In this interview with MEDICA.de, Prof Klaus Pommerening talks about guidelines on data protection concepts in research, establishing a data protection concept and the (non-) anonymization of patient data.
Prof Pommerening, how is data protection in medical research actually regulated? Are there laws, standards or norms?
Prof. Klaus Pommerening: The legislative body here in Germany only requires us to adhere to the general data protection laws. Of course, doctor-patient confidentiality as it pertains to treatment data also applies. In addition, there is a statement issued by the German Ethics Council on the work of biobanks, which was also carried over to research outside of biobanks at some point. However, there is no legal recourse for this statement.
In terms of standards, the TMF has issued guidelines on data protection for medical research projects in early 2014. It contains best practice recommendations you can implement yourself. The guidelines stand in the tradition of a previous project called "Generic Data Protection Concepts for Medical Research Networks".
How about internationally?
Pommerening: There are no guidelines as such in the respective countries as far as I can tell from several international projects we participated in. Of course, there are also expert opinions that veer in this direction, but there are no best practice documents. However, data protection laws are largely consistent in Europe to where the situation is essentially similar in the other European countries.
How does anonymization of patient data actually work?
Pommerening: Generally, you delete all personally identifiable information for a patient from the medical information system, which includes the name, address and case number. Simply anything, that points directly to the party involved. Yet this is just the first step since you can still identify a patient from the remaining data.
You could identify someone based on a combination of certain characteristics. Effective anonymization tools check how these characteristics can be coarsened, summarized and categorized. They do everything that makes the re-identification of a patient difficult. However, a complete anonymization and prevention of re-identification attempts, as outlined in the data protection laws, is hardly feasible in medicine. The data can subsequently no longer be used or analyzed. This is only possible with very general statistics, not with detailed studies.
This is ultimately also the TMF's position: usable data can never be anonymized to where you could make it "publically available". You always have to implement use restrictions, regardless of how you actually plan to enforce them.
Where is data protection headed in your opinion? What trends do you see?
Pommerening: More and more data is being generated and stored. Firstly, people are more willing to disclose their information, for instance in social networks. Of course, it is difficult for us to control this. Secondly, tracker and wearable devices, ambient assistant living tools or other assistance systems also provide data without our help. People and their health status are monitored in the case of assisted living for instance. This makes sense by itself, but detailed data is being recorded throughout the entire day.
A third problem is that personalized medicine creates and uses genomic data that has a high risk of patients being re-identified.
At the very least, these three trends render data protection ever more complex. This also makes the issue of the impossibility of data anonymization more and more important and urgent, but also harder to solve.