Background Data processing of health research databases often requires a Data Protection Impact Assessment to evaluate the severity of the risk and the appropriateness of measures taken to comply with the European Union (EU) General Data Protection Regulation (GDPR). We aimed to define and apply a comprehensive method for the evaluation of privacy, data governance and ethics among research networks involved in the EU Project Bridge Health.
Methods Computerised survey among associated partners of main EU Consortia, using a targeted instrument designed by the principal investigator and progressively refined in collaboration with an international advisory panel. Descriptive measures using the percentage of adoption of privacy, data governance and ethical principles as main endpoints were used for the analysis and interpretation of the results.
Results A total of 15 centres provided relevant information on the processing of sensitive data from 10 European countries. Major areas of concern were noted for: data linkage (median, range of adoption: 45%, 30%–80%), access and accuracy of personal data (50%, 0%–100%) and anonymisation procedures (56%, 11%–100%). A high variability was noted in the application of privacy principles.
Conclusions A comprehensive methodology of Privacy and Ethics Impact and Performance Assessment was successfully applied at international level. The method can help implementing the GDPR and expanding the scope of Data Protection Impact Assessment, so that the public benefit of the secondary use of health data could be well balanced with the respect of personal privacy.
- right to healthcare
- technology/risk assessment
Statistics from Altmetric.com
Contributors All authors provided a substantial contribution to the development and implementation of the method as well as for the production of the manuscript. CTdI, JO, DS, MS, DAdM, SdL and PH were members of the international advisory panel (AP). CTdI designed the survey questionnaire and led the study on behalf of Serectrix, the private company in charge of this activity as a subcontractor of the Bridge Health project. FC assisted with the design and conduction of the analysis for the paper. JO, DS, MS, DAdM, SdL and PH participated to the design of the instrument and evaluated the data collected for the production of the paper. MMB coordinated the task in the Bridge Health project. All authors revised and agreed on the contents of the present manuscript.
Funding The study has been funded through granting provided by DG-SANCO, the European Commission for WP8, Task 2, EU Project Bridge Health (grant agreement number: 664691–BRIDGE Health–HP-PJ-2014).
Disclaimer The opinions expressed in this article are those of the authors alone; neither those of the OECD, nor of its member countries.
Competing interests None declared.
Patient consent for publication Not required.
Provenance and peer review Not commissioned; externally peer reviewed.
Data availability statement Data are available upon request.
If you wish to reuse any or all of this article please use the link below which will take you to the Copyright Clearance Center’s RightsLink service. You will be able to get a quick price and instant permission to reuse the content in many different ways.