ABSTRACT
In order to protect the privacy of participating patients in multicentric genetic research projects and to improve the working conditions for researchers in such projects a data protection framework needs to be installed. In the first place, all genetic data processed in the project has to be pseudonymized. In addition to that, contracts have to be concluded between the project and each project partner to guarantee that genetic data are used only within the project and that each partner complies with data security standards. Furthermore, a central data protection authority has to be installed in the project to control the partners' compliance with these contracts and to serve as a central contact point for participants. If these conditions are fulfilled, only (de facto) anonymous data are used in the project, so that data protection legislation is not directly applicable. Second, each participant has to sign a special consent form for ethical reasons and as a fallback solution if the pseudonymization of the genetic data fails. With this safety net it is possible to protect the participants' privacy and to improve the working conditions for researchers.
Subject(s)
Computer Security , HumansABSTRACT
The paper proposes a data protection framework for trans-European medical research projects, which is based on a technical security infrastructure as well as on organizational measures and contractual obligations. It mainly relies on pseudonymization, an internal Data Protection Authority and on a Trusted Third Party. The outcome is an environment that combines both good research conditions and an extensive protection of patients' privacy.