Data protection in grid-based multicentric clinical trials: killjoy or confidence-building measure?

Abstract: In order to protect the privacy of participating patients in multicentric genetic research projects and to improve the working conditions for researchers in such projects a data protection framework needs to be installed. In the first place, all genetic data processed in the project has to be pseudonymized. In addition to that, contracts have to be concluded between the project and each project partner to guarantee that genetic data are used only within the project and that each partner complies with data secu… Show more

“…The main difference between clouds and VOs used in ACD is that the VO has full control of where data are stored and the processes that access these data whereas within the VO, in a cloud environment, the service and data maintenance are provided by third party vendors, potentially leaving the client ignorant of where the processes are running or even where the data reside. The location of data storage is very important so that applicable laws and regulations governing the data are identified [4]. Only recently, Amazon and Microsoft started offering data storage guaranteed to be in Europe to address the legal aspect.…”

“…There are several pieces of legislation such as the UK Data Protection Act, the EU Data Protection Directive and the US Health Insurance Portability and Accountability Act (HIPAA) that make it a legal requirement for VPH partners to collect, hold and process patient data in a secure way [4]. Security is also needed to protect VPH projects from the consequences of unauthorized disclosure of medical information including negative publicity, legal liabilities and fines; and from unauthorized modification of patient data used in VPH project environments, which may lead to incorrect patient treatment and result in a loss of life or identity theft, itself currently creating considerable concern.…”

Audited credential delegation: a usable security solution for the virtual physiological human toolkit

“…The main difference between clouds and VOs used in ACD is that the VO has full control of where data are stored and the processes that access these data whereas within the VO, in a cloud environment, the service and data maintenance are provided by third party vendors, potentially leaving the client ignorant of where the processes are running or even where the data reside. The location of data storage is very important so that applicable laws and regulations governing the data are identified [4]. Only recently, Amazon and Microsoft started offering data storage guaranteed to be in Europe to address the legal aspect.…”

“…There are several pieces of legislation such as the UK Data Protection Act, the EU Data Protection Directive and the US Health Insurance Portability and Accountability Act (HIPAA) that make it a legal requirement for VPH partners to collect, hold and process patient data in a secure way [4]. Security is also needed to protect VPH projects from the consequences of unauthorized disclosure of medical information including negative publicity, legal liabilities and fines; and from unauthorized modification of patient data used in VPH project environments, which may lead to incorrect patient treatment and result in a loss of life or identity theft, itself currently creating considerable concern.…”

Audited credential delegation: a usable security solution for the virtual physiological human toolkit

Legal and ethical issues in integrating and sharing databases for translational medical research within the EU