Being aware of the data environment:care, research, or both?

If your study subjects are human, protecting their privacy is crucial.

To this end, it is important to distinguish between:

  • the care environment: data that is being used for healthcare purposes ( i.e., diagnosis and treatment of patients or self-evaluation of the healthcare provider);
  • the research environment: data that is being used for scientific research purposes (i.e., to answer scientific research questions).

In modern medical research, these two data environments are increasingly being integrated. However, the distinction is important because different laws and guidelines apply to the two types of data environment. These laws may even be conflicting. Your data environment needs to be compliant with the applicable rules and regulations. You should take special measures when you reuse data that were collected from other sources.

Having said that, healthcare and scientific research can mutually inform and reinforce each other.

Examples are:

  • Data collected in a care environment may be used to answer research questions.
  • Data collected in a scientific research environment may travel back to the care environment as 'unexpected incidental findings' crucial to be communicated to the study subject.
  • Data collected in a scientific research environment may be used in the clinic to avoid double data collection (e.g., collection of quality of life data in intervention trials).

Frequently Asked Questions

Unfortunately, there currently is no consensus about the nomenclature to be used, i.e. people are using terms like 'clinical data', 'care data', 'medical data', 'medical research data', and 'clinical research data' interchangeably, unintentionally creating confusion.

This table shows which steps you need to take to (re)use data and to store data:

 

 

Source: Radboud University Medical Centre Nijmegen

Yes, you are allowed to do this. However, it is crucial that you protect the privacy of patients and the safety of the data. To this end, we recommended:

  • using appropriately certified software;
  • copying only the required information to your research environment (i.e., you should use principles of data minimization);
  • at least pseudonymising the data (but preferably anonymising, see chapter 'Encrypting identifying information').

We advise you to obtain informed consent for storing clinical (and personal) data for the purpose of both healthcare and future scientific research, each with a separate specific informed consent. This will avoid legal problems under changing circumstances.

You are allowed to do so if you can answer all of the following questions with 'yes':

  • Are you a caregiver?
  • Did you collect the data in the context of prevention or medical care?
  • Do you want to use clinical data for your own scientific research?
  • Did you inform the study subjects of your intention to use the data for research and did you make sure that they do not object to this use?

Access to clinical (care) data is only allowed for physicians and researchers that have a treatment relationship with the patient. You need to take all reasonable measures to protect the data from unauthorized access. Care data may be stored with permission of the treating physician and without explicit informed consent as long as the data is used only by the physician as a tool for (continuous) self-evaluation and improvement.

Other exceptions from the requirement to obtain explicit informed consent for data storage are mentioned in the 'Gedragscode Gezondheidsonderzoek'. This code can be applied as long as it is in line with the WGBO and WBP.

You need to de-identify study subjects (i.e., anonymised or pseudonymised data) when you use clinical data for scientific research purposes. In addition, having access policies for your data is an integral part of data stewardship. You are responsible for describing your study's data access policy.

Yes, but only when the data is fit for clinical purposes. You should also include an additional step in which you verify the identity of the study subjects.

Be aware that research data usually undergoes less stringent quality control than clinical data. Extra checks are often required before research data can be used in the clinic. In addition, an extra verification of the identity of the study subjects is necessary.

In general, data collected in a healthcare environment are subject to an identity verification process involving the 'Burger Service Nummer' (BSN), which is a unique identification number for civilians. Data collected in scientific research projects are generally not allowed to contain the BSN in unencrypted format. Therefore, any automated mechanism to return research data to the care domain without additional verification of the subject's identity and an assessment whether the data is also fit for care purposes, is unacceptable.

A solution could be the explicit verification by a responsible physician to classify the information content of (a subset of) data in a research environment as 'accepted for care purposes' before being added (as a date-time stamped snapshot) to an electronic patient file.

If data has to be collected in the research environment for logistic or technical reasons, the data should only be allowed to return to the care domain under very stringent data quality conditions to be set forth explicitly in the research protocol and after explicit verification of the procedures and data by the responsible treating physician (or the Board of the Hospital).