Security and Privacy

On this page you can read more about: 

• Data Privacy
• Data Access and Security
• Ethics Approval
• Researcher Training

The list is on this page is not exhaustive but gives an overview of how seriously data security and privacy is taken by researchers, health authorities and the government.

Data Privacy

We all have the right to keep information about our personal lives private.
Health authorities, governments and researchers take this issue very seriously.

Legal protection

Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. This long list of rules includes the requirement to handle data fairly, lawfully and transparently and in a way that ensures appropriate security.

There is even stronger legal protection for more sensitive information such as race, ethnic background, genetics, health etc. 

Research activities carried out by CoMorMent will comply with all relevant national and international legal and ethical principles. These include: 

• The EU Charter of Fundamental Rights.

• The Declaration of Helsinki developed for the medical community by the World Medical Association.

• GDPR (General Data Protection Regulation, EU 2016/679) on the processing and movement of personal data (Non-EU countries Iceland and Norway have implemented GDPR regulations). University of Oslo has appointed a Data Protection Officer to ensure GDPR is followed by the project. 

• The European Council Oviedo Convention for the Protection of Human Rights and Dignity of the Human Being with regard to the Application of Biology and Medicine: Convention on Human Rights and Biomedicine.

• The European Code of Conduct for Research Integrity (ALLEA).

Anonymised data

Researchers always receive information in the most anonymous (de-identified) way possible.
In most cases, this means that personal identifying information, such as address and date of birth, are removed before data is made available to researchers.

To distinguish one record (or person) from another, the researchers allocate a non-identifiable reference number (usually an arbitrary or randomised sequence of numbers or letters). 

Data linkage of anonymised data

Where different sources or types of data need to be linked together (e.g. health records and census records), this is done using a multi-step system (e.g. The Trusted Third Party system) which separates the identifying information from the actual data, and ensures no single organisation holds both parts of the puzzle.

In practical terms, this involves the creation of an anonymised ‘index’. This is the only stage at which personal identifying information is used.

Once the index has been created, other data controllers (e.g. researchers) can use it to trace and request specific records. This avoids the need to transfer any personal information between people/organisations.

Reducing the risk of identification

Researchers are trained to take great care of the data they are working with; even though they do not know to whom it belongs.

Nevertheless, despite our best efforts, there is always a risk that even anonymised data could lead to the identification of an individual (e.g. when we combine data about location and specific health conditions). However, several processes are in place to minimise this risk as far as possible.

These include:

• production of risk assessments which are reviewed by accredited organisations;
• double-checking of research outputs for disclosure risk, by non-research analysts (i.e. people not directly involved with the research).
• all researchers are trained to spot and report any instances where the risk to privacy might be increased.

Data Access and Security

Data security is an aspect of trust – will the person I give my data to keep it safe.
Even once data has been anonymised, researchers still have an obligation to keep it secure.

Most of the work within CoMorMent builds upon data from previous research studies.
All of these have been approved by the relevant bodies in their country of origin. 

Informed Consent

All volunteers taking part in research studies are given information about how their data and samples (including genetic information) may be used in the future. They are informed of: 

• the 'cost' to them (e.g. time, blood test),
• the potential benefits to research/healthcare (volunteers do NOT receive individualised feedback). 
• how their data will be stored; and how confidentiality and privacy will be maintained,
• how their data may be shared e.g. to research groups and industry all over the world (participants can opt-out of commercial use of their data if they wish).  
• Some studies ask their participants if they are willing to be recontacted in the future (e.g. to complete additional questionnaires or give additional samples). 
• Some studies ask for permission to follow the person's future health by accessing their routine health records. 

After being given an opportunity to ask questions, the participants are asked to sign a consent form. If there is any doubt about their ability to consent (e.g. mental capacity) the person is excluded from the study.  

Even years after the consent is given, if the volunteer decides to withdraw from the study, they can ask for their data to be destroyed or further anonymised (although this would only affect future work and not what has already been undertaken). 

All consent procedures must undergo checking and approval by ethics committees.  

Newborn blood Spots - an exception to informed consent

Newborn blood spots are used to screen infants for rare but serious health conditions. To take a blood spot, the infant's heel is pricked and a tiny drop of blood pressed onto filter paper. After being used for the routine screening tests, the cards are safely stored.
 

The Danish National Screening Biobank now holds samples representing 95% of the Danish population, born since 1981. Access to these blood samples and their links to health information in the nation-wide register systems are regulated by: 

• Danish laws on biobanks,
• patient rights,
• the use of personal data,
• Scientific-ethical committee system
• Data protection agency.

However, researchers have been granted an exemption from 'informed consent', as long as the samples are handled anonymously and personal information is carefully safeguarded, and not passed onto third parties. Researchers have also agreed not to make any attempt to trace or contact participants. 

With all of these caveats in place, these blood spots nevertheless represent an amazing resource for genetic and metabolic research, which could transform healthcare in the future. 

CoMorMent will access the minimum amount of genetic and health care data possible to complete our research. We will not have access to the blood spot samples themselves, nor to the full health record of any individual. 

How will CoMorMent Access data from each country?

CoMorMent will make use of the Tryggve infrastructure (https://neic.no/tryggve/) which allows us to perform fast and safe analysis of our large data sets, in a way that adheres to the highest and latest privacy and ethical requirements.

Our approach ensures that the data and information remain within their country of origin, while still allowing analysis and quality control to be done across borders.
(The researcher's computers are essentially 'windows' through which researchers can view but not extract data. This ensures that all data is kept secure).

The Tryggve-supported framework includes several functions and algorithms which secure privacy and patient anonymity, while allowing secure analysis of even sensitive samples and information. It also includes several systems to avoid and detect unwanted behaviour. 

NB: Tissue samples will not be exchanged as part of this project, only data.

Who can access the data?

Tryggve servers can only be accessed by registered users, using password-protected computers, that are situated in a designated (authorised) locations.

Access is strictly limited to the individual researcher named on the application, who must have undergone specific training in data privacy and security through accredited courses. 
No other researchers or staff can access the data, until it has been processed further or summarized in a way that reduces or removes the risk of re-identification.

Furthermore, before they are given access, the researcher must sign several legal agreements, detailing what they intend to do with the data. Any amendments or changes would require separate authorisation and approval, through the same strict channels as the initial application. 

Ethics Committee Approval

All of our research must be passed by ethics committee(s) before the work can begin.
They provide expertise and oversight on what constitutes ethical research and ensure that the proposed research studies meet the highest criteria.
This includes assessing the purpose of the research, and what kinds of data will be required to address this purpose.

The process begins with the researcher completing an application form and submitting it to the committee. Several rounds of questions, answers and edits often follow this, before approval is either granted or denied.

Ethics committees are entirely independent of the researchers, research managers and funders, which enables them to put participants at the centre of their review.  

Data Controller Approval

All research must also gain approval from the controllers (holders) of the requested data.

Data controllers are legally responsible for keeping their data safe and secure, so it is in their interest to assess proposals carefully.

This assessment is based upon

• the potential benefits of the research,
• any risks arising due to the type of data requested, or where and how the data will be accessed,
• the purpose behind the research

As gatekeepers, data controllers have the power to refuse to provide the requested data, if there is no benefit to the public or if the necessary safeguards have not been ensured.
They also have the authority to impose special conditions on how the research is done; for example, they might impose restrictions on what data can be released and where it can be analyzed.

Their key questions are:

• Would the public benefit from this research?
• Are there adequate processes in place to protect the privacy and identity of the participants?
• Does the potential benefits outweigh the potential risks?

Researcher Training

All researchers who access health data must undergo training to teach them about data security, data ethics and confidentiality.

They must also sign a series of legal documents, stating that they are fully aware of the policies and procedures governing individual privacy, data protection (see above) and freedom of information.

The exact set of courses each researcher must attend depends on:

• how sensitive the data is;
• the specific requirements of the organisation which is sharing it.

CoMorMent has a work-package dedicated to Ethics, who will ensure that all project partners are aware of their responsibilies and are adhering to best practice.