential for biobanks as it helps in safeguarding sensitive donor information. It also enables biobanks to standardize operations, maintain high-quality samples, and build trust within the biobanking community and among researchers. Non-compliance could be a threat to biobanks and can lead to hefty fines, penalties, and even license cancellation. This may impact the reputation of biobanks, thus raising a question on their operational competence and the ability to provide fit-for-purpose samples.
Major Compliance & Best Practices for Biobanks
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides guidelines to protect the sensitive data of sample donors and enforces measures to prevent disclosure of personally identifiable information of donors without their consent. The entities covered by HIPAA include biobank staff and their business associates. HIPAA requires biobanks to protect personally identifiable information (PII) of patients, securely manage data, and record all changes made to the PHI along with the reason for making the changes. Based on the severity of violations to HIPAA rules, the Office for Civil Rights (OCR) under the Department of Health and Human Services (HHS) issues certain penalties or institutes corrective actions as deemed necessary.
- EU GDPR
The European Union’s General Data Protection Regulation (EU GDPR) governs the privacy and data of EU citizens. However, it can impose obligations on any entity that deals with the data of EU citizens, irrespective of where the entity is located. The regulation is applicable for all biobanks that store samples and data of EU citizens. EU GDPR allows the transfer of personal data of EU citizens to non-EU countries only if they have similar standards to protect the confidentiality of data. Violation of the EU GDPR attracts harsh fines and penalties that may run into millions of Euros.
- ISO 20387:2018
ISO 20387 was published by the International Organization for Standardization (ISO) in 2018. This standard stipulates the need to maintain the quality and appropriateness of biological samples collected by biobanks and their related metadata. This standard applies to all kinds of biobanks that collect and store biological materials from multicellular organisms. This is a standard of quality that demonstrates the competence of biobanks in providing high-quality samples that are fit for use in research. Furthermore, it enables biobanks to standardize workflows and other biobanking processes for assuring quality biobank management.
- ISBER Best Practices
ISBER Best Practices (BP) provide guidelines to biobanks on the day-to-day biobanking processes, such as collection, storage, and tracking of samples, documentation, data management, and equipment management. Biobanks should be well prepared with documentation, such as Standard Operating Procedures (SOPs), and securely maintain informed consent of sample donors to comply with the ISBER Best Practices. Though voluntary, ISBER BP enable biobanks to follow sample and data management best practices, thereby supporting transnational collaboration.
- NCI Best Practices
Cancer is one of the leading causes of death across the globe and is one of the most researched diseases. The National Cancer Institute (NCI) best practices apply to biobanks or biorepositories that are involved in cancer research. These practices define operational, technical, ethical, and legal safeguards and guidelines that biobanks should follow to assure the quality of biospecimens and associated metadata intended for cancer research.
- 21 CFR Part 11
21 CFR Part 11, issued by the US FDA in March 1997, permitted the use of electronic data. The standard emphasizes the need of safeguarding personal data in all electronic forms, such as documentation and signatures, and provides guidelines to protect electronic data at all times.
Biospecimen Tracking & Management Software - The Solution to Biobanking Regulatory Challenges
Biobanks can easily meet compliance and follow best practices by leveraging a biospecimen tracking & management software. A biospecimen tracking & management software, also known as a biobanking LIMS or biobank information management system, helps biobanks safeguard sensitive patient data by assigning role-based PHI access to the staff. It becomes convenient for biobanks to securely manage all internal and external documents, such as SOPs and consent forms, with a biospecimen tracking and management software. A biospecimen tracking and management software can help biobankers authenticate key activities through digital signatures while ensuring the safety of data in all electronic forms. It helps biobanks maintain data integrity and a complete audit trail to track key activities. Furthermore, a LIMS helps biobanks manage staff training, schedule equipment calibration, and generate custom reports.
All biobanks need to ensure patient privacy and follow best practices to maintain sample and data quality and integrity. This enforces them to comply with regulatory standards such as HIPAA, ISO 20387:2018, ISBER & NCI Best Practices, EU GDPR, and 21 CFR Part 11. All regulatory compliance provides guidelines to protect PHI and standardize biobanking operations, enabling them to stay ethical and reliable. Biobanks can easily meet governance and compliance requirements using a biobank information management system. It helps biobanks seamlessly manage sample lifecycle, securely manage documents, ensure transparency in biobanking processes, and safeguard information by limiting unnecessary access to confidential data.