Nearly one quarter (22%) of people with a new cancer diagnosis have a rare cancer, of which there are over two hundred different forms of the disease. Today these rare cancers have fewer treatment options, and survival rates are significantly lower than for common cancers. But the rarity of the cancer adds a layer of complexity for researchers working to beat these diseases, as it can be hard to find patients to take part in research or trials of new treatments.

Working as a professor of haematology at Newcastle University, Andy Hall, saw the frustration of patients, healthcare professionals and researchers, who all wanted to find each other to access new treatment trials for rare cancers. After meeting Simon Allocca, whose daughter sadly died of a rare cancer, Andy worked with Simon and two other founders to create a solution, and together they developed RareCan, a digital health platform that connects people with rarer forms of cancer to the resources and tools they need to understand and manage their lives and connects pharma companies with patients for clinical trials, enabling drugs to be trialled faster, shortening drug development time. As cancer clinical trials are estimated to cost between five to eight million pounds a month, time savings are critical.

As the RareCan platform contains a lot of private, confidential, and sensitive information provided by the patient, the team knew it needed to be secure and meet data protection laws, including GDPR. Also, although sponsored by pharma companies, most clinical trials in the UK are conducted within the NHS, so they would need to meet NHS standards, including Cyber Essentials and the Data Security Protection Toolkit (DSPT).

Alongside being the founder at RareCan, Andy is also the Data Protection Officer and so was responsible for this. He explains, “When we first started to look at GDPR, I asked a law firm to do a gap analysis, to help us identify what we needed to do. Upon reviewing this, I could see there was a lot to do.

“For example, keeping a register of all data processing when using multiple software packages, would become extremely complicated to do on a spreadsheet and would be out of date the whole time. It would also be hard to track tasks such as checking if everyone has the latest version of the cyber security policy, if everyone is up to date with their training, let alone sourcing that training.”

Andy and the team concluded it could be a full-time job for someone. But they didn’t have the money for this and anticipated that a manual approach would become unmanageable, and that software would do a better job. So, he conducted desk research to find a solution and discovered Naq. He could see that the Naq automated compliance platform would automatically generate the essential policies, actions, and training RareCan needed to meet its compliance obligations. They would also be able to stay ahead with compliance alerts, and leverage over three hundred integrations to efficiently gather and monitor their compliance evidence.

A demonstration of the software confirmed this, and Andy saw that the platform would meet all his compliance needs. He liked the Naq team, and it was affordable. So, they went for it.

Following a kick-off call with Naq, Andy followed the prompts and checklist on the platform to begin meeting each of the required standards.

RareCan achieved Cyber Essentials in about three days. Hall recalls “It was so easy, I worked my way through the questions on the platform, providing our information, which converted into model answers for us.”  

As some criteria within standards can be met by ensuring team members are trained in specific disciplines, Andy also found the training packages particularly helpful for meeting Cyber Essentials: “The Naq platform features good clear, short, sensible training courses relevant to meet NHS standards. For example, when demonstrating strong passwords for Cyber Essentials, I can demonstrate that all staff have completed the relevant 15-minute training module on this topic annually, including competence testing, which was helpful.”

The DSPT was next, which took a similar amount of time. For this, RareCan didn’t yet have certain documentation, such as business continuity plans. So, Andy appreciated the platform providing advice and best practice templates. Tasks to meet GDPR compliance were kicked off at the outset, as this framework was going to take a little longer, but it is now in place.

With standards met, Andy now maintains compliance and checks the dashboard regularly to identify any new actions, assigning them to relevant team members as needed. Next year, thanks to a grant from Innovate UK, RareCan will be developing software to identify trials. As this borders on clinical decision-making, they will need to meet with software as a medical device regulation. But with Naq, Andy isn’t concerned about this.

Commenting on the Naq platform, Andy particularly values its ability to generate documents. He expands: “Like it or not, for compliance, you must generate lots of documentation to explain your approach. With Naq, you simply put your data in, and it generates the documents for you, using best practice templates.

“Then, when something changes, such as using a new piece of software, you just add this information into the platform, and it produces new documentation. This allows you to efficiently keep up to date with your documentation.

“We now don’t worry about any last-minute panics if there’s an audit or deadline to meet. We can forget about compliance worries.

Andy regularly recommends Naq to other innovators. When probed about what he says, Andy shares: “I say, if you have a guilty conscience about compliance, knowing you have tasks, nagging fears that the world is going to fall apart, but you are still behind on compliance, get Naq. With Naq, you can get compliance sorted, and then it's simply something you need to monitor and keep on top of.”

Impact

With standards met, RareCan has been able to operate with a range of strategic partnerships across the healthcare system to support patients with rare cancers. These include Atelerix, Sarcoma UK, Neuroendocrine Cancer UK, Blood Cancer UK, Novopath, Ovacome, GIST Cancer UK, and Cancer Research UK.