Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Short description 

‘A great quote’ (source)

Obtaining patients’ informed consent for collecting their data for scientific purposes is usually required [De novo]. Furthermore, patient consent may be necessary for archiving and sharing [uu_consent] and linkage with e.g. external registries. Furthermore, consent information is necessary for the data to be machine-actionable, as without such data a computer cannot know whether it is allowed to use the data [FAIR]. 

A general informed consent form may be available, but a local Institutional Ethical Review Board may demand changes after reviewing. It is crucial that essential data sharing aspects are explicitly handled in the informed consent form [De Novo]. The consent information should be made available as metadata.  

[uu_consent] https://www.uu.nl/en/research/research-data-management/guides/informed-consent-for-data-sharing 

SdR: The step is call Obtain informed consent. Can you “obtain” IC with an opt-out model?

https://elsi.health-ri.nl/sites/elsi/files/2020-10/Best practices%2C opt-in aan de poort voor nader gebruik - ELSI Servicedesk 20191029.pdf

Do we want to mention things like dynamic IC, electronic IC, Toestemming aan de poort?

Does a PIF also contain information about data collection / how data will be used? Or is the PIF only medical?

Why is this step important 

A properly designed informed consent is crucial for data reuse. Without it, archiving, sharing, etc may not be possible. 

How to 

[Sander]

Question: what is specific information that should be in your IC to accomodate for FAIR data and its further usage. IC information concerning secondary use of data / materials, potential data linkage to external registries (e.g. PALGA, IKNL)?

Step-wise how about something like:

...

Check your institute for an IC template

...

Check whether it allows for “whatever it is we need for making this data FAIR and its sharing”

  1. I know there are factors which depend on the study, like e.g. linkage with PALGA, IKNL, etc.

  2. Does this depend on FAIR Objectives? Does “I want to publish the study in the HRI Catalogue” require something different in an IC than “I want to use a patient’s data for federated querying?”

    1. The first doesn’t require anything special in the IC I think? Only when the data owner actually wants to share your data does the IC become relevant?

    2. Is “sharing” by sending someone the data and “sharing via federated querying” different?

      1. If federated querying is anonymous by default, since the data never leaves a center, does IC about sharing the data still matter?

...

Make sure the necessary lines are in the IC

...

[Miriem]

IC (Informed Consent):  

Informed consent is a process by which a patient or research participant is fully informed about the nature, purpose, risks, and potential benefits of a study or treatment. It ensures that individuals agree to participate voluntarily, with a full understanding of what their involvement entails. In the context of health data, informed consent is also vital for GDPR compliance, as processing personal data (especially sensitive health data) often requires explicit consent from the data subject.  

Obtaining patients’ informed consent for collecting their data for scientific purposes is usually required [De novo]. Furthermore, patient consent may be necessary for archiving and sharing [uu_consent] and linkage with e.g. external registries.  

When sharing or linking health data with external registries (e.g., disease-specific databases, national health registries, or international research databases), the informed consent process must clearly define: 

  • What data will be shared or linked: The type and nature of the health data (e.g., genetic data, medical history, treatment outcomes) that will be shared or linked with external registries. 

  • Who the data will be shared with: This includes identifying the external registries, research institutions, or third parties that will have access to the data. 

  • Purpose of data sharing/linking: The consent form should explicitly state the research purposes for which the data will be shared, such as epidemiological research, clinical studies, or public health monitoring. 

  • Data security and anonymization/pseudonymization: Participants should be informed about how their data will be protected, whether the data will be anonymized or pseudonymized, and what security measures are in place during data sharing. 

Furthermore, consent information is necessary for the data to be machine-actionable, as without such data a computer cannot know whether it is allowed to use the data [FAIR].  

A general informed consent form may beis available on the website of the CCMO, but a local Institutional Ethical Review Board may demand changes after reviewing. and assesses whether the IC aligns with ethical standards, legal requirements and takes considerations into account such as age. This is important because: 

  • It ensures that the consent form is written in a way that participants in that particular region can understand.  

  • The local committee will assess whether the consent form adequately explains the data processing activities, the purpose of data collection, and participants' rights (e.g., the right to withdraw consent). 

  • The committee ensures that the study adheres to local regulations regarding the use of personal and sensitive health data. 


It is crucial that essential data sharing aspects are explicitly handled in the informed consent form [De Novo]. The consent information should be made available as metadata.   

[uu_consent] https://www.uu.nl/en/research/research-data-management/guides/informed-consent-for-data-sharing  

Obtaining patients’ informed consent for collecting their data for scientific purposes is usually required [De novo]. Furthermore, patient consent may be necessary for archiving and sharing [uu_consent] and linkage with e.g. external registries. Furthermore, consent information is necessary for the data to be machine-actionable, as without such data a computer cannot know whether it is allowed to use the data [FAIR]. 

A general informed consent form may be available, but a local Institutional Ethical Review Board may demand changes after reviewing. It is crucial that essential data sharing aspects are explicitly handled in the informed consent form [De Novo]. The consent information should be made available as metadata.  

[uu_consent] https://www.uu.nl/en/research/research-data-management/guides/informed-consent-for-data-sharing 

SdR: The step is call Obtain informed consent. Can you “obtain” IC with an opt-out model?

https://elsi.health-ri.nl/sites/elsi/files/2020-10/Best practices%2C opt-in aan de poort voor nader gebruik - ELSI Servicedesk 20191029.pdf

Do we want to mention things like dynamic IC, electronic IC, Toestemming aan de poort?

Does a PIF also contain information about data collection / how data will be used? Or is the PIF only medical?

Why is this step important 

A properly designed informed consent is crucial for data reuse. Without it, archiving, sharing, etc may not be possible. 

[Miriem]

A properly designed informed consent is crucial for data reuse. Without it, archiving, sharing, etc may not be possible.  

To accommodate FAIR data principles (Findable, Accessible, Interoperable, and Reusable) in the Informed Consent (IC) for health research data, the IC must include specific information that addresses not only the immediate use of the data but also its potential future uses in a way that aligns with GDPR requirements. The FAIR principles encourage making data more useful for both immediate research purposes and future secondary purposes (like replication, validation, or meta-analysis), while still protecting participants' privacy and rights. 

  • Current Research Purpose: The IC should clearly explain the primary purpose for which the health data is being collected (e.g., a specific clinical study, disease research, or a longitudinal health survey). 

  • Potential Future Use: To align with the FAIR principles, the IC should also mention the possibility that the data may be used for future research purposes, which may not yet be fully known at the time of data collection. However, the scope of future research should be described as broadly but as clearly as possible, respecting GDPR’s transparency principle. 

  • FAIR Data Goals: The IC should include a statement that aligns with the goals of FAIR data, explaining that the data will be made findable, accessible, interoperable, and reusable by other researchers and stakeholders in the scientific community. 

  • Data Registries or Repositories: If applicable, the IC should state that the data will be deposited into data repositories or registries that adhere to FAIR principles, allowing it to be discoverable and reusable by others. 

  • Who Will Access the Data: Provide clarity on who will be allowed to access the data. This includes mentioning both internal and external researchers and potential data-sharing partnerships. 

  • Controlled vs. Open Access: Explain whether the data will be made available via open access (where anyone can access the data) or via controlled access (where only approved researchers or organizations can access it). 

  • Cross-border Data Transfers: If the data may be shared internationally, the IC must comply with GDPR’s rules on cross-border data transfers. Explain if the data will be shared with researchers outside the EU and what safeguards are in place to protect the data in international transfers. 

How to 

Opt-in, opt-out? What about the PIF?

[Miriem]

Zoals net besproken zou het ook interessant zijn om te kijken naar

  • Welk type consent heb ik nodig:

    • Prospectief onderzoek: expliciet informed consent

    • Retrospectief:

      • opt-in of opt-out consent: wat is het verschil en wanneer pas je welke toe?

      • Expliciet consent wanneer je de retrospectieve data ook weer opnieuw zou willen gebruiken of beschikbaar willen stellen: voor hergebruik moet expliciet consent zijn gegeven.

  • Vraag bij de METC welke templates van informed consent worden geaccepteerd. Een ethische commissie mag geen adviezen geven, maar alleen beoordelen of een informed consent voldoet aan alle wettelijke eisen en verplichtingen.

  • Stel bij Privacy (functionaris gegevensbescherming of privacy officer) vragen over eventuele aanpassingen of toevoegingen van het informed consent.

    • Zijn er standaardzinnen of paragrafen die je per onderwerp zou kunnen toevoegen aan een ICF-template?

      • Toevoegingen over het koppelen van data aan externe registries

      • Toevoegingen over samenwerkingen met externe partijen, bijvoorbeeld voor opschoning en analyses van de data

[Sander / Miriem]

Question: what is specific information that should be in your IC to accomodate for FAIR data and its further usage. IC information concerning secondary use of data / materials, potential data linkage to external registries (e.g. PALGA, IKNL)?  

Step-wise how about something like:  

  1. Check your institute for an IC template 

    1. Miriem: Zou hier niet ook verwezen moeten worden naar de CCMO templates: Subject information, informed consent and informed consent procedure | Onderzoekers | Centrale Commissie Mensgebonden Onderzoek (ccmo.nl)

  2. Check whether it allows for “whatever it is we need for making this data FAIR and its sharing”  

    1. I know there are factors which depend on the study, like e.g. linkage with PALGA, IKNL, etc. 

    2. Does this depend on FAIR Objectives? Does “I want to publish the study in the HRI Catalogue” require something different in an IC than “I want to use a patient’s data for federated querying?” 

      1. Miriem: Meestal moet er voor gezondheidsdata een data sharing agreement opgezet worden. Binnen het informed consent wordt de context van de dataverzameling beschreven en mag data binnen eenzelfde context gedeeld worden (indien er toestemming is gegeven voor data delen). Dit betekent dat er voor iedere data aanvraag gecontroleerd moet worden of de doelen voor het gebruik overeenkomen met de doelen die beschreven staan in het informed consent.

        Het is nog wel een idee om hier iemand met kennis van wetgeving naar te laten kijken.

      2. Sander: The first, I want to publish the study in the HRI Catalogue, doesn’t require anything special in the IC I think? Only when the data owner actually wants to share your data does the IC become relevant? 

        1. Meriem: De metadata over welke gegevens er zijn verzameld mogen vrij gedeeld worden (tenzij dit mogelijk valt onder geheimhouding vanwege mogelijke patenten oid). Maar ook hier zou ik iemand met meer kennis over het opzetten van (DSA) contracten naar laten kijken. Zij kunnen misschien meer toevoegen over de uitzonderingen.

      3. Sander: Is “sharing” by sending someone the data and “sharing via federated querying” different? If federated querying is anonymous by default, since the data never leaves a center, does IC about sharing the data still matter? 

        1. Meriem: Ik weet niet of federated querying by default anoniem is. Volgens mij kan deze data nog steeds gepseudonimiseerd zijn. Daarom moet er nog steeds een goede infrastructuur worden opgezet waarbij de bescherming van persoonsgegevens gewaarborgd kan worden.

      4. Federated querying is a method of querying and accessing distributed datasets without physically centralizing the data. In the healthcare context, federated querying allows researchers, clinicians, or data scientists to access and analyze health data across multiple systems (e.g., hospitals, research institutions) without transferring sensitive patient data to a central location. 
        When sharing or accessing health data via federated querying, compliance with the GDPR is crucial, particularly because health data is classified as special category data under Article 9 of the GDPR. Health data includes information such as medical history, diagnosis, treatment, and genetic data. Key GDPR principles relevant to federated querying include: 

        1. Lawfulness, Fairness, and Transparency 

          1. Lawful Basis for Processing: You must have a lawful basis to access or share health data, such as explicit consent from the data subject, or processing for research purposes under Article 9(2)(j). 

          2. Transparency: Data subjects must be informed about how their data is used, even if it’s queried remotely. Transparent data-sharing policies and consent mechanisms are essential. 

        2. Data Minimization and Purpose Limitation 

          1. Minimization: The GDPR requires that only the data necessary for the specific purpose is accessed or processed. In federated querying, this means limiting access to the minimum amount of data required to answer the query. 

          2. Purpose Limitation: Health data accessed through federated queries must only be used for the specific purpose (e.g., research) for which it was originally collected, and not for secondary purposes unless additional consent is obtained or a legal basis exists. 

        3. Data Security and Confidentiality 

          1. Security of Processing: Federated querying must implement robust technical and organizational measures to secure health data. This includes encryption, anonymization, pseudonymization, and access controls to prevent unauthorized access. 

          2. Data Localization: Since data remains on local servers, federated systems reduce the risks associated with transferring health data, but the data controllers (entities holding the data) must ensure secure query execution and auditability. 

        4. Accountability and Governance 

          1. Data Controllers and Processors: Each institution participating in a federated querying system is likely to act as a data controller, responsible for ensuring GDPR compliance. Federated systems often require detailed Data Processing Agreements (DPAs) between the entities to govern how data is accessed and used. 

          2. Data Protection Impact Assessments (DPIAs): If federated querying involves high-risk processing of health data, organizations may need to conduct a DPIA to assess risks and ensure GDPR compliance. 

  3. Make sure the necessary lines are in the IC 

  4. Get the IC approved 

[ELSI Servicedesk]

Hoi Sander,

Bij deze een antwoord op je vraag aan de ELSI Servicedesk, Susanne heeft een aantal dingen op een rij gezet. Er zijn zeker standaardzinnen of ‘best practices’ beschikbaar. Voor WMO-studies volgen onderzoekers natuurlijk de standaard PIF van de CCMO. In die zin zou je dan ook van ‘goedgekeurd’ kunnen spreken. Hierin wordt onderscheid gemaakt tussen materiaal en data.

image-20241003-072026.pngImage Added

Uiteraard moet de vraag voorafgegaan worden aan de passende informatie in de folder zelf. Uitgangspunt hierbij is dat de onderzoeker duidelijk aangeeft voor welk doel of welke doelen de data/materialen hergebruikt mogen worden. Dit mag breder zijn dan het oorspronkelijke doel van de studie, maar niet te breed. Doelen in de lijn van ‘onderzoek naar kanker’ of ‘onderzoek naar gezond ouder worden’ worden meestal als passend gezien.

Voor koppelen met de CBS doodsoorzakenstatistiek staat in de comments nog dit:

...

De meest up-to-date formulering vind je hier op de CBS-website.

In het implementatieproject gedragscode hebben we gewerkt aan een standaard alinea plus vraag over hergebruik. Je ziet dat de vraag wel gebaseerd is op die van de CCMO, maar materiaal en data worden in 1 vraag opgenomen. Deze tekst vind je hier.
Meer informatie staat hier

Binnenkort verschijnt op de ELSI Servicedesk de standaard PIF die otwikkeld is in het project ‘wederzijdse erkenning’ van de NFU. Hier zit ook een hergebruikvraag bij (en meer, ook bv koppelen) voor biobanken. En in het project implementatie nWMO toetsingskader (getrokken door Elyse) wordt ook gewerkt aan een standaard PIF, maar daar moet nog mee gestart worden.

Susanne zegt: ik ben zelf van harte bereid om deze pagina voor jullie te reviewen. Hergebruik aan de voorkant goed regelen is zeg maar mijn ding ;). Je voorkomt er achteraf een hoop gedoe mee. Tegelijkertijd vind ik het ook heel belangrijk om patienten niet onnodig 10 toestemmingsvragen te stellen. Als een onderdeel (bv koppelen, organoids) een inherent onderdeel van een project is, hoort het allemaal in de hoofd-toestemmingsvraag.

Multi-center IC?

FAIRopoly 

...