Linked2Safety Project (FP7-ICT – 5.3) A NEXT-GENERATION, SECURE LINKED DATA MEDICAL INFORMATION SPACE FOR SEMANTICALLY-INTERCONNECTING ELECTRONIC HEALTH RECORDS AND CLINICAL TRIALS SYSTEMS ADVANCING PATIENTS SAFETY IN CLINICAL RESEARCH Prof. Nikolaus Forgó, Mag. Magdalena Góralczyk, RA Constantin Graf von Rex Institute for Legal Informatics, Leibniz University Hannover

FP7, ICT-2011 – 5.3 Page 2 1 st Review Meeting, 14 th November 2012 I.Introduction II.Presentation of the Project Linked2Safety III.Legal Requirements IV.Ethical Requirements V.Conclusion

FP7, ICT-2011 – 5.3 Page 3 1 st Review Meeting, 14 th November 2012  Legal and ethical requirements lead in a research project dealing with the medical data of patients to specific security issues that must be considered and resolved.  European and national laws and ethical standards and principles provide a framework for a research project.

FP7, ICT-2011 – 5.3 Page 4 1 st Review Meeting, 14 th November 2012  Linked2Safety (grant agreement n°288328) is a project funded funded under the FP7 framework of the European Union.  The Vision of the project is the development of an extensible, scalable architecture that will facilitate the semantic interlinking between spatially distributed clinical care information sources, electronic patients’ health records and clinical trials systems for gathering and sharing adequate knowledge to support decision making in medical and clinical research.

FP7, ICT-2011 – 5.3 Page 5 1 st Review Meeting, 14 th November 2012  The Linked2Safety consortium combines multidisciplinary competences and resources from the academia, industry, and research community. It consists of eleven (11) partners representing research institutes, universities, industrial partners (including SMEs) and clinical research end-user organisations (with a medical, healthcare & pharmaceutical background), from seven (7) European countries, i.e. Luxembourg, Greece, Germany, United Kingdom, Ireland, Romania, Cyprus and Switzerland –one of them from the new Member States (Cyprus) and one of them from the Associated Countries (Switzerland).

FP7, ICT-2011 – 5.3 Page 6 1 st Review Meeting, 14 th November 2012  The project iterative implementation plan is organized over 12 quarters (36 months). To guarantee smooth and effective project running and progress the whole work has been devided into nine (9) work-packages.

FP7, ICT-2011 – 5.3 Page 7 1 st Review Meeting, 14 th November Personal data and non-personal data In a research project dealing with patient data the differentiation has to be made between personal and non- personal data. Personal data is understood as those data that leads to an identified or identifiable subject. Data that does not lead to an identifiable subject because of its aggregation or anonymization is non-personal. At European level the principles for the protection of personal data are defined by the Data Protection Directive.

FP7, ICT-2011 – 5.3 Page 8 1 st Review Meeting, 14 th November Personal and non-personal data Once medical data of patients is included in a research project, these types of data are sensitive personal data. For these special data the DP Directive forces the EU member states to increase the protection for it.

FP7, ICT-2011 – 5.3 Page 9 1 st Review Meeting, 14 th November Data controller and data processor The data processor prosesses personal data for the data controller. The data controller is the one who is responsible for the processing of personal data. The data controller has to ensure that data quality principles are complied with and he has to ensure the implementation of appropriate and necessary technical and organizational measures.

FP7, ICT-2011 – 5.3 Page 10 1 st Review Meeting, 14 th November Pseudonymisation and anonymisation of data The pseudonymisation of data is considered as a safety measure in research projects. If it is possible to recode the data so that the data subject can be re-identified, it is called pseudonymous data. In the case of pseudonymous data the person behind the data can be identified with acceptable effort and therefore the general data protection rules are to be applied to pseudonymous data. As the highest safety measure in research projects with medical data of real patients, the anonymisation of data is considered.

FP7, ICT-2011 – 5.3 Page 11 1 st Review Meeting, 14 th November Pseudonymisation and anonymisation of data According to the DP-Directive data are then anonymous, if the person standing behind the data cannot be identified with reasonable means (in terms of costs, effort and manpower). The anonymisation of personal data is a process that falls under the same rules like any other form of data-processing. The DP-Directive provides rules for the fair and lawful processing of personal data, which must be observed for the anonymisation of data, as much as for any other kind of processing.

FP7, ICT-2011 – 5.3 Page 12 1 st Review Meeting, 14 th November Informed Consent The informed consent of a patient is one way to legitimize the processing of patient data. Regarding the informed consent of patients to participate in clinical research and in respect of the informed consent of patients to process their data, especially their health data, there are similarities and differences.

FP7, ICT-2011 – 5.3 Page 13 1 st Review Meeting, 14 th November Informed Consent For a research project like Linked2Safety a possibility may be considered that would allow the processing of patient data without their consent. Within the DP-Directive it is stipulated, that subject to adequate provision of guarantees by the member states, these are given the opportunity, if an important public interest requires so, to provide exceptions to the general prohibition on processing sensitive data through a law or decision of the supervisory authority.

FP7, ICT-2011 – 5.3 Page 14 1 st Review Meeting, 14 th November Technical and organisational measures To ensure the security of the data, the following technical and organizational measures have to be taken:  control of the entrance to installations,  control of data media,  memory control,  control of utilisation,  access control,  control of communication,  control of data introduction, control of transport, availability control.

FP7, ICT-2011 – 5.3 Page 15 1 st Review Meeting, 14 th November Rights of the data subject From the DP-Directive result the following individual rights of patients as data subjects:  right to be informed  right of access  right of rectification, erasure or blocking  right to object

FP7, ICT-2011 – 5.3 Page 16 1 st Review Meeting, 14 th November Transfer of personal data to third countries Another security issue may be the transfer of patient`s personal data to any country outside the European Union and / or the European Economic Area. Such a transfer is only allowed if a European-standard level of data protection is guaranteed.

FP7, ICT-2011 – 5.3 Page 17 1 st Review Meeting, 14 th November Informed Consent The idea behind the requirement of informed consent of patients is that any medical procedure, which has an impact on the patient requires his/her prior written consent based on comprehensive information.

FP7, ICT-2011 – 5.3 Page 18 1 st Review Meeting, 14 th November Other ethical requirements If it is not possible to obtain patient`s consent or at least the consent from the patient´s legally authorized representative to render the personal data anonymous could be the solution. Another ethical requirement for a medical research project is that the methods used must conform to generally accepted scientific principles, be based on a thorough knowledge of scientific literature, other relevant sources of information and adequate laboratory. A research project has to be lead and monitored by qualified and trained persons only.

FP7, ICT-2011 – 5.3 Page 19 1 st Review Meeting, 14 th November 2012  Personal data and especially sensitive data needs special protection in a research project which deals with patient`s medical data. Once there is non-personal data involved the European and national data protection laws do not apply.  One way to protect the personal and sensitive data from patients is rendering the data anonymous. Personal patient data are therefore processed in an anonymous form only in the project Linked2Safety.  The safety and privacy of patients’ data must be ensured by the data controller. In the case of the research project Linked2Safety the data controllers are the clinical partners of the project.

FP7, ICT-2011 – 5.3 Page 20 1 st Review Meeting, 14 th November 2012  The DP-Directive provides technical and organizational measures to guarantee the protection of the personal data.  The informed consent of patients is one of the demands made by both ethical and legal side of a research project and must therefore be mindful of the security issues as well.  In addition, the rights of data subjects have to be respected, as well as the conditions for the transfer of data to third countries, if such scenarios come up.

FP7, ICT-2011 – 5.3 Page 21 1 st Review Meeting, 14 th November 2012

FP7, ICT-2011 – 5.3 Page 22 1 st Review Meeting, 14 th November 2012 Prof. Nikolaus Forgó Mag. Magdalena Goralczyk RA Constantin Graf von Rex LUH