Anonymous data means data with no risk of re-identification by applying adequate safeguards. De-identified data means that direct or indirect identifiers (i.e. pseudonym) have been removed. Thus, the risk of re-identification is residual. Accordingly, pseudonymised personal data held in RADeep will be processed in a manner that only anonymous or de-identified data will be transferred to researchers or other third parties (patients' associations, policy makers, industry) in order to contribute to projects whose objectives are directly connected to improve healthcare provision to individuals living with a rare anaemia disorder, thus connected to RADeep's aims. third parties will never have access to the information that may directly lead to patients' identification and will be requested to sign an agreement including clauses to legally ban a) any attempt to re-identification, including merging RADeep's data to other sources of data and b) attempt to directly contact the patients.
In agreement with RADeep Principle: "to maximize public benefit from data on RAs opened-up through the platform with the only restriction needed to guarantee patient's rights and confidentially in agreement with EU regulations for cross-border sharing of clinical data", a legal frame for secure sharing and re-use of data on patients affected by RAD enabling both entering certified medical data from available sources and re-use of data with third parties, namely medical community, research community, patients and industry has been established from the outset.
RADeep Policy enables participating stakeholders to comply with all legal and ethical considerations that apply to the processing and use of sensitive, personal information and health data in line with the General Data Protection Regulation (GDPR).
Third parties interested in accessing data held by RADeep will be required to submit an application that details the scientific merit of the project for which the data is needed. Requests are reviewed by a Data Access Committee composed by both health professionals and patients' representatives that ensures that the request aligns with the purpose of RADeep and Policy. Personal details about the researchers are also reviewed to ensure they are suitably qualified and have a track record of integrity as researchers in this area.
Researchers may come from both public and private institutions in any country, including countries without the requirements foreseen in the European legislation in terms of data protection. However, all researchers and institutions will be required to sign legal agreements respecting the EU legislation and committing them to use the data only for the purpose intended and authorised.
In the GDPR context, VHIR/HUVH is designated as the platform controller. An agreement will be signed with CING as processor. More information on the coordinating institutions and roles are available at committee section.
The following diagram summarizes the pathways for RADeep data entry, data processing and data request. RADeep policy and agreements are currently under revision and will be available soon.