BLOG – Keeping data closed enough for citizen security, but open enough for research

A 21st century healthcare system is increasingly data-driven, and dependent on data to ensure positive outcomes, for individuals through to populations. For centuries physicians and scientists have been using observations of real-world treatment and outcomes to guide decision-making, and medicine, at least in the Western world, has been both an art and a science.

In 1946 the first ‘modern’ clinical trial was conducted of streptomycin in pulmonary tuberculosis, paving the way for how we continue to appraise the efficacy and safety of medicines, devices, and therapeutic interventions. Today, clinical trials are tightly controlled, evaluating treatments in selected populations, and with rigorous protections to preserve the identity of participants.

The real-world data that is used in generating real-world evidence is often derived from electronic health records, claims databases, national and regional datasets and cohorts or registries. Individual record data is of little use on its own (other than perhaps in rarer diseases), but when it is used at scale with large populations of patient records, we can start to see trends, signals, and signs. These data allow us to understand the natural history of disease, treatment and its outcomes, potential therapeutic targets, or for instance the safety of a drug or device. They are vital if we are to continue improving outcomes for individuals and populations.

The data points we do not need though, are related to identity. An increasing number of protections has been enacted in legislation to protect patient data, for example, in Europe or the state of California. The permission to use data is often understood as being based on consent. However, in clinical care beyond specific use cases requiring informed consent, information is often shared with a form of implicit permissions. When a patient provides a blood sample, for instance, relevant information is shared with, for example, pathology departments to expedite interpretation of the test result, but not with any form of overt consent. Rather, the clinic maintains an institutional responsibility for confidentiality and preserving the patient’s privacy.

This example is immediate to the patient themselves, but what if a researcher from an academic organisation, or a commercial company, wants to be able to use the record of that blood sample, alongside many others, in a research study? These third parties are more distant from the sample being taken, and the patient. If the patient is to be identified in a study, then all appropriate consent and protections need to be in place, but if sufficient safeguards are in place to disregard the patient’s identity, the record of that blood sample and its result could be used within appropriate levels of protection for research.

The balance to be met is to keep data closed enough for citizen protection, but open enough for research. This means achieving an ethical balance, avoiding any harm to the patient, while doing societal good in research. The use of federated data networks, such as EHDEN, implicitly protect patient data by keeping data local, behind local firewalls and approval processes, inclusive of local consent requirements, whilst aggregating population-level information, not patient-level data from analysis. This is privacy by design.

It is imperative for research, and for federated data networks like EHDEN, that it is trustworthy and reliable in terms of governance and measures utilised for citizen protection. The project is working on a governance framework and code of conduct that is aligned both to the technical architecture, and GDPR and following legislation. Each stakeholder in the EHDEN network, from Data Partners through to researchers, needs to understand their responsibilities and actions taken to preserve patient privacy.

One approach that may assist here is to imagine this as a landscape, centred on the patient. Those immediate to them (family, or a community medical practitioner) are probably privy to identifiable and sensitive information. A researcher further out will only be able to see less granular and identifiable information.

For a federated data network to work, it needs to be able to facilitate research while preserving the position and role of the different actors involved within this landscape. As this develops, there will be further updates and the project is working with academic, industry and other colleagues on a framework to ensure the preservation of citizen privacy, while facilitating bona fide research on large scale populations. This is critical to ensuring we leverage the transformational potential of real-world data, in order to improve care and direct resources to the optimal patient outcomes.

EHDEN Ethical Advisory Board & Colleagues