IMI code of practice for the secondary use of health data. Anne Bahr, PhD, CIPP/E R&D Privacy Officer

Similar documents
CAN GDPR WORK FOR HEALTH SCIENTIFIC RESEARCH? BRUSSELS OCTOBER 22 ND CIPL EFPIA FPF EXECUTIVE SUMMARY

Lisbon, 17 May Agustín Puente Escobar State Counsel Head of the Legal Cabinet. Agencia Española de Protección de Datos

Coordination and Support Action (CSA) for the Big Data for Better Outcomes programme. Stephan Korte, Kim Cryns

The Reform of European Data Protection Law

Committee on Civil Liberties, Justice and Home Affairs. of the Committee on Civil Liberties, Justice and Home Affairs

GDPR & SMART PIA. Wageningen University Feb 2017

Guidance on the General Data Protection Regulation: (1) Getting started

General Personal Data Protection Policy

GDPR: What Every MSP Needs to Know

b. by a controller not established in EU, but in a place where Member State law applies by virtue of public international law.

International Transfers of Personal Data at sanofi-aventis R & D

EU General Data Protection Regulation (GDPR)

Agenda. What is the GDPR? Who does GDPR apply to? Implications of Non-Compliance The Road to GDPR Compliance

INTERNATIONAL WHAT GDPR MEANS FOR RECORDS MANAGEMENT

General Data Protection Regulation (GDPR) Frequently Asked Questions

Preparing for GDPR 27th September, Reykjavik

EU GENERAL DATA PROTECTION REGULATION

GDPR for whom it may concern

The European Research Council

Lords Bill Committee on Digital Economy Bill Information Commissioner s briefing

Data protection (GDPR) policy

EDPS Opinion on safeguards and derogations under Article 89 GDPR in the context of a proposal for a Regulation on integrated farm statistics

The Association of Executive Search and Leadership Consultants AESC BEST PRACTICES FOR DATA PROTECTION. aesc.org

EU General Data Protection Regulation in the digital age: Are you ready?

GDPR a legal overview

GDPR in Early Years and Childcare settings. What s the connection? Data Protection

Updates From The EMA Technical Anonymization Group & Policy 0070 Cathal Gallagher US Connect 18, Raleigh

Executive Summary. We propose that the message of Recital 25 aa (Council version) must be maintained.

DATA PROTECTION POLICY

Technical factsheet: General Data Protection Regulation (GDPR) April 2018

New EU-GDPR: Challenges for Universities and Research Organisations

Achieving GDPR Compliance with Avature

A Parish Guide to the General Data Protection Regulation (GDPR)

Data transfers to non-eu countries. Some practical aspects 28 February 2018

with Xavier Darmstaedter Managing Partner GEDAPRE DACOTA Consulting

KEMBLE PRIMARY & SIDDINGTON CE PRIMARY SCHOOLS DATA PROTECTION & THE GENERAL DATA PROTECTION REGULATION (GDPR) POLICY

EU Big Data Initiatives

The Revised DPA: What To Expect

closer look at Definitions The General Data Protection Regulation

Documenting data processing: The EDPS guide to ensuring accountability

ALLEN & YORK is an employment agency and an employment business. We help qualified

Data Privacy, Protection and Compliance From the U.S. to Europe and Beyond

GDPR. Guidance on Employee Personal Data

An Introduction to GDPR and How To Prepare

UK Research and Innovation (UKRI) Data Protection Policy

The ICT Service:

CHECKLIST FOR TASKS NEEDED IN ORDER TO COMPLY WITH GDPR. Legal02# v1[RXD02]

The ecommerce Guide to GDPR. How to Ensure Compliance and a Competitive Edge

GENERAL DATA PROTECTION REGULATION.

General Data Protection Regulation Philippe Roggeband. Business Development, Manager, GSSO EMEAR

Ethical Governance Framework

NANCY COTTIGNY: ALL RIGHTS RESERVED: FOR AUTHORIZED USE ONLY, DO NOT DUPLICATE OR COPY. 1

EU General Data Protection Regulation: Are you ready?

Institutional Approval Form for Research Ethical Review & Assessment: Guidance Notes. Page Oct-2018 Research & Enterprise Committee Version 1.

Getting Ready for the GDPR

PRIVACY NOTICE RNOH Trust Employees & Temporary workers

Getting ready for GDPR. A guide to General Data Protection Regulations

THE GENERAL DATA PROTECTION REGULATION: GUIDANCE ON THE ROLE OF THE DATA PROTECTION OFFICER

Information Asset Register IAR. Guidance for Schools

Guidance on conducting consultations in the HRA Internal HRA guidance only

General Data Protection Regulation (GDPR)

GDPR Webinar : Overview & practical compliance steps. 23 October 2017

GDPR APPLICABILITY TO EXPATRIATE EMPLOYEES

PRIVACY CHANGES: LESS THAN ONE MONTH TO GO!

GENERAL DATA PROTECTION REGULATION (GDPR)

B2B telemarketing in a GDPR world

EU General Data Protection Regulation (GDPR) Tieto s approach and implementation

As members will be aware new General Data Protection Regulations (GDPR) come into effect on May 25 th this year.

KYC & Data Protection: Friends or Foes?

Department for Culture, Media and Sport Call for Views: GDPR Derogations

ETHICS ISSUES CHECKLIST Postdoctoral Researchers International Mobility Experience (PRIME)

Short Title: CCI Biobank

Preparing for the GDPR

European Induced Pluripotent Stem Cell Bank

OSS PORT LOGISTICS SOLUTIONS, S.A. DE C.V. General Data Protection Regulation (GDPR) Compliance Statement Effective Date: May 25, 2018

IBM Collaboration Solutions Readiness for GDPR IBM Corporation

Data Governance, Customer-Centricity, and the GDPR

GDPR readiness for start-ups, technology businesses and professional practices Martin Cassey

Brexit and the Future of Data Protection

Webinar IMI2 - Call 9 Data quality in preclinical research and development. Thomas Steckler IMI webinar

LIST OF CONTENTS GUIDELINES. About us 4 About this paper 5. Key facts at a glance 6

Information Sharing Policy

Data Protection Policy

The GDPR enforcement deadline is looming are you ready?

Amendment of the Work Programme 2017 version 1

What does the GDPR mean for recruitment?

University for the Creative Arts Application Declaration. Data Protection Privacy Notice

The Top 10 Operational Impacts of the EU s General Data Protection Regulation

Genera Data Protection Regulation and the Public Sector

THE CONVERGENCE INITIATIVE TO MAXIMISE THE VALUE FROM EUROPEAN RESEARCH

2018 GLOBANET GDPR REPORT

Self-Assessment Questionnaire Controllers

Data Protection for Landlords. David Smith Anthony Gold Solicitors

Complete Funding Solutions Limited Privacy Notice

Research Involving Human Data or Specimens

Overblik over biobanker og Datatilsynets regulering på området

December 28, 2018, New Delhi, INDIA

Getting Ready for May 25, 2018

LAST UPDATED June 11, 2018 DATA PROTECTION POLICY. International Foundation for Electoral Systems

How employers should comply with GDPR

Transcription:

IMI code of practice for the secondary use of health data Anne Bahr, PhD, CIPP/E R&D Privacy Officer

Presentation Overview The issue The Code of Practice The Code s Article Status and Next Steps Biobanking 2015 Anne BAHR 22 June 2015 2

What s the problem?

Common Privacy Rules but Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data (24 October 1995) Biobanking 2015 Anne BAHR 22 June 2015 4

No harmonization Directives principles have been implement in each European country s local Law Each local law should contains the same Principles But their implementation and interpretations differs But some exceptions exist The Directive is being revised Revised to become a Regulation (in early 2016 - Applicable 2 years after) Unique text directly applicable after translation But many details to be defined at Member State level Biobanking 2015 Anne BAHR 22 June 2015 5

Questionable Scope Applies to the processing of personal data Personal Data = Any information relating to an identified or identifiable natural person Does not apply to anonymous data What is anonymous data? Are clinical study data anonymous data? Not really (in the EU) but special regime in some EU countries No approved de-identification standard But some good proposals (see Khaled El Emam publications) Biobanking 2015 Anne BAHR 22 June 2015 6

Questionable Rules Purpose Limited and defined Collected Data Adequate, relevant and not excessive Not kept for longer than necessary Not transferred to other countries without adequate protection What about pseudonymised data? Biobanking 2015 Anne BAHR 22 June 2015 7

Variable interpretations Consent Is consent always needed to process health data? Exception for scientific research purpose? Secondary use Can pseudonymised data be used for another scientific purpose? Does it require new consent? Does it require anonymisation? Can HBS collected in clinical study be used for another purpose? Many guidelines but no global one Biobanking 2015 Anne BAHR 22 June 2015 8

The GDPR will not address these issues So What? A Code of Practice for secondary use of Clinical data and Samples?

Why developing a Code of Practice? Develop a unique - common across the EU - framework to reuse clinical (health) data Acceptable for EU collaborative research projects, IMI office, DPAs, Patients associations & Ethics Boards Title: CODE of PRACTICE on SECONDARY USE of MEDICAL DATA in SCIENTIFIC RESEARCH PROJECTS Includes definition of terms (in the scientific context) Built on articles and rules Articles: To organize the document by fields Rules: What exactly is required to be done for each topic to comply with applicable regulations Biobanking 2015 Anne BAHR 22 June 2015 10

Description of the Code Collection, Use and Transfer of Personal Medical Data De-identification and Protection of Anonymised Data Information, Consent and Withdrawal Basic Information and Consent for Prospective Data Collection Project Results Incidental Findings Secondary Use of Health Care Data in Research Projects Secondary Use of Research Data Secondary Use of Genetic Data Consent Withdrawal Human Biological Samples Collection of Human Biological Samples and Conduct of Genetic Analyses Secondary Use of Human Biological Samples Biobanking 2015 Anne BAHR 22 June 2015 11

Description of the Code (Cont.) Data Security & Involvement of Data Processors Documentation and Data Retention Medical Data Disclosure Implementing the Code s Rules Modifying the Code s Rules 5 APPENDICES (Adherence Agreement, Example of information sheets and consent forms, Examples of de-identification methods, Summary, Decision Tree Published on IMI etriks project website and on IMI Office website Biobanking 2015 Anne BAHR 22 June 2015 12

How to use this Code? This Code is not a binding document as such (yet) A guidance to be used by IMI projects to address multi-partners multicountries issues for complying with Personal Data Protection regulations This Code provides EU harmonized operational solutions to be compliant with the EU Privacy directive It does not plan for all local exception, but already includes some as examples. It provides an harmonized solution to start from in multi-partners multicountries, to be completed by applicable laws specificity where required It proposes a secure framework for the secondary use of genetic data in RULE 22, which goes beyond what the laws currently allow As no solution exists yet when consent is not broad enough As the EU can not afford not using all the knowledge currently produced with genetic data whereas the rest of the world will use it RULE 22 needs to be worked-out with Patients and Regulators Biobanking 2015 Anne BAHR 22 June 2015 13

You want to know more about the Code?

Read our Article! Code of practice on secondary use of medical data in European scientific research projects - Anne Bahr & Irene Schlünder - International Data Privacy Law 2015 - doi: 10.1093/idpl/ipv018 (free access) Presents the Code, explains most questionable rules, discuss open issues Anonymization: definition and how to proceed De-identification and Pseudonymization DNA (in general) versus Genetic/biometric data Rich-enough to single out a person Collecting informed consent Using Human Biological Samples Proposals to regulators to : Promote the use of broad consent Allow the secondary use of pseudonymised data (without consent) Support the development of a unique harmonized ICF template Develop tools for forbid misuse of health data Define means/ framework to reuse genetic data without consent Balance exceptions for processing data with risk of harm Biobanking 2015 Anne BAHR 22 June 2015 15

Status of the Code and Next Steps Final draft (dated August 27 th, 2014) prepared with the 2 experts Submitted to the EDPS (as an IMI guidance/ tool) in Aug. 2014 Submitted to the CNIL ( Art29WP) in Dec. 2014 + Belgian DPA Article (published in Sep. 2015) Both to be submitted directly to the Art.29 WP EFPIA to work on an industry-wide CoC based on this code EFPIA / IMI to propose a Coordination and Support Action (CSA) for the Big Data for Better Outcomes (BD4BO) program including data privacy topics ( Advice and requirements on legal, ethics, regulation, data privacy considerations ). Biobanking 2015 Anne BAHR 22 June 2015 16

Thank you for your attention Questions? Anne.Bahr@sanofi.com +33 1 60 49 61 78

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback