THE EHR PRIVACY APPROACH AND LEGAL ISSUES AROUND THE RE-USE OF DATA

Similar documents
Legal perspectives in EU projects. Prof. Dr. Nikolaus Forgó Leibniz University Hannover

GOVERNANCE AND THE EHR4CR INSTITUTE

Overview of the EHR4CR project Electronic Health Record systems for Clinical Research

ELECTRONIC HEALTH RECORDS FOR CLINICAL RESEARCH

ehealth, HIS, etc ehealth All information about health HMIS mhealth HIS Statistical IS Credited: Karl Brown, Rockefeller Foundation

THE EHR4CR PLATFORM AND SERVICES

Accelerating Clinical Trials Through Shared Access to Patient Records

ehealth in support of safety, quality and continuity of care within and across borders

EHR4CR ENABLING PROACTIVE RESEARCH

Jean Yan Chief Scientist Nursing and Midwifery WHO/Geneva FINE, Paris October 4-5,2006

Survey Result on Readiness for ehr Sharing

Healthcare Coalition on Data Protection

EHR Standards Landscape

RECOMMENDATIONS COMMISSION

Policy Document Control Page

Practical Implementation of a Bridge between Legacy EHR System and a Clinical Research Environment

COMMISSION OF THE EUROPEAN COMMUNITIES COMMISSION RECOMMENDATION. of

Towards an EXPAND Assessment Model for ehealth Interoperability Assets. Dipak Kalra on behalf of the EXPAND Consortium

ECRIN (European Clinical Research Infrastructures Network)

National Integrated Services Framework The Foundation for Future e-health Connectivity. Peter Connolly HSE May 2013

User Needs and Requirements Analysis for Big Data Healthcare Applications

HIT Workflow & Redesign Specialist: Curriculum Overview

REQUEST FOR INTEGRATED SERVICES

Clinical Research from EHR data

A responsible approach to clinical trials. Bioethics in action

FINLAND ON A ROAD TOWARDS A MODERN LEGAL BIOBANKING INFRASTRUCTURE

The Use of Patient Records (EHR) for Research

Advancing Healthcare through Information Technology and Management Systems

Nationwide and Regional Health Information Networks and Federated Identity for Authentication and HIPAA Compliance

Executive Summary for deliverable D7.1: Establish specification for data acquisition and standards used including a concept for local interfaces

STATISTICA Solutions for Financial Risk Management Management and Validated Compliance Solutions for the Banking Industry (Basel II)

GSK Public policy positions

Strengthening innovation through ICT (ehealth) In support of country accountability frameworks. Cairo, Egypt 2-4 September 2012

Post-Implementation EMR Evaluation for the Beta Ambulatory Care Clinic Proposed Plan Jul 6/2012, Version 2.0

ENS4Care Questionnaire

EU Directive on Network and Information Security SWD(2013) 31 & SWD(2013) 32. A call for views and evidence

Standards and their role in Healthcare ICT Strategy. 10th Annual Public Sector IT Conference

Information Governance Framework and Strategy. November 2014

Principles for Responsible Clinical Trial Data Sharing

ehealth EHR Viewer & Integration Joint Service/Access Policy Executive Summary for Authorized Provider Organizations ("APOs")

Privacy and Data Protection

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Active AnAlytics: Driving informed Decisions leading to Better clinical AnD financial outcomes

Enabling Integrated Care

Response of the German Medical Association

Information Governance Policy

National Quality Assurance Programme in Histopathology Information Governance Policy Version 2

Greek ehealth Strategy under public consultation

New EU Data Protection legislation comes into force today. What does this mean for your business?

Prof. Udo Helmbrecht

Agenda. The Digital Agenda for Europe Instruments to implement the vision EC actions to promote ehealth interoperability

TRANSFoRm: Vision of a learning healthcare system

How To Improve The Pharmaceutical Industry In Japanese

ICANWK616A Manage security, privacy and compliance of cloud service deployment

THE E-HEALTH JOURNEY. Ministry of Health Jamaica. Optimizing the use of ICT Applications in Health and Patient Care

I n t e r S y S t e m S W h I t e P a P e r F O R H E A L T H C A R E IT E X E C U T I V E S. In accountable care

Delivering Compliance in the Cloud TM

Comparative Domestic and International EHR Adoption

Bridging ehealth / Telemedicine and Medical (Health) Informatics

European Commission initiatives on e- and mhealth

JA to support the ehealth Network

Hitachi s Plans for Healthcare IT Services

Regulatory Standards of Governance and Financial Management

Pan-Canadian Nursing Electronic Health Record (EHR)Business and Functional Elements to Support Clinical Practice

A Guide to Horizon 2020 Funding for the Creative Industries

Information Sharing Agreements for Disclosure of EHR Data within Canada

Healthcare Data Management

Corporate Information Security Policy

Electronic Document Management as the Basis for E-government Services

EFPIA position on Clinical Trials Regulation trialogue

INFORMATION GOVERNANCE POLICY

ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012

Transcription:

THE EHR PRIVACY APPROACH AND LEGAL ISSUES AROUND THE RE-USE OF DATA Dr. Petra Wilson, IDF Prof. Nikolaus Forgo, CDP Peter Singleton, UCL Electronic Health Records for Clinical Research 144

Addressing key questions around privacy Petra Wilson Chief Executive at International Diabetes Federation and Member of the EHR4CR Ethics Board Nikolaus Forgo President at Centre for Data Protection and Director of the Institute for Legal Informatics at the University of Hannover Peter Singleton Senior Research Fellow, Centre for Health Informatics and Multi-professional Education (CHIME) at UCL Electronic Health Records for Clinical Research 145

PRIVACY PROTECTION FROM AN INTERNATIONAL PERSPECTIVE Dr. Petra Wilson International Diabetes Federation Electronic Health Records for Clinical Research 146

Legal Constructions of Privacy Global ehealth Observatory Report Electronic Health Records for Clinical Research 147

Global ehealth Resolution The World Health Organization's ehealth resolution WHA 58.28 (2005) seeks to: strengthen health systems through the use of ehealth; build public-private partnerships in ICT development and deployment for health support capacity building for the application of ehealth; support development and adoption of standards; monitoring, documenting and analysing trends and developments in ehealth and publishing the results to promote better understanding. Second survey in six reports published during 2010 and 2012 Legal frameworks for ehealth - 1 February 2012 Electronic Health Records for Clinical Research 148

Global ehealth Survey 2009 response rate WHO Region Africa Americas S-East Asia Europe Eastern Mediterr. Western Pacific Total countries 46 35 11 53 21 27 responding countries 30 12 8 36 14 13 Response rate 65% 34% 73% 68% 67% 48% Electronic Health Records for Clinical Research 149

Global ehealth Survey 2009 the legal questions Does your country have legislation to ensure privacy of personally identifiable data of individuals irrespective of whether it is in analog or digital format? Does your country have specific legislation to protect privacy of individuals' health-related data held in digitized format in an EMR or EHR? Does your country have legislation which provides for the sharing of health-related data between health care staff through an EHR? Does your country have legislation which grants the right of access by individuals of their healthrelated data when held in an EHR? Does your country have legislation which allows for the transmission and sharing of research data containing personal and health-related data between research entities in different countries? Electronic Health Records for Clinical Research 150

Does your country have legislation to ensure privacy of personally identifiable data of individuals irrespective of whether it is in analog or digital format? Electronic Health Records for Clinical Research 151

Does your country have specific legislation to protect privacy of individuals' health-related data held in digitized format in an EMR or EHR? Electronic Health Records for Clinical Research 152

Use of Electronic Format for Health Records Electronic Health Records for Clinical Research 153

Does your country have legislation which provides for the sharing of health-related data between health care staff through an EHR within the same health care entity? Electronic Health Records for Clinical Research 154

Does your country have legislation which provides for the sharing of health-related data with health care entities in other countries? Electronic Health Records for Clinical Research 155

Does your country have legislation which grants the right of access by individuals of their health-related data when held in an EHR? Electronic Health Records for Clinical Research 156

Does your country have legislation which allows for the transmission and sharing of research data containing personal and health-related data between research entities in different countries? Electronic Health Records for Clinical Research 157

General Conclusions - Basics in place Generally good levels of basic rights to information privacy exist globally. Specific health information privacy protection is not as widely present and is often contained in professional codes of conduct rather than law. Legislation specifically aimed at protecting privacy in EHRs is limited to countries where considerable deployment of EHRs already exists. Laws and regulation on the use of EHRs tend to be reactive - few States use legislation as a tool to facilitate and drive uptake of EHRs Legislation tends to be restrictive rather than facilitative Electronic Health Records for Clinical Research 158

General Conclusions - Building Trust Adaptations should be made to existing legal frameworks to ensure that data can be shared appropriately to provide patient care and support wider public health initiatives. This requires: Building patient trust should by giving patients more information about how their data are handled and providing education on the technical and regulatory requirement sof privacy and security which are used to ensure that data are shared appropriately. Driving healthcare professional engagement in using EHR data for better healthcare delivery. Educating all stakeholders on potential for EHR use for direct care and care planning Electronic Health Records for Clinical Research 159

General Conclusions next steps Legislation should be adopted to ensure that patient data can be shared safely for direct patient care. Legislation should be adopted to facilitate appropriate use of EHRs for research. Patients should be empowered to make their data available for secondary research through easily understandable and applicable privacy legislation. New legislative approaches should be be adopted to support a suitable balance between accessibility of data and the levels of privacy patients wish to maintain. Electronic Health Records for Clinical Research 160

The big shift? Changing the legal constructions of electronic health data from ownership to control from a reference resource to a key healthcare asset from an individual good to a national resource Electronic Health Records for Clinical Research 161

Full report available at http://whqlibdoc.who.int/publications/ 2012/9789241503143_eng.pdf Petra.wilson@idf.org Electronic Health Records for Clinical Research 162

LEGAL ISSUES IN CONNECTION WITH THE RE-USE OF EHR DATA Prof. Nikolaus Forgo Centre for Data Protection Leibniz Universität Hannover Electronic Health Records for Clinical Research 163

Lessons learnt on data re-use in Europe Electronic Health Records for Clinical Research 164

My Background Electronic Health Records for Clinical Research 165

Golden Rule Processing of personal data is only allowed if: it is permitted by law or the data subject has consented to it Electronic Health Records for Clinical Research 166

Hitting the balance Privacy All kinds of troubles Medical Research Electronic Health Records for Clinical Research 167

Outcomes Electronic Health Records for Clinical Research 168

2 Main approaches Aggregation/ K-Anonymity/Noise De-facto Anonymity Electronic Health Records for Clinical Research 169

Advantages: Aggregation Advantages: De-facto-Anonymity No central entity No legal paperwork Responsibility remains with the data providers Central Entity Legal roles clearly defined Responsibility is (in parts) shifted to a central entity Reidentification possible Electronic Health Records for Clinical Research 170

Disadvantages: Aggregation Disadvantages: De-facto-Anonymity Anonymity questionable Anonymity at risk Legal status untested Responsibility unclear Legal rules unexistent Reidentification impossible Sustainability of central entity unclear Signing process costly and time consuming Concept complex and (local) ethics committees and DPAs need to understand it Scalability Participation needs signing Electronic Health Records for Clinical Research 171

Since January 2012 Electronic Health Records for Clinical Research 172

Fines A fine, up to 100 000 000 EUR, or up to 5% of the annual worldwide turnover in case of an enterprise, whichever is greater. Electronic Health Records for Clinical Research 173

Thank you! This project has received funding from the European Union s Seventh Framework Programme for research, technological development and demonstration under grant agreement no 270089. Electronic Health Records for Clinical Research 174

Contact Details Nikolaus Forgó Institute for Legal Informatics Leibniz Universität Hannover Juristische Fakultät Königsworther Platz 1 D-30167 Hannover Tel: + 49 511 762 8159 Fax: + 49 511 762 8290 E-Mail: nikolaus.forgo@iri.uni-hannover.de Web: http://www.iri.uni-hannover.de Twitter: @nikolausf Electronic Health Records for Clinical Research 175

THE EHR4CR PRIVACY APPROACH Peter Singleton University College London Electronic Health Records for Clinical Research 176

EHR4CR Overview data flow RESEARCH CENTRE e.g. pharmaceutical company EHR4CR PLATFORM FEASIBILITY HOSPITAL/DATA PROVIDER QUERIES AND RESULTS ACROSS MULTIPLE SITES STUDY CRITERIA QUERY WORKBENCH RECRUITM RECRUITM QUERY ENT ENT PROGRES PROGRES S RECRUITM RECRUITM #COUNT ENT ENT PROGRES PROGRES S RECRUITMENT PROGRESS EHR4CR SERVICES RECRUITM RECRUITM QUERY ENT ENT PROGRES PROGRES S RECRUITM RECRUITM #COUNT ENT ENT PROGRES PROGRES S RECRUITMENT RECRUITMENT RECRUITMENT PROGRESS PROGRESS PROGRESS CLINICAL DATA WAREHOUSE QUERY EXTRACT TRANSFORM LOAD CANDIDATE LIST EHR ELECTRONIC CASE REPORT FORM RECRUITMENT WORKBENCH RECRUITMENT Electronic Health Records for Clinical Research 177

The EHR4CR privacy and legal framework was built upon experience and broad consultation Previous EU projects informed the policy development: ACGT Supporting clinical trials in cancer DebugIT sharing infection and response data VPH-Share open framework for bioscience EHR4CR Consultations Convergence Initiative working with other EU projects: p-medicine, PONTE, CONTRACT, EPSOS Electronic Health Records for Clinical Research 178

Privacy protection delivered on multiple levels Personal data only processed by original data controller (treating physician) EHR4CR only handles aggregate data with additional protections Clinical Data Warehouse holds only pseudonymous data Role-based access controls to limit access to aggregate data Extensive audit trails with reporting Integration of Operating Procedures with system functionality Electronic Health Records for Clinical Research 179

Governance tools are vital to safeguard data Ensures consistent application of principles and legal requirements and to aid adoption of best practice Standard Operating Rules Standard Operating Procedure outline templates Contract and Agreement templates or Heads of Agreement Standard training materials Electronic Health Records for Clinical Research 180

Standard Operating Rules General Context-dependent Specific for each scenario Access Controls Audit & Monitoring Non-Compliance Risk Management Incident Management and Reporting Electronic Health Records for Clinical Research 181

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information