Di Iorio Concetta Tania, Carinci Fabrizio, Oderkirk Jillian, Smith David, Siano Manuela, de Marco Dorotea Alessandra, de Lusignan Simon, Hamalainen Paivi, Benedetti Massimo Massi
Executive Office, Legal, Serectrix snc, Pescara, Italy
Department of Statistical Sciences, University of Bologna, Bologna, Italy.
J Med Ethics. 2020 Mar 27. doi: 10.1136/medethics-2019-105948.
Data processing of health research databases often requires a Data Protection Impact Assessment to evaluate the severity of the risk and the appropriateness of measures taken to comply with the European Union (EU) General Data Protection Regulation (GDPR). We aimed to define and apply a comprehensive method for the evaluation of privacy, data governance and ethics among research networks involved in the EU Project Bridge Health.
Computerised survey among associated partners of main EU Consortia, using a targeted instrument designed by the principal investigator and progressively refined in collaboration with an international advisory panel. Descriptive measures using the percentage of adoption of privacy, data governance and ethical principles as main endpoints were used for the analysis and interpretation of the results.
A total of 15 centres provided relevant information on the processing of sensitive data from 10 European countries. Major areas of concern were noted for: data linkage (median, range of adoption: 45%, 30%-80%), access and accuracy of personal data (50%, 0%-100%) and anonymisation procedures (56%, 11%-100%). A high variability was noted in the application of privacy principles.
A comprehensive methodology of Privacy and Ethics Impact and Performance Assessment was successfully applied at international level. The method can help implementing the GDPR and expanding the scope of Data Protection Impact Assessment, so that the public benefit of the secondary use of health data could be well balanced with the respect of personal privacy.
健康研究数据库的数据处理通常需要进行数据保护影响评估,以评估风险的严重程度以及为遵守欧盟(EU)《通用数据保护条例》(GDPR)而采取措施的适当性。我们旨在定义并应用一种全面的方法,用于评估参与欧盟“桥梁健康”项目的研究网络中的隐私、数据治理和伦理问题。
对主要欧盟财团的相关合作伙伴进行计算机化调查,使用由首席研究员设计并与国际咨询小组合作逐步完善的针对性工具。以隐私、数据治理和伦理原则的采用率作为主要终点的描述性措施用于结果的分析和解释。
共有15个中心提供了来自10个欧洲国家的敏感数据处理的相关信息。主要关注领域包括:数据链接(采用率中位数、范围:45%,30%-80%)、个人数据的访问和准确性(50%,0%-100%)以及匿名化程序(56%,11%-100%)。隐私原则的应用存在很大差异。
隐私与伦理影响及绩效评估的综合方法在国际层面成功应用。该方法有助于实施GDPR并扩大数据保护影响评估的范围,从而使健康数据二次利用的公共利益与个人隐私的尊重能够得到很好的平衡。
