Privacy by design and data minimisation in RADAR project.

Johannes Hauswaldt

Keywords: Privacy protection, data security, primary care practice, electronic medical records, secondary research

Primary care practice (PCP) teams‘ inclusion into research at microlevel demands building and maintaining a complex research infrastructure. Privacy protection and data security have to be considered and incorporated from starting point when using PCP’s computerised medical records (EMR).

Research questions:
Which concepts for privacy protection have been realised during the RADAR project, and which are to be kept or extended in future practice based research networks?

Concept analysis and artifact evaluation.

The multiprofessional RADAR project team generated and followed a comprehensive privacy protection and IT-security concept. It named responsible controllers and time limits for data storage. Of four different data access models, restricted access was realised in RADAR project, but in future may be replaced by controlled access. Privacy by design as a concept was included into RADAR project‘s conceptualisation right from the beginning, and its 7 foundational aspects can be recognised.
Recommended de-identification of EMR was followed in a multi-level single-use pseudonymisation scenario. Still in practice, we decoupled health data from corresponding patient-identifying information by splitting EMR data into IDAT (identifying) and MDAT (medical). Re-identification attacks, by attribution, inference or aggregation, have not been observed in RADAR project. Data when transferred always was encrypted. Present legal conditions impede realising factual anonymisation.
Data minimisation was realised, together with purpose and storage limitation. For data minimisation we confined EMR data extraction to 40 predefined data fields from a small number of consenting use case patients. These 40 variables were arranged into 11 semantic groups and correlated with the core data set of medical informatics initiative.

Privacy by design and data minimisation concepts are incorporated into RADAR project and thus made it feasible in Germany.
Future efforts are needed into building and maintaining a strong and transparent legal, ethical, governance and data security framework for PCP teams‘ inclusion into research.

Points for discussion:
Which additional elements or aspects of privacy protection for those involved do you suggest?

Do you know blueprints or best practice examples for a legal, ethical, governance and data security framework, for PCP teams‘ inclusion into research?

Which technical or organisational solutions are especially favourable for privacy protection in secondary data analysis?