Element | Nature of risks | Level of risk* | Comments | Mitigating mechanisms | ||
Low | Medium | High | ||||
Individual data: pseudonym used for patients’ IDs + data aggregated (n = 5 patients per cell) | Individual privacy | × | Pose an indirect risk to individual’s privacy | Non-reversible de-identification | ||
Pseudonym used for centres’ IDs | Non-individual privacy | × | Pose an indirect risk to centres’ privacy | Reversible de-identification + reporting system: percentage | ||
Data transmission | Security measures | × | Pose an indirect risk to individual’s privacy | Encryption | ||
Access to the BIRO network | Security measures | × | Pose an indirect risk to individual’s privacy | Secure applications;hacking tests | ||
Global statistical analysis | Individual privacy + non-individual privacy + security measures | × | Pose an indirect risk to individual’s privacy and centres privacy | Non-reversible de-identification + encryption |
*Low, risk can materialise but mitigating factors exist; moderate, risk is likely to materialise if no corrective measures are taken; high, there is a high chance that negative effects will materialise if no corrective measures are taken.
BIRO, Best Information Through Regional Outcomes; ID, identification.
*Low, risk can materialise but mitigating factors exist; moderate, risk is likely to materialise if no corrective measures are taken; high, there is a high chance that negative effects will materialise if no corrective measures are taken.
BIRO, Best Information Through Regional Outcomes; ID, identification.