The dynamic is that the benefit from patent protection in the software industry is less than the cost of the patent development, application and enforcement.   (See Bessen and Maurer – “Patent Failure”). The key area today where IP protection has a positive ROI is chemical formulations, i.e. the bio-pharma industry,    Since most of the patents applied for/issued in the past 10 years have been related to software / algorithms it follows that the adage ‘ You can fool some of the people some of the time but not all the people all the time ” is taking effect.

Protecting software-related intellectual property  is extremely difficult – the boundaries are unclear, the algorithms are similar and people are mobile.

The patent application and registered patents are publicly available for perusal by anyone.  So it is not a privacy/compliance/data security issue at all.  The information is out there.

What is not out there – is the implementation. In the bio-pharma industry, that means the recipe for making the vaccine and in the software industry, it’s writing the software that will be secure, reliable and scalable and friendly to users.

Writing secure, reliable, scalable and maintainable software is a non-trivial exercise.

There is a huge gap between a software  patent and the software implementation.   On one hand, from the perspective of a patent as a digital asset –  the vulnerability of patent disclosure is zero  (since it’s disclosed already by the patent offices) but on the other hand, a company’s actual implementation source code and techniques may be worth a lot of money – the value of the time, know-how and software management invested and the potential downside if a competitor got a copy of the source and implementation technique and jump-started his development process.

My first recommendation to a technology company doing cutting edge software development is to   use DLP to protect your source code  since  this is one of the easiest DLP implementations to do. The prices of DLP  products are going down and $150k of DLP implementation and operations/year is cost-effective when you have a few million invested in the implementation.

There are other security countermeasures against leakage of source code and implementation – methods such as – false flags and changing your source code very quickly through agile implementation. Source code that was stolen 6 months ago is not worth much when a company cycles every day and builds a new release every morning at 830.

In a complex global environment, pharma do not have control of computer platforms that local sites use – yet there is an expectation that file and information sharing should be easy yet there are three areas where current systems break down:

1. People forget what files had been shared and with whom they have been shared

2. People have difficulty sharing files with colleagues in a way that is accessible to everyone – firewalls, VPNs, enterprise content management, DRM, corporate data security policy, end point security, file size – these are all daunting challenges when all you want to do is share a file with a colleague in Berlin when you are working in a hospital in Washington.

3. Notifications – how do you know when new information has been added or updated? Not having timely notifications on updates can be a big source of frustration resulting in team members pinging other members over and over again with emails.

Over the past 10 years a generation of complex enterprise content management software systems have grown up – they are bloated, expensive, difficult to implement, not available to the entire multi-center team and in many cases written by English speaking software vendors who cannot conceive that there are people in the world who feel more comfortable communicating in their native tongue of French, German, Hebrew or Finnish!

We are developing (currently in beta with a Tier 1 bio-pharma in EMEA)  a Web-based, agile collaboration system with a light-weight, easy to use, simple architecture, that saves time and reduces IT and travel costs – and literally gets everyone on the same page.

The system resolves the 3 breakdowns above while recording all user activities in a detailed audit trail in order to meet internal control and FDA regulatory requirements.

The system also provides significant cost benefits in addition to improving information collaboration:

• Reduces travel costs: Using online events, integrated media and file sharing and discussions, the clinical trial team and investigators can conduct program reviews, education activities and special events.

• Eliminates proprietary IT: No proprietary software or hardware and no IT integration. No extra investments in information technologies, CRM, sales force integration and data mining.

If this interests you – drop me a line!

Voyeurism (voi-yûr’ ĭz‘əm) n.

1. The practice in which an individual derives pleasure from surreptitiously observing people.

2. Derives from the French verb voir (to see); literal translation is “seer” but with pejorative connotations.

The client told me that they were considering using a closed physicians’ portal to help market their products.  The business model used by closed, advertising-free, doctors portals (Sermo.com in the US or Konsylium24.pl in Poland) involves paying for market intelligence data collected from the “user generated content” in the community.   The tacit assumption is that physicians will talk freely inside a gated, advertising-free community.

Sermo.com kicks some of the revenue back to the users but the precision and recall of this market intelligence is not clear to me, considering the amount of noise in vertical social communities like Sermo and Konsylium24.pl and open social media like Facebook, Twitter and LinkedIn.

What is clear to me – is that there are data security and privacy implications when the community operator data-mines user-generated content for profit.  As a concrete example – a recent thread on Konsylium24.pl went something like this:

Doctor Number 1:

You know – Professor X is the KOL (key opinion leader) for company Y’s drug Z.  He says that drug Z is extremely effective for treating the indications of infectious disease Alpha.

Doctor Number 2:

Of course – Professor X is an acknowledged expert on infectious diseases, but he is also an expert on cash and knows how to do the math and add up the numbers…

I asked my client – “and for this kind of data, your parents sent you to medical school?

This took me back to the days of Firefly, Alexa, Hotbar and use of personal information as currency – collected with “collaborative filtering” and “automated inference” from people browsing the web.

Web 2.0 and social media seems to be going through a similar evolution as Web 1.0 – trying to monetize content by  data aggregation and analysis using “collaborative filtering” techniques.  This may have been a sexy looking business model for Venture Capitalists during the dot.com era, but in 2009 (5 years after Sermo.com launched) and a few months after their well-publicized breakup with the AMA; automated inference, knowledge prostitution and aggregated voyeurism may be  yielding to direct communications between people in B2B communities, social and professional networks.

Why peep through a window when you can just knock on the front door and ask?

Don’t ask me why, but I was invited (and joined) the Pakistan Networkers group on LinkedIn.  I see all kinds of cool job opportunities in the Emirates which I can’t really take but the traffic is interesting.

I saw this picture in a post today from the Pakistan Networkers group. It graphically describes the complexity of ObamaCare:  the Obama health care reform bill.   I then sat down and started to learn more about this proposed solution to the US health care system that will cost over a trillion dollars in the next 10 years.

The Obama Health plan and the problems the administration is currently facing getting it through Congress is second page news here in Israel (front pages this weekend in Israeli papers are how Obama and Rahm are throwing their weight around and dictating to the Jews where they can live and not live….)

I started reading about the House Tri-committee Health Care bill and my eyes started popping at the cost and complexity of the proposal. I then read the response of the Mayo Clinic – Mayo Clinic’s reaction to House Tri-Committee bill and I finally realized that just like in Cyber Security and data loss prevention – the Obama administration is more interested in compliance and big government than customers and health, safety and security.

I’ve been arguing for basing data security product purchasing decisions on value at risk and cost-effectiveness of the DLP product in reducing the value at risk of a data breach. Therefore, it is  obvious to me that the notion of a value-based decision is an important cornerstone in redefining health care – see a discussion on pay for value in health care in the open letter to congress

Product counterfeiting ranges from fashion, such as Dolce & Gabbana handbags,  high performance bike frames such as Specialized Bikes to faking innovative drugs such as Viagra.

The Israeli onlline business daily “The Marker” recently ran an item on drug counterfeiting,  pegging the volume of drug counterfeiting in Israel at 80-100 million sheqels/year.  The source for the number is the Israeli Ministry of Health, the World Health Organization and an  organisation called “The Center for Pharmaceutical Security” (המכון לביטחון פרמצבטי)  I could not find any reference to this organization online – but from the name it sounds like a pharmaceutical industry lobby.

The core issue is public health and safety. This is why I personally believe that anti-counterfeiting supply chain initiatives such as ePedigree are well-intentioned but ineffective countermeasures to this threat.  I believe that the interest of public health and safety (you can be killed on a defective road bike frame…) requires involving consumers at the point of sale.

Israeli MK Plessner is sponsoring a supply-chain anti-counterfeiting law that would make pharmacists policemen responsible for enforcement.  It is a misdirected and stupid idea. It will not contribute to public health – since most of the counterfeiting is not OTC in a Superpharm  but online – drugs like Viagra and Cialis and certain anti-cancer drugs  are all sold over the Internet.

1) The numbers from the WHO and other organizations like OEC are inflated and based on  naive calculations of 7% of world pharma manufacturing.  I would be careful estimating pharmaceutical counterfeiting damage based on top-down revenue calculations – I would be much more impressed with even small samples based on damage to end-users caused by counterfeit products.

2) In many cases – vendors don’t object to counterfeiting since it may not directly impact their sales or even increase their sales from the free publicity.  Consider the case of fake DG handbags you can get in NYC on the street for $10. This does not diminish the threat to public health from fake drugs since people can die from a fake version of Viagra.
3) Supply chain compliance is the way the industry is going – if you look at the California ePedigree law.  However – like most American laws – the issue is not prevention and public safety but compliance to government regulation. From conversations with pharmaceutical manufacturers – I believe that they as a rule are more concerned with compliance than prevention and will implement ePedigree to some degree or another in order to comply with California law.

3) There is a simple and practical method of preventing pharma counterfeiting at the point of sale – using a unique bottle number that a consumer can call in to a central database and get a quick readout on his cell phone if the product is genuine or not

Read more on my post Threat modeling for the pharmaceutical Industry

Talking with clients we stress threat modeling and analysis and doing quantitative risk analysis but I believe that psychology may be more important than the technology. This is for several reasons:

• Preventing data breach events is an admission of weakness. Data loss is caused by an attack launched from inside the company (whether by a trusted insider, business partner or malicious hacker). attacks that exploit internal vulnerabilities like the new Sharepoint server that the marketing team installed last week without consulting with the IT security team.  Who wants to spend  money on something when the first step is admitting that you’re vulnerable and that your existing security systems, policies and procedures do not meet business requirements?
• The need for instant gratification. Need to keep food fresh? – buy a fridge, Want music, voice, SMS, Web and mail? – buy an iPhone, Want IT security – buy a UTM appliance from Checkpoint or Cisco, want a CRM system – get salesforce.com, need a new enterprise software system – outsource to India. This is related to two other needs I think:
• The need to keep things simple and
• The need to walk on the safe side, not on the wild side.   Who wants to spend 6 figures on a DLP solution that requires a risk assessment from someone who isn’t your accountant,  a complex policy implementation by people who need to learn your business, integration with internal procedures and processes with employees who could care less, and buyin from a CEO who is scrappling for survival with the board during the biggest financial crisis in 80 years?

I will talk about how to sell DLP through the psychology and not the technology in an upcoming post. Stay tuned.

What is surprising is that a lot of people seem to think it’s just a question of time before pharmaceutical companies like GSK get into social media.  I claim that a fashion trend doesn’t make a business case. The buzz of social media and Twitter in 2009 reminds me of the buzz on virtual worlds in 2008.

There are 3 fundamental reasons why  consumer-side social media is not a good fit for pharmas and they all relate to how prescription drugs are sold:

Marketing: Pharmas are the last bastion of traditional door-to-door marketing using medical representatives to influence doctors to prescribe their products to end user patients. Excluding OTC (over the counter products), pharma customers are doctors not end users.

• Doctors like the attention of a face to face meeting, getting the free samples and invites to conferences from the rep
• You don’t have to verify that a virtual online persona is really a doctor before giving them a drug sample. Most doctors are not imposters in person.
• A rep can customize the message to a doctor and work hard on her quota -  aggressively marketing a drug by suggesting that a higher dosage or additional indications are possible (off label promotion).  This is not official policy and it’s normally done by industry experts who are not employed directly by the pharma but it’s still an option in a face to face meeting – for example suggesting to a dialysis center that they should stock up on EPO…
• I really didn’t want to say this, but sex sells.   Good looks are a big asset for a rep, until I write my Pheremone Facebook Application – a good looking female rep will win hands down over a blog any day of the week.

Regulatory – then there is the matter of food and drug safety and regulations against off-label marketing.  Marketing materials used by a medical representative are prepared and approved by the product manager, scientific and marketing staff and legal staff.   This highly controlled approach to content is  diametric to the wisdom of crowds and “user generated content” found in social media like Facebook or Twitter.

Doctors – doctors are far from a uniform community, specialists such as nephrologists are highly multi-disciplinary and may be interested in getting specific pharmacokinetic data whereas the pediatrician down the hall will have just enough time to take a free sample and hear about new pipeline.  Not every doctor has time to read New England Journal of Medicine in the evening after work but some doctors may be active teachers and researchers. A personal visit from a medical representative is not just the personal touch and break from a busy day of kids with runny noses – it’s also a way to customize the content to the doctor.

In summation – buzz is not enough.  It’s not a question of young doctors getting it and older doctors not getting it.  Specialists like cardiologists and endocrinologists  are as high-tech as it gets and family doctors are used to patients coming in with a (usually correct) self-diagnosis from Google.

There are many important applications of social software for a pharma. More about that in another post.

Pharmas don’t do social networking – but they know how a bit about Web marketing. Even notoriety is publicity – I think the saying goes.

“Pharma still fears social networking” -Pharmaceutical (as well as medical device) companies lag far behind other industries in the adoption of “Web 2.0″ technologies like social networking, blogs, wikis, podcast and RSS.

or for example, this item on the KillerStartups.com web site, obviously posted to draw traffic in search engines – since Sanofi-Aventis is a shall we say, somewhat more popular search phrase than KillerStartups.com

One of the top 5 largest pharmaceutical companies in the world. Sanofi Aventis portfolio includes research and development and manufacturing of new medications. They cover 7 major therapeutically areas: cardio, thrombosis, oncology, diabetes, CNS, internal medicine and vaccines. The site has loads of information concerning the company such as: Press releases, material targeted to draw the attention of possible investors, access to the Research and development section where you can learn about the newest medications as well as their future plans and their clinical trails plus guests can apply for the different clinical research experiments.

On the other hand – it’s really easy to try out social media and see if you get traction. The energy barrier is so low and the leverage on Youtube is so high, it’s an irresistible force moving a very heavy object:

Sanofi Aventis and AstraZeneca Launch YouTube Sites – Social media has been a buzzword in the pharmaceutical industry for the past few years (see ePharma Summit), but few companies have crossed the line into the world of social networking or conducting two-way conversations with patients online.

The Sanofi channel is part of its integrated GoInsulin campaign, an unbranded health education program designed to give people more information about diabetes and serve as a launching pad to the Sanofi homepage. It features an array of patient videos and a link to an off-site, online game that separates the myths about insulin from reality. The channel has no branded drug material, but lists the company’s name below the top banner.

Although social media like Twitter is dominantly about personal opinions and experiences, social software such as blogs, micro-blogs and file sharing have important collaborative applications.

For example – like how to integrate all the information and care of a patient with multiple issues and care-givers (a typical MSA patient will have a GP, neurologist, speech therapist, physiotherapist, nutritionist and primary care giver at home who is usually the  husband or wife of the patient with problems of their own. Speaking before a conference of the Case Management Society of America in October 2007, Tim Rothwell from Sanofi Aventis discussed their commitment to help resolve problems of collaborative care

The issues and challenges of poor transitions of care, said Rothwell, are critically important to him personally and to Sanofi-Aventis as a company. ‘The problem, of course, is a healthcare system that, for many – particularly those who get bounced around within it – is fragmented and sometimes even frightening,’ Rothwell observed. ‘For those who have family members or friends who have experienced repeated encounters with the healthcare system, the only consistent thing they believe it delivers is confusion and, sometimes, flawed outcomes.’

Current sales indicators of how many face to face visits a rep made are not going to cut it anymore. The question is – what next?