Coordinator research program Learning Health System; endowed professor 'Transparency in healthcare from a patient perspective', Tranzo, Tilburg University, the Netherlands
Publicatie
Publication date
TRANSFoRm: a flexible zone model of a data privacy framework for Primary Care research.
Kuchinke, W., Veen, E.B. van, Delaney, B.C., Verheij, R., Taweel, A., Ohmann, C. TRANSFoRm: a flexible zone model of a data privacy framework for Primary Care research. Journal of the American Medical Informatics Association: 2011 27. Abstract. AMIA 2011 Summit on Clinical Research Informatics. 9-11 march 2011, San Francisco.
Read online
As part of the TRANSFoRm project a flexible zone model for data privacy in Primary Care research was developed. The model applies different privacy generating methods to different aspects of the research data flow and allows in this way for only minimal hindrance of research activities. This is achieved by defining three privacy zones, one for clinical care, research and data linking. Frameworks guaranteeing data privacy are often too stringent for research. TRANSFoRm develops a user-centered platform for the integration of Primary Care clinical and research activities. Because different health care and genetic databases will be accessed, TRANSFoRm has to assure that integration of clinical and genetic data is in full compliance with all legal and ethical requirements at European and national level. There exist already a couple of privacy frameworks for cancer research or biobanking (e.g. ACGT, GenoMatch). But most privacy frameworks apply the most stringent approach to their data flow and interpret “anonymisation” in a restrictive way. In our view, a flexible approach is needed to satisfy the different privacy needs of the heterogeneous data flow in TRANSFoRm that involves access to Primary Care health record data, genetic and clinical research databases and cancer registries. Dimensions of privacy in Primary Care research For this purpose we developed a flexible data privacy framework that is generic enough to be used by researchers with similar, but not identical, data sources. The model depicts a data type axis (identifying data, non-identifying data and genetic data), ethics axis (depending on national and database requirements: explicit consent, general consent, optout, ethics committee approval), de-identification axis (depending on the risk of identification and using different methods: full anonymisation, pseudonymisation), user restriction axis (levels of access control, authorization, explicit authorization). Based on an analysis of national and European legal requirements, and the access policies of different data bases, a privacy framework with data privacy profiles of different stringencies was created. Zone model for data privacy. For TRANSFoRm three different privacy profiles were transcribed into a zone model and applied to two use cases, addressing research on genotypephenotype relationships in Diabetes Mellitus, and research on the quality of care and treatment of Gastro-esophageal Reflux Disease. The first zone, the “primary care zone”, is concerned with the relationship between patient and GP, and the patient data contained in the eHR. The second zone contains the research data obtained by processes contained in the third, intermediate/linking zone. The linking zone guarantees the protection of the privacy of the link, but is itself not involved in the research data. Conclusion: Based on legal requirements and using all dimensions of a privacy framework, it is possible to develop a flexible zone model for Primary Care research that guarantees privacy and can support research.
As part of the TRANSFoRm project a flexible zone model for data privacy in Primary Care research was developed. The model applies different privacy generating methods to different aspects of the research data flow and allows in this way for only minimal hindrance of research activities. This is achieved by defining three privacy zones, one for clinical care, research and data linking. Frameworks guaranteeing data privacy are often too stringent for research. TRANSFoRm develops a user-centered platform for the integration of Primary Care clinical and research activities. Because different health care and genetic databases will be accessed, TRANSFoRm has to assure that integration of clinical and genetic data is in full compliance with all legal and ethical requirements at European and national level. There exist already a couple of privacy frameworks for cancer research or biobanking (e.g. ACGT, GenoMatch). But most privacy frameworks apply the most stringent approach to their data flow and interpret “anonymisation” in a restrictive way. In our view, a flexible approach is needed to satisfy the different privacy needs of the heterogeneous data flow in TRANSFoRm that involves access to Primary Care health record data, genetic and clinical research databases and cancer registries. Dimensions of privacy in Primary Care research For this purpose we developed a flexible data privacy framework that is generic enough to be used by researchers with similar, but not identical, data sources. The model depicts a data type axis (identifying data, non-identifying data and genetic data), ethics axis (depending on national and database requirements: explicit consent, general consent, optout, ethics committee approval), de-identification axis (depending on the risk of identification and using different methods: full anonymisation, pseudonymisation), user restriction axis (levels of access control, authorization, explicit authorization). Based on an analysis of national and European legal requirements, and the access policies of different data bases, a privacy framework with data privacy profiles of different stringencies was created. Zone model for data privacy. For TRANSFoRm three different privacy profiles were transcribed into a zone model and applied to two use cases, addressing research on genotypephenotype relationships in Diabetes Mellitus, and research on the quality of care and treatment of Gastro-esophageal Reflux Disease. The first zone, the “primary care zone”, is concerned with the relationship between patient and GP, and the patient data contained in the eHR. The second zone contains the research data obtained by processes contained in the third, intermediate/linking zone. The linking zone guarantees the protection of the privacy of the link, but is itself not involved in the research data. Conclusion: Based on legal requirements and using all dimensions of a privacy framework, it is possible to develop a flexible zone model for Primary Care research that guarantees privacy and can support research.