Publication date

Development towards a learning health system-experiences with the privacy protection model of the TRANSFoRm project.

Kuchinke, W., Ohmann, C., Verheij, R.A., Veen, E.B. van, Delaney, B.C. Development towards a learning health system-experiences with the privacy protection model of the TRANSFoRm project. In: S. Gutwirth; R. Leenes; P. de Hert. Data proctection on the move: current developments in ICT and privacy/data protection. Londen: Springer, 2016. This publication can be found on the publisher's website. p. 101-134.
The connection of clinical care with clinical research is the main purpose of the Learning Health System (LHS) integrating scientific information, informatics, and patient care. The LHS generates new medical knowledge as a by-product of the care process. Por this purpose, the aggregation of data from Electronic Health Records (EHR), Case Report Forms (CRF), web questionnaires with other data sources like primary care databases and genetic data repositories is necessary for research purposes. This joining of healthcare and research processes results in challenges for the privacy protection framework of the LHS.

Based on an exploration of EU legal requirements for data protection and privacy, different data access policies of data provider organizations as well as existing privacy frameworks of research projects, basic privacy principles and privacy requirements were extracted. Based on privacy principles and legal requirements a graphical model to display privacy protection requirements was created. This graphical model is based on concepts of requirements engineering and can be used like a model kit to create new privacy frameworks and to ease knowledge exchange with stakeholders of the LHS. Our model is built upon the concept of three privacy zones (Care Zone, Non-Care Zone and Research Zone) representing areas where similar legal requirements and rules apply.

These zones contain databases, data transformation operators, such as data linkers and privacy filters and graphs to indicate the data flow necessary for research processes. The aim of the model is to help arrange its components in a way that creates a risk gradient for the data flow from a zone of high risk for patient identification to a zone of low risk. The model is applied to the analysis of several general clinical research usage scenarios and two research use cases from the TRANSFoRm project (finding patients for clinical research and linkage of databases). Both use cases represent different data collection aspects of the LHS. The model was used during discussions with data managers from the NIVEL Primary Care Database in the Netherlands and validated by representing an approved research case of using primary care data employing NIVEL services. Experiences with the graphic privacy model used to improve the privacy framework of TRANSFoRm and with the presentation of the model to LHS stakeholders and the research community are discussed.