If your study subjects are human, protecting their privacy is crucial.
To this end, it is important to distinguish between:
In modern medical research, these two data environments are increasingly being integrated. However, the distinction is important because different laws and guidelines apply to the two types of data environment. These laws may even be conflicting. Your data environment needs to be compliant with the applicable rules and regulations. You should take special measures when you reuse data that were collected from other sources.
Having said that, healthcare and scientific research can mutually inform and reinforce each other.
Unfortunately, there currently is no consensus about the nomenclature to be used, i.e. people are using terms like 'clinical data', 'care data', 'medical data', 'medical research data', and 'clinical research data' interchangeably, unintentionally creating confusion.
This table shows which steps you need to take to (re)use data and to store data:
Source: Radboud University Medical Centre Nijmegen
Yes, you are allowed to do this. However, it is crucial that you protect the privacy of patients and the safety of the data. To this end, we recommended:
We advise you to obtain informed consent for storing clinical (and personal) data for the purpose of both healthcare and future scientific research, each with a separate specific informed consent. This will avoid legal problems under changing circumstances.
You are allowed to do so if you can answer all of the following questions with 'yes':
Access to clinical (care) data is only allowed for physicians and researchers that have a treatment relationship with the patient. You need to take all reasonable measures to protect the data from unauthorized access. Care data may be stored with permission of the treating physician and without explicit informed consent as long as the data is used only by the physician as a tool for (continuous) self-evaluation and improvement.
Other exceptions from the requirement to obtain explicit informed consent for data storage are mentioned in the 'Gedragscode Gezondheidsonderzoek'. This code can be applied as long as it is in line with the WGBO and WBP.
Yes, but only when the data is fit for clinical purposes. You should also include an additional step in which you verify the identity of the study subjects.
Be aware that research data usually undergoes less stringent quality control than clinical data. Extra checks are often required before research data can be used in the clinic. In addition, an extra verification of the identity of the study subjects is necessary.
In general, data collected in a healthcare environment are subject to an identity verification process involving the 'Burger Service Nummer' (BSN), which is a unique identification number for civilians. Data collected in scientific research projects are generally not allowed to contain the BSN in unencrypted format. Therefore, any automated mechanism to return research data to the care domain without additional verification of the subject's identity and an assessment whether the data is also fit for care purposes, is unacceptable.
A solution could be the explicit verification by a responsible physician to classify the information content of (a subset of) data in a research environment as 'accepted for care purposes' before being added (as a date-time stamped snapshot) to an electronic patient file.
If data has to be collected in the research environment for logistic or technical reasons, the data should only be allowed to return to the care domain under very stringent data quality conditions to be set forth explicitly in the research protocol and after explicit verification of the procedures and data by the responsible treating physician (or the Board of the Hospital).