RESUMEN
Objectives It is difficult to obtain longitudinal 'real world' data from ambulatory medical care in Germany in a systematic way. Our vision is a large German research data repository featuring representative, anonymized patient and outpatient health care data, longitudinal, continuously updated and across different providers, offering a perspective of linking secondary care data or additional data obtained from research cohorts, for example patient reported data or biodata, and will be accessible for other researchers. Here we report specific methods and results from the RADAR project.Methods Survey of legislation, design of technical processes and organisational solutions, with a feasibility study to evaluate technical and content functionality, acceptability and performance fitness for health services research questions.Results In 2016, a multi-disciplinary scientific team initiated the development of a privacy protection and IT security concept for data exported from the electronic medical records (EMR) of physicians' practices in line with the European General Data Protection Regulation. Technical and organisational requirements for lawful research infrastructure were developed and executed for use in a specific case, namely Ìoral anticoagulation'. In 7 Lower Saxonian general practices, 100 patients were selected by their physician and their data - reduced to 40 essential data fields - extracted from EMR via a mandatory software interface after informed consent. Still in the practice, the data were split into identifying or medical data. These were encrypted and transferred either to a trusted third party (TTP) or to a data repository, respectively. 75 patients who met our inclusion criteria (minimum of one year of oral anticoagulation treatment) received a quality-of-life questionnaire via the TTP. Of the 66 returns, 63 responses were then linked to the EMR data in the repository.Conclusion Results from RADAR project proved the technical and organisational feasibility of lawful, pseudonymised data acquisition and the linkage of questionnaires to EMR data. The protecting concepts privacy by design and data minimization (Art. 25 GDPR with Recital 78) were implemented. Without informed consent, secondary use of routine data from ambulatory care which are sufficiently anonymized but still meaningful is all but impossible under current German law.
Asunto(s)
Registros Electrónicos de Salud , Atención Primaria de Salud , Alemania , Investigación sobre Servicios de Salud , Humanos , PrivacidadRESUMEN
BACKGROUND: Routinely recorded data from everyday ambulatory medical care are urgently needed for health services and systems research, but this faces major limitations in Germany. In 2018, European General Data Protection Regulation (GDPR) and new German Federal Data Protection Act (FDPA) become effective. Via simulated real-life scenarios it may be possible to find out if access to and utilization of routine data for research becomes easier or faces additional obstacles. METHODS: General practitioners, information scientists, data trustees and privacy protection experts create concepts, processes and standards for lawful handling of routinely recorded data for secondary research and study their feasibility in 2 scenarios (anonymous and pseudonymous data utilization). From the point of view of technical assessment and privacy protection, technical and organizational obstacles are presented as well as the legal framework. RESULTS: Outdated software interface, insufficient maintenance by software vendors, burdens associated with organization and cost as well as poor IT standards place obstacles to systematic and longitudinal use of healthcare routine data. Future pan-European law for privacy protection will allow research utilization of ambulatory data in principle. However, there are persisting conflicts between individual (fundamental right of privacy protection) and public interests (research for quality and efficiency of public spending; European market's free exchange of goods and services). This becomes evident especially when using routine data via pseudonymization. DISCUSSION: Neither insurmountable hurdles by privacy protecting law nor a threat from Big Data are currently the major obstacles to secondary utilization of routine data but real-life problems at the technology and operational level. GDPR and FDPA that have become into effect in May 2018 have improved European legal unity and transparency of patients' interests. Tension between privacy protection of data on an identified or identifiable person and scientific utilization and exchange of such data in public interest necessitates additional legal clarification. One possible solution, an advanced and ready-to-use software interface, awaits implementation.