[Non-Interventional Studies in a Large Community Hospital and Implementation of the General Data Protection Regulation (GDPR)].

BACKGROUND

The General Data Protection Regulation (GDPR) is applicable as of May 25, 2018 in all member states to harmonize data privacy laws across Europe. GDPR impacts also on medical data research. Non-interventional studies (NIS) in hospital are an important part of health services research and might need to be assessed by the local data protection officer. This study investigates all NIS (in house or sponsored) initiated between April 1, 2017 and July 31, 2018 in Nuremberg Hospital and their methods dealing with the GDPR.

MATERIALS AND METHODS

All studies in Nuremberg Hospital have to be reported to the study center of Nuremberg Hospital. We implemented some actions to fullfill GDPR, e. g. checklist for GDPR, quality circle, and all studies were assigned to a data protection officer specialized in scientific and clinical studies. We analyzed in each study the kind of data encryption (e. g., pseudonymous vs. anonymous), the need for approval from the official ethics commitee according to §15BO, and the need for approval from the hospital data protection officer. The data was analyzed using descriptive statistics.

RESULTS

After GDPR came into effect, more NIS were started (n=77 vs. n=59), especially investigator-initiated NIS increased significantly (+84%, p<0.01). The majority of inhouse studies were dealing with absolute anonymous data (before GDPR: n=28 anonymous vs. n=4 pseudonymous; after R: 51 vs.7; n.s.). 22 studies, mostly IITs (86%), needed a statement of the local data protection officer and used a patient's information. After GDPR 19% of in-house NIS showed the need for a statement of approval from the ethics committee (accordingly to §15BO) (before GDPR 12.5%; n.s.). One year after GDPR was implemented, the average processing time of the data protection officer for an NIS was 10.5 work days.

CONCLUSION

Investigator-initiated NIS are an important part of scientific research at Nuremberg Hospital. After GDPR, there was an increase in the number of self-initiated studies. Standardized procedures and simple actions help implement GDPR in medical research without critical delays at the start of study.