Article Text
Abstract
Background Data processing of health research databases often requires a Data Protection Impact Assessment to evaluate the severity of the risk and the appropriateness of measures taken to comply with the European Union (EU) General Data Protection Regulation (GDPR). We aimed to define and apply a comprehensive method for the evaluation of privacy, data governance and ethics among research networks involved in the EU Project Bridge Health.
Methods Computerised survey among associated partners of main EU Consortia, using a targeted instrument designed by the principal investigator and progressively refined in collaboration with an international advisory panel. Descriptive measures using the percentage of adoption of privacy, data governance and ethical principles as main endpoints were used for the analysis and interpretation of the results.
Results A total of 15 centres provided relevant information on the processing of sensitive data from 10 European countries. Major areas of concern were noted for: data linkage (median, range of adoption: 45%, 30%–80%), access and accuracy of personal data (50%, 0%–100%) and anonymisation procedures (56%, 11%–100%). A high variability was noted in the application of privacy principles.
Conclusions A comprehensive methodology of Privacy and Ethics Impact and Performance Assessment was successfully applied at international level. The method can help implementing the GDPR and expanding the scope of Data Protection Impact Assessment, so that the public benefit of the secondary use of health data could be well balanced with the respect of personal privacy.
- right to healthcare
- confidentiality/privacy
- regulation
- technology/risk assessment
Data availability statement
Data are available upon request.
Statistics from Altmetric.com
Read the full text or download the PDF:
Other content recommended for you
- Privacy impact assessment in the design of transnational public health information systems: the BIRO project
- How to use relevant data for maximal benefit with minimal risk: digital health data governance to protect vulnerable populations in low-income and middle-income countries
- Navigating data governance associated with real-world data for public benefit: an overview in the UK and future considerations
- Health research and systems’ governance are at risk: should the right to data protection override health?
- Rebooting consent in the digital age: a governance framework for health data exchange
- 'It’s not something you can take in your hands'. Swiss experts’ perspectives on health data ownership: an interview-based study
- Patients’ and public views and attitudes towards the sharing of health data for research: a narrative review of the empirical evidence
- The governance of personal data for COVID-19 response: perspective from the Access to COVID-19 Tools Accelerator
- Multiple modes of data sharing can facilitate secondary use of sensitive health data for research
- China’s Personal Information Protection Law