How the new European data protection regulation affects clinical research and recommendations?

Abstract: Clinical research on human subjects or their data is confronted with conflicting requirements with, on the one hand, the principle of open science (transparency and data sharing), the possibilities offered by big data and the reuse of healthcare or research data, and on the other, changes to the regulatory and legislative framework, including the general data protection regulation (GDPR).A roundtable was organized in Giens, France in October 2018 to identify problem areas, the need for clarification and stream… Show more

“…Dean F. Sittig and Hardeep Singh [9] proposed a four steps socio-technical approach that organizations can undertake to secure an electronic health record system: (1) To ensure adequate system protection by correctly installing and configuring computers and networks (2) To ensure more reliable system defense by implementing user focused strategies (3) To ensure a comprehensive system monitoring of suspicious activities, and (4) To respond, to recover, to investigate, and to learn from ransomware attacks. For practical implementation, we recommend: (1) to plan seasonal assessments of information security management systems and to try to meet the international standards for information security with long-term and comprehensive perspectives as recommended by W.-S. Park at al [10], (2) to reduce the end point complexity (due to a technology saturated environment) and improving internal stakeholder alignment as recommended by M.S. Jalali, and J.P. Kaiser [11].…”

“…Although the consequences of GDPR have been widely discussed, the violations have not been described in medical literature. Since May 2018, the GDPR provides the mandatory legal framework for all data processing including European citizens' personal data [1]. National authorities across the European Union can sanction any company or administration performing non-conform data processing regarding to the GDPR.…”

Description of Data Breaches Notifications in France and Lessons Learned for the Healthcare Stakeholders

“…Dean F. Sittig and Hardeep Singh [9] proposed a four steps socio-technical approach that organizations can undertake to secure an electronic health record system: (1) To ensure adequate system protection by correctly installing and configuring computers and networks (2) To ensure more reliable system defense by implementing user focused strategies (3) To ensure a comprehensive system monitoring of suspicious activities, and (4) To respond, to recover, to investigate, and to learn from ransomware attacks. For practical implementation, we recommend: (1) to plan seasonal assessments of information security management systems and to try to meet the international standards for information security with long-term and comprehensive perspectives as recommended by W.-S. Park at al [10], (2) to reduce the end point complexity (due to a technology saturated environment) and improving internal stakeholder alignment as recommended by M.S. Jalali, and J.P. Kaiser [11].…”

“…Although the consequences of GDPR have been widely discussed, the violations have not been described in medical literature. Since May 2018, the GDPR provides the mandatory legal framework for all data processing including European citizens' personal data [1]. National authorities across the European Union can sanction any company or administration performing non-conform data processing regarding to the GDPR.…”

Description of Data Breaches Notifications in France and Lessons Learned for the Healthcare Stakeholders

“…Nous pensons qu'il est temps de réunir les principaux financeurs et acteurs de la recherche clinique française pour définir d'une politique efficiente de partage, concrète, réfléchie et de mettre en place une évaluation des bénéfices apportées par ces politiques. Une telle politique de partage devra bien entendu prendre en compte la réglementation française relative à la protection des données et le règlement général sur la protection des données [18]. Elle devra aussi prendre en compte le positionnement des patients inclus dans les études pour lequels les attitudes vis-à-vis du partage sont positives [19].…”

Les politiques de partage de données des financeurs d’essais cliniques en France

“…18 Similarly, the European Union’s recently enacted general data protection regulation is raising questions about data access, use, and sharing policies across the world. 19–21 Thus, while public sharing of data is highly desirable as it is a means to support important medical advances, it cannot be universally recommended or required.…”

Pragmatic considerations for fostering reproducible research in artificial intelligence