Presentation is loading. Please wait.

Presentation is loading. Please wait.

PhUSE Data De-Identification Working Group

Published byreek Ασπάσιος Modified over 6 years ago

Similar presentations

Presentation on theme: "PhUSE Data De-Identification Working Group"— Presentation transcript:

1 PhUSE Data De-Identification Working Group
GDPR sub-team meeting 14. May 2018 Jean-Marc Ferran (Qualiance) PhUSE Data Transparency WG Lead

2 Participants Lauren White (PhUSE) – Project Administrator
Jean-Marc Ferran (Qualiance) – WG Lead Cordula Massion (HMS Analytical) Stephen Bamford (J&J) Hannah Sharp (Gilead) Arlene Coleman (Pfizer) Jonathan Andrus (Clinical Ink) Megan Schmidt (UCB) Barbara Rusin (MMS Holdings) Shannon Labout (Roivant Sciences) Paul Houston (CDISC) Rashmi Dodia (MMS Holdings)

3 GDPR Topics - Input Hannah’s email of April 4th, 2018:
One question we are grappling with at the moment is: -        Can we establish standard conventions for the level of detail that is collected for date-of-birth / age for pediatrics (e.g. Year only from age x years, Month and Year for ages x to x, etc.) or will this usually need to be decided on a study-by-study basis? And, since the scope of this working group may extend to other GDPR-related questions, here are some other topics where we would really appreciate the opportunity to compare perspectives with others in the industry:  -        Are other companies destroying study data and documents after the 25 years required by the EU Clinical Trials Regulation (or other applicable clinical trials regulations) because of the GDPR principle of data minimisation?  -        If identifying data (e.g. a subject’s full name) is entered into a study database (e.g. into the eCRF), is it appropriate to leave this data visible in the audit trail of the CRF data that we send to regulatory authorities in submissions? We are trying to balance the ICH GCP principle of keeping a complete record of all changes made to the study data against the GDPR principle of minimizing the parties who have access to personal data, especially outside the EU. -        How much should we limit the number of personnel who have access to study data files? Does it make sense to limit access only to those personnel working on a study (or with a systems/administrative/support need to be able to access them)?  I realise these questions may be outside the scope of the working group, but if anyone in copy has perspectives to share on these topics it would be great to hear. Paul’s of April 8th, 2018: Some good use cases from Hanna – CDISC are about to kick off a paediatric standard with an IMI consortium which is working on a paediatric network with the  EMA paediatrics network group; one would hope paediatric age definitions would be standardised across studies as part of this work.

4 GDPR Topics (1) GDPR Topic 1 / Data Collection and PII (e.g. Age/DoB) - Lead: Shannon Labout How to handle DoB/Age across age ranges and study types Examples where blood is taken out, treated and in again. Collecting name, DoB and other PII becomes crucial. What data to consider not to collect or collect differently in any study? Look into Exceptions where changes would be applicable in the data collection process. DoB is required to know when e.g. teenagers becomes 18 and need to resign the ICF. Studies with new borns. GDPR Topic 2 / Informed Consent - Deprioritized Points to add or change in ICF in light of GDPR Accountability between CROs and Sponsors

5 GDPR Topics (2) GDPR Topic 3 / Safeguards and Processes – Lead: ??
Dates collected in EDC to do lab ranges and not communicated to sponsor Back and forth between CRO and Sponsors, DM and PV, etc. Implications for Past/Ongoing/Future studies wrt GDPR requirements MR-001/MR-002, French regulations on communications about data Keep data forever or anonymize or delete after 25 years + non-TMD study documents clean-up process? GDPR Topic 4 / Secondary Data Use Case - Deprioritized Consider need to inform patients, etc. GDPR Topic 5 / Data Breaches Examples to consider – Lead: Barbara Itemize some of the most obvious ones since they need to be reported with 72 hours Consider plausible cases and add mitigation actions (e.g. password protect data/documents when sent via s). Other: Publish White Paper as a Wiki so others can add to it

6 Next Steps Assign Leads for each topic and additional members
KO work on each of the subtrack and agree on timelines

Download ppt "PhUSE Data De-Identification Working Group"

Similar presentations

New Approaches to SAE Reconciliation for Paper and EDC Studies: A Collaborative Perspective Shannon Labout, CCDM Senior Consultant PSDM Meeting 22-May-2008.

New Approaches to SAE Reconciliation for Paper and EDC Studies: A Collaborative Perspective Shannon Labout, CCDM Senior Consultant PSDM Meeting 22-May-2008.
Submission to Approval What happens to my protocol once I submit it to the HIC office.

Submission to Approval What happens to my protocol once I submit it to the HIC office.
GCP compliance for GenISIS  This presentation is intended for clinical staff involved in recruiting patients to the GenISIS (Genetics of Influenza Susceptibility.

GCP compliance for GenISIS  This presentation is intended for clinical staff involved in recruiting patients to the GenISIS (Genetics of Influenza Susceptibility.
Using EDC-Rave to Conduct Clinical Trials at Genentech

Using EDC-Rave to Conduct Clinical Trials at Genentech
Query Health Business Working Group Kick-Off September 8, 2011.

Query Health Business Working Group Kick-Off September 8, 2011.
Recapture of Day 1 Suchart Chongprasert, Ph.D. Food and Drug Administration “Practical Aspects in Performing Clinical and Bioanalytical Parts in BA/BE.

Recapture of Day 1 Suchart Chongprasert, Ph.D. Food and Drug Administration “Practical Aspects in Performing Clinical and Bioanalytical Parts in BA/BE.
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
Contents Integrating clinical trial data Working with CROs

Contents Integrating clinical trial data Working with CROs
Joint Research & Enterprise Office Training The team, the procedures, the monitor and the Sponsor Lucy H H Parker Clinical Research Governance Manager.

Joint Research & Enterprise Office Training The team, the procedures, the monitor and the Sponsor Lucy H H Parker Clinical Research Governance Manager.
1. Re-Use of Clinical Care and of Clinical Trial Data A Contract Research Organisation (CRO) point of view EuroRec Conference 2009 Sarajevo Selina Sibbald.

1. Re-Use of Clinical Care and of Clinical Trial Data A Contract Research Organisation (CRO) point of view EuroRec Conference 2009 Sarajevo Selina Sibbald.
Family Educational Rights and Privacy Act. From the moment a child enters the school system, sensitive information is collected about the child (and even.

Family Educational Rights and Privacy Act. From the moment a child enters the school system, sensitive information is collected about the child (and even.
Using EDC-Rave to Conduct Clinical Trials at Genentech Susanne Prokscha Principal CDM PTM Process Analyst February 2012.

Using EDC-Rave to Conduct Clinical Trials at Genentech Susanne Prokscha Principal CDM PTM Process Analyst February 2012.
Using Australian Clinical Sites – Challenges for International Sponsors Prof A J (Tony) Webber Clinical Network Services Pty Ltd Brisbane, Australia.

Using Australian Clinical Sites – Challenges for International Sponsors Prof A J (Tony) Webber Clinical Network Services Pty Ltd Brisbane, Australia.
DIA Trial Master File Reference Model

DIA Trial Master File Reference Model
Paper Destruction Team Full Team Meeting 9 April 2013.

Paper Destruction Team Full Team Meeting 9 April 2013.
Responsibilities of Sponsor, Investigator and Monitor

Responsibilities of Sponsor, Investigator and Monitor
An agency of the European Union Guidance on the anonymisation of clinical reports for the purpose of publication in accordance with policy 0070 Industry.

An agency of the European Union Guidance on the anonymisation of clinical reports for the purpose of publication in accordance with policy 0070 Industry.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
Data Protection Regulation

Data Protection Regulation
Tony Sheppard Mobile Guardian

Tony Sheppard Mobile Guardian

Similar presentations

Ads by Google