Speaker
Dr
Wolfgang Kuchinke
(Heinrich-Heine University Duesseldorf)
Description
Increasing amounts of data is exchanged, processed and stored in medical research, linking healthcare registers, genetic and cancer databases, and clinical study databases with biobank repositories, imaging repositories and other data sources. But the legal and ethical implications of such far-reaching data access and data merging are often only taken insufficiently into consideration. Privacy protection has become a fundamental requirement for research with medical and also with genetic and genomic data, which have the inherent potential to be identifying. Any project involving access to patient data and the merging of phenotypic data with genomic and physiognomic data requires frameworks that can guarantee data privacy and confidentiality. Confronted with this situation, researchers tend to decide for the most stringent and confining solutions to protect data privacy often suffocating free research. Thus, for the TRANSFoRm project (http://www.transformproject.eu), which will implement a user centered platform for the integration of Primary Care clinical and research activities, we developed a privacy framework, that was designed to be flexible enough to satisfy the different privacy needs of heterogeneous data flows in pan-European projects involving access and exchange of clinical, care and research data. This privacy framework is generic enough to be used for all kinds of research, but especially large projects with data flows that include the potential for identification of patients. Data privacy profiles of different stringencies were created, and transcribed into a zone model consisting of a data source zone (care zone), a non-care zone and a research zone that describe areas of different degrees of privacy protection needs. Because it turned out that especially in pan-European projects three zones are insufficient, subzones within the main zones were defined, considering the fact that databases in different countries often operate under different rules and regulations. Privacy filters and data linkers operate between zones and sub-zones modifying the flow of data from the data source zone to the research zone. Only when this flow is possible according to policies and regulations to be applied, data can be transferred from a zone with high or medium privacy risk to a zone with low risk, enabling the research intended. Major functions of these filters are anonymisation, pseudonymisation, coding and data aggregation. In addition, data linkers allow the linkage of data bases within or between zones / subzones. The zone model allows to visualise and prepare privacy protected workflows for complex research projects with the aim to enable research with anonymised data.