ABSTRACT
Background: Registries and data sources contain information that can be used on an ongoing basis to improve quality of care and outcomes of people with diabetes. As a specific task of the EU Bridge Health project, we carried out a survey of diabetes-related data sources in Europe. Objectives: We aimed to report on the organization of different sources of diabetes information, including their governance, information infrastructure and dissemination strategies for quality control, service planning, public health, policy and research. Methods: Survey using a structured questionnaire to collect targeted data from a network of collaborating institutions managing registries and data sources in 17 countries in the year 2017. Results: The 18 data sources participating in the study were most frequently academic centres (44.4%), national (72.2%), targeting all types of diabetes (61.1%) covering no more than 10% of the target population (44.4%). Although population-based in over a quarter of cases (27.8%), sources relied predominantly on provider-based datasets (38.5%), fewer using administrative data (16.6%). Data collection was continuous in the majority of cases (61.1%), but 50% could not perform data linkage. Public reports were more frequent (72.2%) as well as quality reports (77.8%), but one third did not provide feedback to policy and only half published ten or more peer reviewed papers during the last 5 years. Conclusions: The heterogeneous implementation of diabetes registries and data sources hampers the comparability of quality and outcomes across Europe. Best practices exist but need to be shared more effectively to accelerate progress and deliver equitable results for people with diabetes.
ABSTRACT
BACKGROUND: Data processing of health research databases often requires a Data Protection Impact Assessment to evaluate the severity of the risk and the appropriateness of measures taken to comply with the European Union (EU) General Data Protection Regulation (GDPR). We aimed to define and apply a comprehensive method for the evaluation of privacy, data governance and ethics among research networks involved in the EU Project Bridge Health. METHODS: Computerised survey among associated partners of main EU Consortia, using a targeted instrument designed by the principal investigator and progressively refined in collaboration with an international advisory panel. Descriptive measures using the percentage of adoption of privacy, data governance and ethical principles as main endpoints were used for the analysis and interpretation of the results. RESULTS: A total of 15 centres provided relevant information on the processing of sensitive data from 10 European countries. Major areas of concern were noted for: data linkage (median, range of adoption: 45%, 30%-80%), access and accuracy of personal data (50%, 0%-100%) and anonymisation procedures (56%, 11%-100%). A high variability was noted in the application of privacy principles. CONCLUSIONS: A comprehensive methodology of Privacy and Ethics Impact and Performance Assessment was successfully applied at international level. The method can help implementing the GDPR and expanding the scope of Data Protection Impact Assessment, so that the public benefit of the secondary use of health data could be well balanced with the respect of personal privacy.
ABSTRACT
BACKGROUND: The use of health data for public health, surveillance, quality improvement and research is crucial to improve health systems and health care. However, bodies responsible for privacy and ethics often limit access to routinely collected health data. Ethical approvals, issues around protecting privacy and data access are often dealt with by different layers of regulations, making approval processes appear disjointed. OBJECTIVE: To create a comprehensive framework for defining the ethical and privacy status of a project and for providing guidance on data access. METHOD: The framework comprises principles and related questions. The core of the framework will be built using standard terminology definitions such as ethics-related controlled vocabularies and regional directives. It is built in this way to reduce ambiguity between different definitions. The framework is extensible: principles can be retired or added to, as can their related questions. Responses to these questions should allow data processors to define ethical issues, privacy risk and other unintended consequences. RESULTS: The framework contains three steps: (1) identifying possible ethical and privacy principles relevant to the project; (2) providing ethics and privacy guidance questions that inform the type of approval needed; and (3) assessing case-specific ethics and privacy issues. The outputs from this process should inform whether the balance between public interests and privacy breach and any ethical considerations are tipped in favour of societal benefits. If they are then this should be the basis on which data access is permitted. Tightly linking ethical principles to governance and data access may help maintain public trust.
Subject(s)
Access to Information , Biomedical Research/ethics , Confidentiality , Data Collection/ethics , Quality Improvement , Biomedical Research/methods , Humans , Public HealthABSTRACT
Sharing health and social care data is essential to the delivery of high quality health care as well as disease surveillance, public health, and for conducting research. However, these societal benefits may be constrained by privacy and data protection principles. Hence, societies are striving to find a balance between the two competing public interests. Whilst the spread of IT advancements in recent decades has increased the demand for an increased privacy and data protection in many ways health is a special case. UK are adopting guidelines, codes of conduct and regulatory instruments aimed to implement privacy principles into practical settings and enhance public trust. Accordingly, in 2015, the UK National Data Guardian (NDG) requested to conduct a further review of data protection, referred to as Caldicott 3. The scope of this review is to strengthen data security standards and confidentiality. It also proposes a consent system based on an "opt-out" model rather than on "opt-in.Across Europe as well as internationally the privacy-health data sharing balance is not fixed. In Europe enactment of the new EU Data Protection Regulation in 2016 constitute a major breakthrough, which is likely to have a profound effect on European countries and beyond. In Australia and across North America different ways are being sought to balance out these twin requirements of a modern society - to preserve privacy alongside affording high quality health care for an ageing population. Whilst in the UK privacy legal framework remains complex and fragmented into different layers of legislation, which may negatively impact on both the rights to privacy and health the UK is at the forefront in the uptake of international and EU privacy and data protection principles. And, if the privacy regime were reorganised in a more comprehensive manner, it could be used as a sound implementation model for other countries.
Subject(s)
Computer Security , Confidentiality , Electronic Health Records , Medical Records Systems, Computerized/ethics , Privacy , Humans , United KingdomABSTRACT
BACKGROUND: The EUBIROD project aims to perform a cross-border flow of diabetes information across 19 European countries using the BIRO information system, which embeds privacy principles and data protection mechanisms in its architecture (privacy by design). A specific task of EUBIROD was to investigate the variability in the implementation of the EU Data Protection Directive (DPD) across participating centres. METHODS: Compliance with privacy requirements was assessed by means of a specific questionnaire administered to all participating diabetes registers. Items included relevant issues e.g. patient consent, accountability of data custodian, communication (openness) and complaint procedures (challenging compliance), authority to disclose, accuracy, access and use of personal information, and anonymization. The identification of an ad hoc scoring system and statistical software allowed an overall quali-quantitative analysis and independent evaluation of questionnaire responses, automated through a dedicated IT platform ('privacy performance assessment'). RESULTS: A total of 18 diabetes registers from different countries completed the survey. Over 50% of the registers recorded a maximum score for accountability, openness, anonymization and challenging compliance. Low average values were found for disclosure and disposition, access, consent, use of personal information and accuracy. A high heterogeneity was found for anonymization, consent, accuracy and access. CONCLUSIONS: The novel method of privacy performance assessment realized in EUBIROD may improve the respect of privacy in each data source, reduce overall variability in the implementation of privacy principles and favour a sound and legitimate cross-border exchange of high quality data across Europe.
