The journey of research data: Accessing nordic health data for the purposes of developing an algorithm

2021 ◽  
pp. 096853322110461
Author(s):  
Katharina Ó Cathaoir ◽  
Hrefna Dögg Gunnarsdóttir ◽  
Mette Hartlev
Keyword(s):  
Data Protection ◽  
Data Access ◽  
Ethics Committees ◽  
Health Data ◽  
Data Sets ◽  
Domestic Institutions ◽  
General Data Protection Regulation ◽  
Secondary Use ◽  
General Data ◽  
Access Data

This article traces the journey of Nordic health data requested for developing a healthcare algorithm. We focus on the legal requirements and highlight that differences in the legislation of Denmark, Norway and Iceland, and the interpretation thereof by responsible bodies, can pose a barrier for scientific researchers. In addition, non-legal institutional requirements or practices may hamper data access. First, despite some European harmonization, the mandate of research ethics committees and the data protection authorities vary in the three countries. Second, domestic institutions impose tailored requirements, sometimes only allowing domestic or affiliated researchers to access data sets. Third, the manner in which a dataset is collected, catalogued and stored has implications for data access. We make several recommendations for increasing transparency in Nordic data access, such as, increasing knowledge sharing regarding interpretation of General Data Protection Regulation (GDPR) criteria, adopting clearer regulations and pursuing greater citizen engagement in secondary use of health data.

Building trust and transparency? Challenges of the opt-out system and the secondary use of health data in England

2019 ◽  
Vol 19 (2-3) ◽  
pp. 159-181 ◽  
Author(s):  
Janos Meszaros ◽  
Chih-hsing Ho
Keyword(s):  
United Kingdom ◽  
Data Protection ◽  
Health Data ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Secondary Use ◽  
Building Trust ◽  
The United Kingdom ◽  
Opt Out ◽  
General Data

After the failure of the care.data programme, a revised opt-out system has been introduced for British citizens to protect their health data from 2018. However, there are several exemptions from the previous and the revised opt-out systems, some of which are overly broad. For instance, the opt-outs may be completely ignored in the case of ‘anonymised’ data. The data protection terminology in the United Kingdom is slightly different from that in the European Union, and the key issue is that the terms are not used consistently, even in the most important documents and guidelines. This situation may lead to a weak opt-out system with transparency issues, which might erode public trust and lead to a repeat of the care.data failure. Furthermore, the United Kingdom intends to comply with the General Data Protection Regulation after Brexit, thus these differences may cause compatibility issues in the future.

Regulatory Challenges of Data Mining Practices: The Case of the Never-ending Lifecycles of ‘Health Data’

2018 ◽  
Vol 25 (3) ◽  
pp. 284-307
Author(s):  
Giovanni Comandè ◽  
Giulia Schneider
Keyword(s):  
Data Mining ◽  
Data Protection ◽  
Personal Data ◽  
Health Data ◽  
General Level ◽  
General Data Protection Regulation ◽  
The Face ◽  
General Data ◽  
Level Of Analysis

Abstract Health data are the most special of the ‘special categories’ of data under Art. 9 of the General Data Protection Regulation (GDPR). The same Art. 9 GDPR prohibits, with broad exceptions, the processing of ‘data concerning health’. Our thesis is that, through data mining technologies, health data have progressively undergone a process of distancing from the healthcare sphere as far as the generation, the processing and the uses are concerned. The case study aims thus to test the endurance of the ‘special category’ of health data in the face of data mining technologies and the never-ending lifecycles of health data they feed. At a more general level of analysis, the case of health data shows that data mining techniques challenge core data protection notions, such as the distinction between sensitive and non-sensitive personal data, requiring a shift in terms of systemic perspectives that the GDPR only partly addresses.

scholarly journals Datos relativos a la salud y datos genéticos: consecuencias jurídicas de su conceptualización / Health data and Genetic data: the legal consequences of their conceptualization

2018 ◽  
pp. 55-66
Author(s):  
Daniel Jove Villares
Keyword(s):  
Data Protection ◽  
Genetic Data ◽  
Health Data ◽  
General Data Protection Regulation ◽  
Related Information ◽  
Health Related ◽  
General Data ◽  
New Criteria ◽  
Legal Consequences ◽  
Scope Of Protection

Existen determinadas categorías de datos que, por sus características, requieren de un régimen más estricto, regulación que, en ocasiones está necesitada de concreción. El presente trabajo incide en la necesidad de repensar qué datos genéticos y qué informaciones relacionadas con la salud deben considerarse como sensibles, amén de proponer nuevos criterios para su delimitación. La clarificación de la esfera de protección de estas tipologías de datos se hace perentoria en aquellos ordenamientos en que se establezcan limitaciones adicionales para las categorías de datos que protagonizan este artículo. Situación que el Reglamento General de Protección de Datos de la Unión Europea habilita.   There are certain categories of data which, due to their characteristics, require a stricter regime, regulation which, at times, needs to be specified. This paper focuses on the need to rethink which genetic data and health-related information should be considered as sensitive and to propose new criteria for their delimitation. The clarification of the scope of protection of these types of data is urgently needed in those legal systems in which additional limitations are established for the categories of data covered by this article. Situation that the European Union's General Data Protection Regulation enables. 

Processing employees’ personal data during the Covid-19 pandemic

2020 ◽  
pp. 203195252097899
Author(s):  
Seili Suder
Keyword(s):  
Data Protection ◽  
Health And Safety ◽  
Personal Data ◽  
Health Data ◽  
Body Temperatures ◽  
National Data ◽  
Pragmatic Approach ◽  
General Data Protection Regulation ◽  
Nation States ◽  
General Data

While needing to ensure the health and safety of their employees during the Covid-19 pandemic, employers face many burning data protection questions, including under what conditions they can process employees’ personal data (in particular health data) and whether gathering personal data concerning employees’ medical history, trips and contacts with infected persons, is allowed. This article focuses on issues that are problematic, based on the analysis of guidance issued by the European Data Protection Board, as well as national data protection authorities and practitioners from 20 countries in response to these concerns. The first section of the article analyses concepts of personal data and health data in the context of Covid-19. Then the article proceeds with exploring what possible legal bases employers can use to process employees’ personal data in general, and health data in particular, under the General Data Protection Regulation when applying different measures to combat Covid-19. In the latter part of the article two practical questions raised by employers – concerning the checking of employees’ body temperatures and informing them of possible infection – are discussed. The analysis indicates that national data protection authorities seem to look for a reasonable and pragmatic approach regarding compliance with the GDPR in light of the Covid-19 emergency. However, their guidance differs in several areas and the views in between nation states are not always aligned. A more specific, clear and uniform pan-European vision concerning the processing of employees’ data in times of emergency is needed to better protect employees and limit the spread of the virus.

scholarly journals To What Extent Does the EU General Data Protection Regulation (GDPR) Apply to Citizen Scientist-Led Health Research with Mobile Devices?

2020 ◽  
Vol 48 (S1) ◽  
pp. 187-195
Author(s):  
Edward S. Dove ◽  
Jiahong Chen
Keyword(s):  
Mobile Devices ◽  
Data Protection ◽  
Health Research ◽  
Health Data ◽  
Specific Context ◽  
General Data Protection Regulation ◽  
Citizen Scientist ◽  
Open Questions ◽  
General Data ◽  
The Eu

In this article, we consider the possible application of the European General Data Protection Regulation (GDPR) to “citizen scientist”-led health research with mobile devices. We argue that the GDPR likely does cover this activity, depending on the specific context and the territorial scope. Remaining open questions that result from our analysis lead us to call for lex specialis that would provide greater clarity and certainty regarding the processing of health data by for research purposes, including these non-traditional researchers.

scholarly journals COVID-19: Putting the General Data Protection Regulation to the Test (Preprint)

2020 ◽  
Author(s):  
Stuart McLennan ◽  
Leo Anthony Celi ◽  
Alena Buyx
Keyword(s):  
Health Care ◽  
Data Protection ◽  
Health Research ◽  
Health Care Organizations ◽  
Digital Health ◽  
Health Data ◽  
Individual Risk ◽  
Risk Minimization ◽  
General Data Protection Regulation ◽  
General Data

UNSTRUCTURED The coronavirus disease (COVID-19) pandemic is very much a global health issue and requires collaborative, international health research efforts to address it. A valuable source of information for researchers is the large amount of digital health data that are continuously collected by electronic health record systems at health care organizations. The European Union’s General Data Protection Regulation (GDPR) will be the key legal framework with regard to using and sharing European digital health data for research purposes. However, concerns persist that the GDPR has made many organizations very risk-averse in terms of data sharing, even if the regulation permits such sharing. Health care organizations focusing on individual risk minimization threaten to undermine COVID-19 research efforts. In our opinion, there is an ethical obligation to use the research exemption clause of the GDPR during the COVID-19 pandemic to support global collaborative health research efforts. Solidarity is a European value, and here is a chance to exemplify it by using the GDPR regulatory framework in a way that does not hinder but actually fosters solidarity during the COVID-19 pandemic.

scholarly journals The Policy Effect of the General Data Protection Regulation (GDPR) on the Digital Public Health Sector in the European Union: An Empirical Investigation

2019 ◽  
Vol 16 (6) ◽  
pp. 1070 ◽  
Author(s):  
Bocong Yuan ◽  
Jiannan Li
Keyword(s):  
European Union ◽  
Financial Performance ◽  
Data Protection ◽  
Digital Health ◽  
Rapid Development ◽  
Health Data ◽  
Personal Health ◽  
The European Union ◽  
General Data Protection Regulation ◽  
General Data

The rapid development of digital health poses a critical challenge to the personal health data protection of patients. The European Union General Data Protection Regulation (EU GDPR) works in this context; it was passed in April 2016 and came into force in May 2018 across the European Union. This study is the first attempt to test the effectiveness of this legal reform for personal health data protection. Using the difference-in-difference (DID) approach, this study empirically examines the policy influence of the GDPR on the financial performance of hospitals across the European Union. Results show that hospitals with the digital health service suffered from financial distress after the GDPR was published in 2016. This reveals that during the transition period (2016–2018), hospitals across the European Union indeed made costly adjustments to meet the requirements of personal health data protection introduced by this new regulation, and thus inevitably suffered a policy shock to their financial performance in the short term. The implementation of GDPR may have achieved preliminary success.

scholarly journals The EU’s General Data Protection Regulation (GDPR) in a Research Context

2018 ◽  
pp. 55-71 ◽  
Author(s):  
Christopher F. Mondschein ◽  
Cosimo Monda
Keyword(s):  
Data Protection ◽  
Regulatory Mechanism ◽  
Personal Data ◽  
General Data Protection Regulation ◽  
Secondary Use ◽  
Research Context ◽  
Specific Focus ◽  
General Data ◽  
The Eu

AbstractThis chapter introduces the rational and regulatory mechanism underlying the EU data protection framework with specific focus on the EU’s General Data Protection Regulation (GDPR). It outlines the applicability of the research exemption included in the GDPR and discusses further or secondary use of personal data for research purposes.

scholarly journals Impact of the European General Data Protection Regulation (GDPR) on Health Data Management in a European Union Candidate Country: A Case Study of Serbia (Preprint)

2019 ◽  
Author(s):  
Branko Marovic ◽  
Vasa Curcin
Keyword(s):  
European Union ◽  
Health System ◽  
Data Protection ◽  
Personal Data ◽  
Health Data ◽  
Candidate Country ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
General Data ◽  
The Eu

UNSTRUCTURED As of May 2018, all relevant institutions within member countries of the European Economic Area are required to comply with the European General Data Protection Regulation (GDPR) or face significant fines. This regulation has also had a notable effect on the European Union (EU) candidate countries, which are undergoing the process of harmonizing their legislature with the EU as part of the accession process. The Republic of Serbia is an example of such a candidate country, and its 2018 Personal Data Protection Act mirrors the majority of provisions in the GDPR. This paper presents the impact of the GDPR on health data management and Serbia’s capability to conduct international health data research projects. Data protection incidents reported in Serbia are explored to identify common underlying causes using a novel taxonomy of contributing factors across aspects and health system levels. The GDPR has an extraterritorial application for the non-EU data controllers who process the data of EU citizens and residents, which mainly affects private practices used by medical tourists from the EU, public health care institutions frequented by foreigners, as well as expatriates, dual citizens, tourists, and other visitors. Serbia generally does not have well-established procedures to support international research collaborations around its health data. For smaller projects, contractual arrangements can be made with health data providers and their ethics committees. Even then, organizations that have not previously participated in similar ventures may require approval or support from health authorities. Extensive studies that involve multisite data typically require the support of central health system institutions and relevant research data aggregators or electronic health record vendors. The lack of a framework for preparation, anonymization, and assurance of privacy preservation forces researchers to rely heavily on local expertise and support. Given the current limitation and potential issues with the legislation, it remains to be seen whether the move toward the GDPR will be beneficial for the Serbian health system, medical research, protection of personal data and privacy rights, and research capacity. Although significant progress has been made so far, a strategic approach is needed at the national level to address insufficient resources in the area of data protection and develop the personal data protection environment further. This will also require a targeted educational effort among health workers and decision makers, aiming to improve awareness and develop skills and knowledge necessary for the workforce.

scholarly journals The “A” of FAIR – As Open as Possible, as Closed as Necessary

2020 ◽  
Vol 2 (1-2) ◽  
pp. 47-55 ◽  
Author(s):  
Annalisa Landi ◽  
Mark Thompson ◽  
Viviana Giannuzzi ◽  
Fedele Bonifazi ◽  
Ignasi Labastida ◽  
...  
Keyword(s):  
Data Sharing ◽  
Data Protection ◽  
Personal Data ◽  
Health Data ◽  
Privacy Rights ◽  
Regulatory Requirements ◽  
Data Set ◽  
General Data Protection Regulation ◽  
Digital Era ◽  
General Data

In order to provide responsible access to health data by reconciling benefits of data sharing with privacy rights and ethical and regulatory requirements, Findable, Accessible, Interoperable and Reusable (FAIR) metadata should be developed. According to the H2020 Program Guidelines on FAIR Data, data should be “as open as possible and as closed as necessary”, “open” in order to foster the reusability and to accelerate research, but at the same time they should be “closed” to safeguard the privacy of the subjects. Additional provisions on the protection of natural persons with regard to the processing of personal data have been endorsed by the European General Data Protection Regulation (GDPR), Reg (EU) 2016/679, that came into force in May 2018. This work aims to solve accessibility problems related to the protection of personal data in the digital era and to achieve a responsible access to and responsible use of health data. We strongly suggest associating each data set with FAIR metadata describing both the type of data collected and the accessibility conditions by considering data protection obligations and ethical and regulatory requirements. Finally, an existing FAIR infrastructure component has been used as an example to explain how FAIR metadata could facilitate data sharing while ensuring protection of individuals.

Sign in / Sign up

Export Citation Format

Share Document