privacy by design and big or not so big clinical research
play

Privacy by design and (big or not-so-big) clinical research data - PowerPoint PPT Presentation

Jun 11, 2023 •165 likes •436 views

Privacy by design and (big or not-so-big) clinical research data (management) Safeguarding privacy while maximizing scientific benefits: a biostatisticians approach to good data management Ronald Brand Dep of Medical Statistics, section

  1. Privacy by design and (big or not-so-big) clinical research data (management) Safeguarding privacy while maximizing scientific benefits: a biostatistician’s approach to good data management Ronald Brand Dep of Medical Statistics, section Advanced Data Management Leiden University Medical Center Research Care R.BRAND@LUMC.NL Traceability Privacy the god of beginnings, gates, transitions, time, doorways, passages, and endings

  2. INTRODUCTION What is (big) data management? 2

  3. The department of Medical Statistics & BioInformatics of the Leiden University Medical Center • Section Medical Statistics • Statistical consultation for LUMC + others • Clinical trials • Design • Analysis • Data Safety and Monitoring Board • Medical Ethical Committee • Teaching • Research • Section Advanced Data Management • Provide secure, advanced, cost-effective, web based data management infrastructures for clinical research • Make sure design facilitates the intended analyses as well as the intended users, maximizing privacy protection 3 Privacy & (big or not-so-big) data - 2016

  4. NATURE AND PURPOSE OF DATA COLLECTION IN CLINICAL RESEARCH 4

  5. Data collection types & follow-up Observational (cohort) data • Just “observe”; do not interfere with • treatment or impose different behavior Experimental designs • Modify treatment/behavior according to protocol • Quality registers • Use care data for improvement of care/clinical research • The notion of follow-up in outcome measurement The very notion of “development of health and illness” requires the researcher to follow the patient through time and space. This will inherently invade his or her privacy so protect the process by all means. 5

  6. Design of studies and type of privacy issues clinical trials • cohort studies • transition of data from Care to Research • quality registers • rare diseases • mixtures: registries to support both quality improvement and science • ultra-sensitive registries • Protection by … Account (role) management • encryption • transparency => trust • Principle of necessity, • proportionality and subsidiarity 6

  7. Quality Registers: compare devices >430.000 patients, 290000 hips, 290000 knees LROI: National Registry of all Hip & Knee & ADM Wrist & Shoulder & Ankle implants (Processor/Bewerker) ZorgTTP ADM (encryption) (Processor/Bewerker) Trusted Third Party Physicians Registry (Controller/Verantwoordelijke) Organisation Privacy aspects: care data; comparison of devices on outcome; sensitive data for patients, hospitals, industries Solution: encrypted identities for patients; contracts between all hospitals and data base host (LUMC) as well as between LUMC and Foundation as well as participation of physicians in Foundation; privacy committee; scientific committee; informed opt-out 7

  8. Trauma Registry National and regional registries of all accidents in the Netherlands >750.000 incidents, fully classified according to AIS score Privacy aspects: required by law; data from patient care; Goal: science&quality Solution: fully encrypted; covered by contracts 8

  9. Rare diseases, mixture registries, ultra-sensitive rare diseases May easily lead to identifiability, hence anonymity is a myth • mixtures: registries to support both quality improvement and science Not trivial: the use of the same data for different purposes • Quality improvement by analyzing your own data: that is even mandatory! • Quality improvement by comparing your data to others: either informed • consent or informed opt-out or anonymization needed Scientific Research: anonymization feasible (and thus mandatory) • 9

  10. Some aspects of data collections Quality of data • Missing data • collect inspect Follow-up • Selection bias • Informed consent • Informed opt-out • Case law / jurisprudence? detect update errors (re)measure subject 10 Privacy & (big or not-so-big) data - 2016

  11. TENSION Need to increase scientific knowledge versus need to maintain privacy for patient, physician and institute contributing to that knowledge 11

  12. Our legal system: what do I have to pay attention to? • WBP Wet Bescherming Persoonsgegevens (Personal Data Protection Act) • BIG Wet op de Beroepen in de Individuele Gezondheidszorg (Individual Healthcare Professions Act) • WGBO Wet op de Geneeskundige Behandelingsovereenkomst (Medical Treatment Contracts Act) • WPR Wet Persoonsregistraties (Personal Data Files Act) • CBP College Bescherming Persoonsgegevens; now: Autoriteit Persoonsgegevens (Data Protection Authority) Essential starting points: • Medical files should be accessible only by those who provide care • Research data bases should not contain direct person identifiers unless explicitly allowed by the law and made inaccessible to those without a “need to know” • Never store in a data base or file what you do not really need to fulfill the goal of your research project 12

  13. Legal framework of Quality of Care comparisons Interesting situation from a data protection (legal) point of view Data are provided from the Care Domain with the purpose of • Quality enhancement If goal is comparison of one’s own data to the (adjusted) • average, it is called “care” and the legal system surrounding data protection in health care applies If goal is to enhance quality of care nationwide, through • comparison of multiple centers, the storage of data is still from a “Care perspective” but the use of data is governed by the usual “Data Protection Act” but still in the framework of Care If goal is to enhance effectiveness of care and • improvement through scientific interpretation, the whole framework of “Clinical Research” applies Storage may be subject to one legal safety net, the use and • access might be governed by another legal system 13 Privacy & (big or not-so-big) data - 2016

  14. Legal framework of Quality of Care comparisons National Register Hosp#4 Hosp#3 Hosp#2 Hosp#1 14 Privacy & (big or not-so-big) data - 2016

  15. HOW DO WE FIND A BALANCE ….. … between the need for scientific advance in research and care and the fundamental right of each individual to decide in an informed way on the way to live and the amount of privacy 15

  16. Safeguarding privacy The notion of “consent” (informed consent) • Security • Intruder detection • Encryption of identifiers • Access limitation through roles • Do whatever you No need to know the true identity of a subject or center! • can (technically, Such a need arises only during data management. financially) even Certification (NEN7510, ISO27001) • if not strictly required by law Transparency • Data leak procedures • Privacy Impact Assessments • The famous trio “necessary”, “proportional”, “subsidiary” • Privacy by Design! • Explanatory memorandum & conscience as guidelines • 16

  17. HOW TO (MORALLY/LEGALLY) ACCOUNT FOR THE POSSESSION OF PERSONAL DATA 17

  18. Certification and encryption • Certification (NEN7510/ISO27001) • Health Information Protection • Encryption • TRES , Trusted Real time Encryption Service • Via Trusted Third Party 18

  19. Trusted Reversible Encryption Service – TRES Transparent real time encryption and decryption • Based on comprehensive permission system and key management • No storage of actual data! • Supports • interactive integration into any data management system • automated web service/ batch encryption and decryption • Invented at the LUMC/ADM and developed in close cooperation with • ZorgTTP, a (not-for-profit) Trusted Third Party Hosted exclusively by ZorgTPP • 19 TRES 3

  20. TRES integration in (ProMISe) data management: encryption 20 TRES 3

  21. TRES integratation in (ProMISe) data management: decryption 21 TRES 3

  22. Security 23

  23. TRES: generic properties and embedding Integrated communication with a Trusted Third Party • Only the “owner” of a data element can see its original value • Rights may be extended to others in the same “unit” • Searchable encrypted values allow addition of follow-up data from different locations • (in time and space) without decryption Fully compatible with current legislation on privacy • On-behalf encryption possible to allow encryption within clusters of hospitals • Pseudonymized data can be transferred to other domains/organizations • Completely generic and can just as easily be used in other database systems • Apart from the “owner”, nobody (including IT personnel) can infer the original values • Trust by design! • 24

  24. Possible applications beyond medical research Care monitoring at home • Educational institutions • Energy sector clients • Supermarket clients • Banking clients • 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer Interactions Andrew S. Patrick Steve Kenny Independent Consultant National Research Council of Canada stephen_mh_kenny@yahoo.com

407 views • 22 slides
Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government

Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government

Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government Act of 2002 and OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 Resolution on Privacy by Design, Data Protection

556 views • 41 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor October 29, 2013 y & c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 11, 2014 y & c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Paradigms of Privacy Research & Privacy Engineering Seda Grses f.s.gurses@tudelft.nl TU

Paradigms of Privacy Research & Privacy Engineering Seda Grses f.s.gurses@tudelft.nl TU

Paradigms of Privacy Research & Privacy Engineering Seda Grses f.s.gurses@tudelft.nl TU Delft/ KU Leuven 18. June 2019 GDPR requires data protection by design and by default (Article 25) A complex law with many requirements. More

950 views • 58 slides
Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in

Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in

Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in Information Systems 1 NIST research has a broad impact shutterstock.com shutterstocom G. Hooijer/ D. Stork/ Facilitates trade and fair Improves

405 views • 18 slides
Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy

Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy

Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy Ann Cavoukian, Ph.D. Distinguished Expert-in-Residence Privacy by Design Centre of Excellence Ryerson University Ryerson CSR Institute / PPOCIR

3.12k views • 64 slides
Privacy Overview WMU Cooley Journal Of Practical and Clinical Law Legal Conference January 30,

Privacy Overview WMU Cooley Journal Of Practical and Clinical Law Legal Conference January 30,

Privacy Overview WMU Cooley Journal Of Practical and Clinical Law Legal Conference January 30, 2015 Robert L. Rothman Principal, Privacy Associates International LLC Purpose What is Privacy? Historical Development What is privacy? 3

712 views • 25 slides
Privacy by Design Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich Privacy by

Privacy by Design Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich Privacy by

Privacy by Design Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich Privacy by Design ETH Zurich, Switzerland www.inf.ethz.ch/~langhein Ubicomp 2001, Atlanta Contents Ubicomp 2001, Atlanta ! Privacy primer Does privacy

680 views • 22 slides
Privacy engineering, privacy by design, and privacy governance Engineering & Public Policy

Privacy engineering, privacy by design, and privacy governance Engineering & Public Policy

CyLab Privacy engineering, privacy by design, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 17, 2015 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 /

539 views • 22 slides
Clinical Research Office: Services From To of a Clinical Research Study C LINICAL AND T

Clinical Research Office: Services From To of a Clinical Research Study C LINICAL AND T

Clinical Research Office: Services From To of a Clinical Research Study C LINICAL AND T RANSLATIONAL S CIENCE A WARD (CTSA) NIH Definition of Clinical Research Pat ient -orient ed research. Research conduct ed wit h human subj ect s (or

373 views • 12 slides
Current Privacy Law Topics WMU Cooley Journal Of Practical and Clinical Law Legal Conference

Current Privacy Law Topics WMU Cooley Journal Of Practical and Clinical Law Legal Conference

Current Privacy Law Topics WMU Cooley Journal Of Practical and Clinical Law Legal Conference January 30, 2015 Keith A. Cheresko Principal, Privacy Associates International LLC Purpose Privacy is a complex, multifaceted topic. The purpose

281 views • 27 slides
Privacy by Design A technical perspective Carmela Troncoso Gradiant The usual privacy

Privacy by Design A technical perspective Carmela Troncoso Gradiant The usual privacy

PR eparing I ndustry to P rivacy-by-design by supporting its A pplication in RE search Privacy by Design A technical perspective Carmela Troncoso Gradiant The usual privacy scenario Protect personal data from third parties Data

359 views • 9 slides
User Experience Research & Design for NDN mHealth & Identity Manager App Dustin OHara

User Experience Research & Design for NDN mHealth & Identity Manager App Dustin OHara

User Experience Research & Design for NDN mHealth & Identity Manager App Dustin OHara Feb 2015 UCLA People want privacy, but they dont want to practice privacy - Jean-Franois Blanchette according to Google Out of the

465 views • 32 slides
Clinical Research Capabilities Bioavailability & Bioequivalence Studies Clinical Research

Clinical Research Capabilities Bioavailability & Bioequivalence Studies Clinical Research

Clinical Research Capabilities Bioavailability & Bioequivalence Studies Clinical Research Division CLINICAL RESEARCH SERVICES 03 VIMTA STRENGTHS Experience 32 years of track record in supporting Pharma & Life Sciences

158 views • 15 slides
Lessons from the US Court of Appeals for the Federal Circuits Recent Jurisprudence on Inter

Lessons from the US Court of Appeals for the Federal Circuits Recent Jurisprudence on Inter

Lessons from the US Court of Appeals for the Federal Circuits Recent Jurisprudence on Inter Partes and Post-Grant Review 20 January 2016 Sharon A. Israel Partner sisrael@mayerbrown.com Vera A. Nackovic Partner vnackovic@mayerbrown.com

651 views • 50 slides
Written Testimony House Judiciary & Civil Jurisprudence Committee March 18, 2019 Office of

Written Testimony House Judiciary & Civil Jurisprudence Committee March 18, 2019 Office of

HB 2384 Judicial Compensation Written Testimony House Judiciary & Civil Jurisprudence Committee March 18, 2019 Office of Court Administration, Texas Judicial Council David Slayton OFFICE of COURT ADMINISTRATION Administrative Director

420 views • 13 slides
BUSINESS PROCEDURES Urbandale Community School District GUIDING PRINCIPLES General Fund and

BUSINESS PROCEDURES Urbandale Community School District GUIDING PRINCIPLES General Fund and

BUSINESS PROCEDURES Urbandale Community School District GUIDING PRINCIPLES General Fund and Student Activity funds are public funds governed by state law and Board policy. Auditors for public funds require a strict accounting

436 views • 17 slides
Alembic Pharmaceuticals Limited Investor presentation June 2020 BSE & NSE: APLLTD

Alembic Pharmaceuticals Limited Investor presentation June 2020 BSE & NSE: APLLTD

Alembic Pharmaceuticals Limited Investor presentation June 2020 BSE & NSE: APLLTD Milestones 1907 Established by Amin family 2006 FDA approves API facility 2007 Acquired Daburs Indian Cardiology, GI and Gynaecology brands 2008

307 views • 13 slides
Prescription Drug Monitoring Center for Health Policy & Law April 12, 2019 Leo Beletsky, JD,

Prescription Drug Monitoring Center for Health Policy & Law April 12, 2019 Leo Beletsky, JD,

The Promises and Perils of Prescription Drug Monitoring Center for Health Policy & Law April 12, 2019 Leo Beletsky, JD, MPH Northeastern University School of Law and Bouv College of Health Sciences UC San Diego School of Medicine

456 views • 41 slides
Uniform Cost Project Legislative Budget Board Criminal Justice Data Analysis Team November 2011

Uniform Cost Project Legislative Budget Board Criminal Justice Data Analysis Team November 2011

Uniform Cost Project Legislative Budget Board Criminal Justice Data Analysis Team November 2011 What is the Uniform Cost Project? Data collection effort in which state adult criminal and juvenile justice agencies report expenditure and

657 views • 32 slides
JUSTICE V. VERCHER Case Update Sarah Hanneken Pro Bono Counsel Animal Legal Defense Fund WHO

JUSTICE V. VERCHER Case Update Sarah Hanneken Pro Bono Counsel Animal Legal Defense Fund WHO

JUSTICE V. VERCHER Case Update Sarah Hanneken Pro Bono Counsel Animal Legal Defense Fund WHO IS JUSTICE? Justice (then- named Shadow), on Defendants property in March 2017. Justice (then- named Shadow), on Defendants property

343 views • 21 slides
THE HIGH MARGIN PRECIOUS METALS COMPANY February 2019 CAUTIONARY STATEMENTS CAUTIONARY NOTE

THE HIGH MARGIN PRECIOUS METALS COMPANY February 2019 CAUTIONARY STATEMENTS CAUTIONARY NOTE

THE HIGH MARGIN PRECIOUS METALS COMPANY February 2019 CAUTIONARY STATEMENTS CAUTIONARY NOTE REGARDING FORWARD-LOOKING STATEMENTS The information contained in this Presentation contains forward -looking statements within the meaning of the

783 views • 63 slides

More recommend