A recent Irish Times article highlighted the ongoing debate on how medical research should deal with data protection and the issues arising from obtaining and maintaining the consent of the original subject. Medical and scientific researchers are closely watching the new EU General Data Protection Regulation (GDPR) and what it might mean for them and their work after it takes effect next May. Concerns are evolving too in light of new models for funding research, such as venture capital-backed projects where highly sensitive data used for research, and effectively a permanent record, may ultimately end up being used by or sold for profit to companies or other third parties anywhere in the world.
At a recent event in Dublin, the Irish Platform for Patients’ Organisations, Science and Industry (IPPOSI) explored the concerns about data protection, consent and the forthcoming regulation. IPPOSI chief executive Dr Derick Mitchell told the event: “Patients are aware that the altruistic benefit of being involved in research far outweighs the risks, but they do expect that they will be consulted on the use of their data.” He said empowerment of the data owner was fundamental to the forthcoming changes in the law, and the event explored a model of so-called “dynamic consent” to allow people consent to have their data used for research, possibly allowing “broad consent” at the outset and opt-outs at a later stage where they did not agree to new uses. Dr Mitchell said a national response was required to GDPR and not just for health research. “I think the real crux is the code of conduct and each institution in effect will have to develop their own code of conduct as to how they approach data protection from the beginning of projects rather than having it as a kind of tick-box exercise at the end of a project,” he said
So how can we find a balance between conducting much needed medical research and protecting the privacy rights of the patients? The GDPR strongly encourages the use of data protection safeguards such as pseudonymisation. Data pseudonymisation is a process in which personal identifiers are replaced with pseudonyms enabling organisations to keep a dataset as close to the original content as possible that they can use for legitimate business purposes whilst protecting the anonymity of the data subject.
Whilst pseudonymised data is still deemed personal data due to the fact that it can potentially be reversed, the level of difficulty with regards to the re-identification process is taken into account in the case of a breach. Pseudonymisation needs to run off complex algorithms that make any attempts at re-identification as difficult as possible. There has been widespread talk about criminalising any attempts to de-pseudonymise data with the UK looking to pass a bill to this effect as reported by the Guardian.
There are two types of pseudonymisation techniques that are typically used, random replacement and consistent replacement:
- Random replacements: For e.g. John Smith gets randomly replaced with another name, but each time John Smith goes through the pseudonymisation process the replacement names will vary.
- Consistent replacements: For e.g. John Smith gets replaced with the same replacement name each time thus enabling analysis of this individual over time but without revealing their identity.
Both the Random and Consistent replacements can have statistical distribution applied to them ensuring the replacements are of similar statistical value to the original data, therefore making any re-identification more difficult. Rounding numbers to the nearest ‘X’ value and capping them at ‘Y’ prevents for e.g. being able to trace the age back to a specific individual. For instance, if there was only one patient over the age of 90, then the age alone could potentially identify that individual.
Under GDPR, it is essential to restrict access to personal data especially if it is not required for a specific legitimate business purpose and if it is not aligned with the consent of the data subject. The application of appropriate pseudonymisation techniques such as using consistent replacement with statistical distribution for the names so that every entry for John Smith is automatically replaced with Joe Bloggs would allow research into a person’s medical history whilst protecting their anonymity.
While pseudonymisation might not solve all the problems, it should certainly solve some and help to bring more balance to this equation.
If you would like to learn more about Wizuda’s pseudonymisation feature, please contact us today at www.wizuda.com.