ABSTRACT
It is a common misunderstanding of current European data protection law that when consent is not being used as lawful basis, the processing of personal data is prohibited. Article 9(2)(j) of the European General Data Protection Regulation (GDPR) permits Member States to establish a legal basis in national law that allows for the processing of personal data for scientific research purposes without consent. However, the European legislator has formulated this "research exemption" as an opening clause, rendering the GDPR not specific as to what measures exactly are required to comply with the research exemption. This may have significant implications for both the protection of personal data and the advancement of data-intensive health research. We performed a systematic review of relevant soft law instruments and academic literature to identify what measures are mentioned in those documents. Our analysis resulted in the identification of four overarching themes of suggested measures: organizational measures; technical measures; oversight and review mechanisms; and public engagement and participation. Some of the suggested measures do not substantially contribute to the clarification of the GDPR's "suitable and specific measures" requirement because they remain vague or broad in nature and encompass all types of data processing. However, the themes oversight and review mechanisms and public engagement and participation provide valuable insights which can be put to practice. Nevertheless, further clarification of the measures and safeguards that should be installed when invoking the research exemption remains necessary.
Subject(s)
Computer Security , Informed Consent , HumansABSTRACT
Sharing individual patient data (IPD) is a simple concept but complex to achieve due to data privacy and data security concerns, underdeveloped guidelines, and legal barriers. Sharing IPD is additionally difficult in big data-driven collaborations such as Bigdata@Heart in the Innovative Medicines Initiative, due to competing interests between diverse consortium members. One project within BigData@Heart, case study 1, needed to pool data from seven heterogeneous data sets: five randomized controlled trials from three different industry partners, and two disease registries. Sharing IPD was not considered feasible due to legal requirements and the sensitive medical nature of these data. In addition, harmonizing the data sets for a federated data analysis was difficult due to capacity constraints and the heterogeneity of the data sets. An alternative option was to share summary statistics through contingency tables. Here it is demonstrated that this method along with anonymization methods to ensure patient anonymity had minimal loss of information. Although sharing IPD should continue to be encouraged and strived for, our approach achieved a good balance between data transparency while protecting patient privacy. It also allowed a successful collaboration between industry and academia.
Subject(s)
Big Data , Confidentiality , Humans , Computer Security , PrivacyABSTRACT
Dynamic consent forms a comprehensive, tailored approach for interacting with research participants. We conducted a survey study to inquire how research participants evaluate the elements of consent, information provision, communication and return of results within dynamic consent in a hypothetical health data reuse scenario. We distributed a digital questionnaire among a purposive sample of patient panel members. Data were analysed using descriptive and nonparametric inferential statistics. Respondents favoured the potential to manage changing consent preferences over time. There was much agreement between people favouring closer and more specific control over data reuse approval and those in favour of broader approval, facilitated by an opt-out system or an independent data reuse committee. People want to receive more information about reuse, outcomes and return of results. Respondents supported an interactive model of research participation, welcoming regular, diverse and interactive forms of communication, like a digital communication platform. Approval for reuse and providing meaningful information, including meaningful return of results, are intricately related to facilitating better communication. Respondents favoured return of actionable research results. These findings emphasize the potential of dynamic consent for enabling participants to maintain control over how their data are being used for which purposes by whom. Allowing different options to shape a dynamic consent interface in health data reuse in a personalized manner is pivotal to accommodate plurality in a flexible though robust manner. Interaction via dynamic consent enables participants to tailor the elements of participation they deem relevant to their own preferences, engaging diverse perspectives, interests and preferences.
ABSTRACT
Introduction: Data linkage for health research purposes enables the answering of countless new research questions, is said to be cost effective and less intrusive than other means of data collection. Nevertheless, health researchers are currently dealing with a complicated, fragmented, and inconsistent regulatory landscape with regard to the processing of data, and progress in health research is hindered. Aim: We designed a qualitative study to assess what different stakeholders perceive as ethical and legal obstacles to data linkage for health research purposes, and how these obstacles could be overcome. Methods: Two focus groups and eighteen semi-structured in-depth interviews were held to collect opinions and insights of various stakeholders. An inductive thematic analysis approach was used to identify overarching themes. Results: This study showed that the ambiguity regarding the 'correct' interpretation of the law, the fragmentation of policies governing the processing of personal health data, and the demandingness of legal requirements are experienced as causes for the impediment of data linkage for research purposes by the participating stakeholders. To remove or reduce these obstacles authoritative interpretations of the laws and regulations governing data linkage should be issued. The participants furthermore encouraged the harmonisation of data linkage policies, as well as promoting trust and transparency and the enhancement of technical and organisational measures. Lastly, there is a demand for legislative and regulatory modifications amongst the participants. Conclusions: To overcome the obstacles in data linkage for scientific research purposes, perhaps we should shift the focus from adapting the current laws and regulations governing data linkage, or even designing completely new laws, towards creating a more thorough understanding of the law and making better use of the flexibilities within the existing legislation. Important steps in achieving this shift could be clarification of the legal provisions governing data linkage by issuing authoritative interpretations, as well as the strengthening of ethical-legal oversight bodies.
ABSTRACT
BACKGROUND: Patients and publics are generally positive about data-intensive health research. However, conditions need to be fulfilled for their support. Ensuring confidentiality, security, and privacy of patients' health data is pivotal. Patients and publics have concerns about secondary use of data by commercial parties and the risk of data misuse, reasons for which they favor personal control of their data. Yet, the potential of public benefit highlights the potential of building trust to attenuate these perceptions of harm and risk. Nevertheless, empirical evidence on how conditions for support of data-intensive health research can be operationalized to that end remains scant. OBJECTIVE: This study aims to inform efforts to design governance frameworks for data-intensive health research, by gaining insight into the preferences of patients and publics for governance policies and measures. METHODS: We distributed a digital questionnaire among a purposive sample of patients and publics. Data were analyzed using descriptive statistics and nonparametric inferential statistics to compare group differences and explore associations between policy preferences. RESULTS: Study participants (N=987) strongly favored sharing their health data for scientific health research. Personal decision-making about which research projects health data are shared with (346/980, 35.3%), which researchers/organizations can have access (380/978, 38.9%), and the provision of information (458/981, 46.7%) were found highly important. Health data-sharing policies strengthening direct personal control, like being able to decide under which conditions health data are shared (538/969, 55.5%), were found highly important. Policies strengthening collective governance, like reliability checks (805/967, 83.2%) and security safeguards (787/976, 80.6%), were also found highly important. Further analysis revealed that participants willing to share health data, to a lesser extent, demanded policies strengthening direct personal control than participants who were reluctant to share health data. This was the case for the option to have health data deleted at any time (P<.001) and the ability to decide the conditions under which health data can be shared (P<.001). Overall, policies and measures enforcing conditions for support at the collective level of governance, like having an independent committee to evaluate requests for access to health data (P=.02), were most strongly favored. This also applied to participants who explicitly stressed that it was important to be able to decide the conditions under which health data can be shared, for instance, whether sanctions on data misuse are in place (P=.03). CONCLUSIONS: This study revealed that both a positive attitude toward health data sharing and demand for personal decision-making abilities were associated with policies and measures strengthening control at the collective level of governance. We recommend pursuing the development of this type of governance policy. More importantly, further study is required to understand how governance policies and measures can contribute to the trustworthiness of data-intensive health research.
ABSTRACT
BACKGROUND: One of the primary aims of medical disciplinary law is to improve the quality of care. However, the decisions of disciplinary tribunals are not sufficiently analysed to identify the learning elements. AIM: This study aimed to investigate the frequency and nature of complaints for the specialty neurology which were upheld by the disciplinary tribunals and to learn from disciplinary law through an analysis of which factors contributed to complaints being upheld. DESIGN: This is a retrospective, observational study. METHODS: All upheld complaints in the field of neurology were collected for the period of January 1, 2010, to January 1, 2020. A qualitative analysis of the decisions was conducted using the usual characteristics set out by disciplinary tribunals in their annual reports. The relevant factors which potentially played a role in the complaint being upheld were identified for more detailed analysis. RESULTS: In the 10-year period, a complaint was submitted to the disciplinary tribunals against 299 neurologists. Forty-four complaints were upheld (15%). The most common sanction was a warning (70%). A large majority of cases were directly related to patient care, such as decisions about the patient's diagnosis and the treatment. Recordkeeping (50%), interpretation and discussion of imaging (30%), and involvement of several consultants of one or more specialties (34%) frequently played a role in the successful complaints. CONCLUSION: Medical disciplinary cases in the field of neurology are usually about diagnosis- and treatment-related aspects. Recordkeeping, interpretation of neuroimaging, and involvement of several consultants frequently play a role in a complaint being upheld. It is important that specialties evaluate disciplinary decisions on a structural and continuous basis.
Subject(s)
Malpractice , Neurology , Humans , Neurologists , Quality of Health Care , Retrospective StudiesABSTRACT
INTRODUCTION: International sharing of health data opens the door to the study of the so-called 'Big Data', which holds great promise for improving patient-centred care. Failure of recent data sharing initiatives indicates an urgent need to invest in societal trust in researchers and institutions. Key to an informed understanding of such a 'social license' is identifying the views patients and the public may hold with regard to data sharing for health research. METHODS: We performed a narrative review of the empirical evidence addressing patients' and public views and attitudes towards the use of health data for research purposes. The literature databases PubMed (MEDLINE), Embase, Scopus and Google Scholar were searched in April 2019 to identify relevant publications. Patients' and public attitudes were extracted from selected references and thematically categorised. RESULTS: Twenty-seven papers were included for review, including both qualitative and quantitative studies and systematic reviews. Results suggest widespread-though conditional-support among patients and the public for data sharing for health research. Despite the fact that participants recognise actual or potential benefits of data research, they expressed concerns about breaches of confidentiality and potential abuses of the data. Studies showed agreement on the following conditions: value, privacy, risk minimisation, data security, transparency, control, information, trust, responsibility and accountability. CONCLUSIONS: Our results indicate that a social license for data-intensive health research cannot simply be presumed. To strengthen the social license, identified conditions ought to be operationalised in a governance framework that incorporates the diverse patient and public values, needs and interests.
Subject(s)
Confidentiality , Privacy , Attitude , Humans , Information Dissemination , TrustABSTRACT
BACKGROUND: The rise of Big Data-driven health research challenges the assumed contribution of medical research to the public good, raising questions about whether the status of such research as a common good should be taken for granted, and how public trust can be preserved. Scandals arising out of sharing data during medical research have pointed out that going beyond the requirements of law may be necessary for sustaining trust in data-intensive health research. We propose building upon the use of a social licence for achieving such ethical governance. MAIN TEXT: We performed a narrative review of the social licence as presented in the biomedical literature. We used a systematic search and selection process, followed by a critical conceptual analysis. The systematic search resulted in nine publications. Our conceptual analysis aims to clarify how societal permission can be granted to health research projects which rely upon the reuse and/or linkage of health data. These activities may be morally demanding. For these types of activities, a moral legitimation, beyond the limits of law, may need to be sought in order to preserve trust. Our analysis indicates that a social licence encourages us to recognise a broad range of stakeholder interests and perspectives in data-intensive health research. This is especially true for patients contributing data. Incorporating such a practice paves the way towards an ethical governance, based upon trust. Public engagement that involves patients from the start is called for to strengthen this social licence. CONCLUSIONS: There are several merits to using the concept of social licence as a guideline for ethical governance. Firstly, it fits the novel scale of data-related risks; secondly, it focuses attention on trustworthiness; and finally, it offers co-creation as a way forward. Greater trust can be achieved in the governance of data-intensive health research by highlighting strategic dialogue with both patients contributing the data, and the public in general. This should ultimately contribute to a more ethical practice of governance.
Subject(s)
Biomedical Research , Trust , Big Data , Humans , Social JusticeABSTRACT
BACKGROUND: Large-scale linkage of international clinical datasets could lead to unique insights into disease aetiology and facilitate treatment evaluation and drug development. Hereto, multi-stakeholder consortia are currently designing several disease-specific translational research platforms to enable international health data sharing. Despite the recent adoption of the EU General Data Protection Regulation (GDPR), the procedures for how to govern responsible data sharing in such projects are not at all spelled out yet. In search of a first, basic outline of an ethical governance framework, we set out to explore relevant ethical principles and norms. METHODS: We performed a systematic review of literature and ethical guidelines for principles and norms pertaining to data sharing for international health research. RESULTS: We observed an abundance of principles and norms with considerable convergence at the aggregate level of four overarching themes: societal benefits and value; distribution of risks, benefits and burdens; respect for individuals and groups; and public trust and engagement. However, at the level of principles and norms we identified substantial variation in the phrasing and level of detail, the number and content of norms considered necessary to protect a principle, and the contextual approaches in which principles and norms are used. CONCLUSIONS: While providing some helpful leads for further work on a coherent governance framework for data sharing, the current collection of principles and norms prompts important questions about how to streamline terminology regarding de-identification and how to harmonise the identified principles and norms into a coherent governance framework that promotes data sharing while securing public trust.
Subject(s)
Biomedical Research/ethics , Data Collection/ethics , Guideline Adherence/ethics , Information Dissemination/ethics , Informed Consent/ethics , Bioethical Issues , Confidentiality , Humans , Moral ObligationsABSTRACT
More and more hospitals are opening patient portals, which enable patients to view their medical records online. Some hospitals take it one step further and offer patients real-time access. The right to digital access to data, either locally or at a distance, will be established in the course of the next few years in new European General Data Protection Regulation and in the Netherlands 'law for supplementary conditions for processing personal data in the care sector' ('Wet aanvullende bepalingen verwerking persoonsgegevens in de zorg'). These developments give relevancy to the question whether real-time access to medical records is desirable for good care provision. There are pros and cons to real-time access. Many of the pros also apply when access is provided after a short buffer period and more research, particularly into potential damaging consequences, is desirable. When all aspects are taken into consideration, a system of real-time access can be in conflict with good care provision in certain situations, for instance, if it is not possible to set up a buffer period.
Subject(s)
Access to Information , Electronic Health Records , Patient Portals , Quality Assurance, Health Care , Access to Information/legislation & jurisprudence , Electronic Health Records/legislation & jurisprudence , Humans , Netherlands , Patient Portals/legislation & jurisprudence , Quality Assurance, Health Care/legislation & jurisprudence , Risk FactorsABSTRACT
Medical research is increasingly becoming data-intensive; sensitive data are being re-used, linked and analysed on an unprecedented scale. The current EU data protection law reform has led to an intense debate about its potential effect on this processing of data in medical research. To contribute to this evolving debate, this paper reviews how the dominant 'consent or anonymise approach' is challenged in a data-intensive medical research context, and discusses possible ways forwards within the EU legal framework on data protection. A large part of the debate in literature focuses on the acceptability of adapting consent or anonymisation mechanisms to overcome the challenges within these approaches. We however believe that the search for ways forward within the consent or anonymise paradigm will become increasingly difficult. Therefore, we underline the necessity of an appropriate research exemption from consent for the use of sensitive personal data in medical research to take account of all legitimate interests. The appropriate conditions of such a research exemption are however subject to debate, and we expect that there will be minimal harmonisation of these conditions in the forthcoming EU Data Protection Regulation. Further deliberation is required to determine when a shift away from consent as a legal basis is necessary and proportional in a data-intensive medical research context, and what safeguards should be put in place when such a research exemption from consent is provided.
Subject(s)
Biomedical Research/legislation & jurisprudence , Data Anonymization/legislation & jurisprudence , Databases as Topic/legislation & jurisprudence , European Union , HumansABSTRACT
Data and sample sharing constitute a scientific and ethical imperative but need to be conducted in a responsible manner in order to protect individual interests as well as maintain public trust. In 2014, the Global Alliance for Genomics and Health (GA4GH) adopted a common Framework for Responsible Sharing of Genomic and Health-Related Data. The GA4GH Framework is applicable to data sharing in the stem cell field, however, interpretation is required so as to provide guidance for this specific context. In this paper, the International Stem Cell Forum Ethics Working Party discusses those principles that are specific to translational stem cell science, including engagement, data quality and safety, privacy, security and confidentiality, risk-benefit analysis and sustainability.
