General considerations when sharingyour data

There is no general answer to this question, for reasons explained below. The NFU encourages responsible data sharing. External access most often means the transfer of certain data sets under certain conditions (restricted access). Always contact your Technology Transfer Office (TTO) at the start of your study and before sharing data. They can help you create written agreements on when to share what data with whom under what circumstances.

Research data derived from data collected in a care environment

Morality is changing with respect to disclosing medical information. Disclosure of private medical information to hospital administration, to insurance companies, and to public health agencies is now often regarded a part of medical practice, while disclosure to prevent (further) harm is sometimes even regarded as a medical duty (e.g., in case of child and female abuse).

In the era of big data, attitudes towards open access to research data are also changing. Traditionally academic institutions as well as companies considered their data sets as their property and assumed a right to protect them. Now, the relevance of using all known data within some kind of research perspective might overrule the present existence of fragmented data sets within institutions and companies. However, public access to data sets will evoke all kinds of new problems concerning privacy and the use of data in social contexts that may harm those behind the data.

Biomedical research data

At present, it is still accepted morality that data sets made up in biomedical research are subject to rules of privacy and should not be handed over to third parties outside the domain of biomedical research. Nevertheless, the moral reasoning that warrants limiting access is not overwhelmingly strong if some crucial steps are taken to impede that the persons behind the data are identified.

Access rules have been developed to prevent misuse or even abuse by people outside the domain of biomedical research. Moral change in this respect can be expected in the years to come.

The NFU encourages responsible data sharing. Research builds on other research. If you will obtain the data as part of a research collaboration, the intellectual property rights and openness of the resulting data (e.g., who has first rights to make the results into a product) should be discussed between the partners before you start collecting data.

Relevant factors are:

• the consent modality (i.e., is there informed consent and what does it state?;
• the approval of the research by the designated competent body;
• the conditions of the funders of research data;
• the conditions under which data were released by the original creator of (a large part of the) data (after all, it is a cycle);
• the conditions of the journal to which the data is submitted (more and more journals demand open access to the underlying data).

Often the stewards of existing data will require that the results of the new research will be added to the database from which data were released for this new research, even if additional data were collected for this new research.

Research data includes any non-sensitive data, metadata, and aggregated data about the study.

The question is not whether the data should be anonymous, since any research data should already be anonymised or pseudonymised (see chapter 'Being aware of the data environment:care, research, or both?)'.

As a data steward, you should assess whether your (anonymous) research data may become identifiable when shared. This is because data which were previously anonymous can become identifiable when data sets are combined. In addition, data which were previously hardly identifiable may become more easily identifiable. Whether data is identifiable depends not only on the type of data and the way it is managed, but also on the circumstances in which it circulates.

The solutions to this issue are:

• aggregate the data to such a level that they are never identifiable, irrespective of how you combine this data with other data.
• Giving access only within the data infrastructure of the original researcher (UMC, or data processor on behalf of the researchers or UMCs). The new researcher may add data to this infrastructure, but data are only exported when they are in line with strong, previously determined conditions. This is the system used by CBS (Statistics Netherlands).
• Create a balanced system of Data Transfer Agreements corresponds to the type of data that are released. In this case, you legally obligate the receiver to take responsibility to not re-identify the data.

Anonymity is an important condition of biomedical research, making it impossible to identify the person behind the data. Complete anonymity seems almost impossible in the age of digital information technology. By combining data from different sets, it is, according to some commentators, only a matter of time until every individual can be identified in a so-called anonymous set. In addition, personal data sometimes needs to be part of a data set in order to allocate later events to the same person. In that case, you need to take extra measures to secure the privacy of the study subjects.

Sharing policies cannot lead to 'open medical data', unless the data is truly anonymous. The guiding principle is responsible data sharing and protecting the privacy of study subjects.

Society may force the disclosure of confidential medical information for the sake of issues that are deemed to be more important than respect for the privacy of persons. This may be to prevent harm either to the person himself or to other people, for instance in case of serious contagious disease or in case of child and female abuse.

Confidentiality can be waived in such situations, but a waiver needs to be accounted for by ethical reasoning. Not only to the patient or person from whom the data were collected, but also as a professional and public act of integrity.

In such cases public responsible action should be given prior to that use, in order to show that the reasoning behind that use goes beyond the interests of biomedical research. Only in this way it can stay clear that the responsibility and integrity of those involved in research projects, individual researchers as well as the institutions they work in, are not at stake or violated. The responsibility and integrity of researchers have first and for all to do with their work and the obligations they have assumed to those who gave informed consent.

Whether or not it should be possible to use research data or care data in order to ' solve problems in forensic medicine' is still under debate.

Can I share my data with an external commercial party?

You can only share your data with an external commercial party if the informed consent has informed the patient about the potential use of the data by a commercial party. You should not hand over exclusive rights to reuse or publish your research data to commercial publishers or agents without retaining the rights to make the data openly available for reuse. See chapter Thinking about intellectual property rights (IPR)' for intellectual property rights.

A Dutch medical professional organisation (VSOP) and a patient organisation (VKGN) have released a statement about accountability for genetic data.

Text in preparation

Text in preparation